static int verify_command(char *data, char *digest, char *queryfile,
char *in, int token_in,
char *ca_path, char *ca_file, char *untrusted)
{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
TS_RESP *response = NULL;
TS_VERIFY_CTX *verify_ctx = NULL;
int ret = 0;
/* Decode the token (PKCS7) or response (TS_RESP) files. */
if (!(in_bio = BIO_new_file(in, "rb"))) goto end;
if (token_in)
{
if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
}
else
{
if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) goto end;
}
if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
ca_path, ca_file, untrusted)))
goto end;
/* Checking the token or response against the request. */
ret = token_in ?
TS_RESP_verify_token(verify_ctx, token) :
TS_RESP_verify_response(verify_ctx, response);
end:
printf("Verification: ");
if (ret)
printf("OK\n");
else
{
printf("FAILED\n");
/* Print errors, if there are any. */
ERR_print_errors(bio_err);
}
/* Clean up. */
BIO_free_all(in_bio);
PKCS7_free(token);
TS_RESP_free(response);
TS_VERIFY_CTX_free(verify_ctx);
return ret;
}
static int verify_command(char *data, char *digest, char *queryfile,
char *in, int token_in,
char *CApath, char *CAfile, char *untrusted,
X509_VERIFY_PARAM *vpm)
{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
TS_RESP *response = NULL;
TS_VERIFY_CTX *verify_ctx = NULL;
int ret = 0;
if ((in_bio = BIO_new_file(in, "rb")) == NULL)
goto end;
if (token_in) {
if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
goto end;
} else {
if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL)
goto end;
}
if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
CApath, CAfile, untrusted,
vpm)) == NULL)
goto end;
ret = token_in
? TS_RESP_verify_token(verify_ctx, token)
: TS_RESP_verify_response(verify_ctx, response);
end:
printf("Verification: ");
if (ret)
printf("OK\n");
else {
printf("FAILED\n");
ERR_print_errors(bio_err);
}
BIO_free_all(in_bio);
PKCS7_free(token);
TS_RESP_free(response);
TS_VERIFY_CTX_free(verify_ctx);
return ret;
}