openssl/demos/smime/smver.c

/*
 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>

int main(int argc, char **argv)
{
    BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
    X509_STORE *st = NULL;
    X509 *cacert = NULL;
    PKCS7 *p7 = NULL;
    int ret = EXIT_FAILURE;

    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();

    /* Set up trusted CA certificate store */

    st = X509_STORE_new();
    if (st == NULL)
        goto err;

    /* Read in signer certificate and private key */
    tbio = BIO_new_file("cacert.pem", "r");

    if (tbio == NULL)
        goto err;

    cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);

    if (cacert == NULL)
        goto err;

    if (!X509_STORE_add_cert(st, cacert))
        goto err;

    /* Open content being signed */

    in = BIO_new_file("smout.txt", "r");

    if (in == NULL)
        goto err;

    /* Sign content */
    p7 = SMIME_read_PKCS7(in, &cont);

    if (p7 == NULL)
        goto err;

    /* File to output verified content to */
    out = BIO_new_file("smver.txt", "w");
    if (out == NULL)
        goto err;

    if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) {
        fprintf(stderr, "Verification Failure\n");
        goto err;
    }

    printf("Verification Successful\n");

    ret = EXIT_SUCCESS;
 err:
    if (ret != EXIT_SUCCESS) {
        fprintf(stderr, "Error Verifying Data\n");
        ERR_print_errors_fp(stderr);
    }

    X509_STORE_free(st);
    PKCS7_free(p7);
    X509_free(cacert);
    BIO_free(in);
    BIO_free(out);
    BIO_free(tbio);
    return ret;
}
Consolidate copyright for demos Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 21:16:36 +08:00			`/*`
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 2023-09-07 16:59:15 +08:00			`* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.`
Consolidate copyright for demos Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 21:16:36 +08:00			`*`
Following the license change, modify the boilerplates in demos/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7834) 2018-12-06 21:08:15 +08:00			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
Consolidate copyright for demos Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 21:16:36 +08:00			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
			`*/`

Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`/* Simple S/MIME verification example */`
			`#include <openssl/pem.h>`
			`#include <openssl/pkcs7.h>`
			`#include <openssl/err.h>`

			`int main(int argc, char **argv)`
			`{`
			`BIO in = NULL, out = NULL, tbio = NULL, cont = NULL;`
			`X509_STORE *st = NULL;`
			`X509 *cacert = NULL;`
			`PKCS7 *p7 = NULL;`
Fixup demo exit status magic numbers The demo code is quite often block copied for new demos, so this PR changes demos to use EXIT_SUCCESS & EXIT_FAILURE instead of using 0 and 1. Internal functions use the normal notation of 0 = error, 1 = success, but the value returned by main() must use EXIT_SUCCESS and EXIT_FAILURE. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20545) 2023-03-20 12:48:33 +08:00			`int ret = EXIT_FAILURE;`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00
			`OpenSSL_add_all_algorithms();`
			`ERR_load_crypto_strings();`

			`/* Set up trusted CA certificate store */`

			`st = X509_STORE_new();`
X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00			`if (st == NULL)`
			`goto err;`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00
			`/* Read in signer certificate and private key */`
			`tbio = BIO_new_file("cacert.pem", "r");`

X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00			`if (tbio == NULL)`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`goto err;`

			`cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);`

X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00			`if (cacert == NULL)`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`goto err;`

			`if (!X509_STORE_add_cert(st, cacert))`
			`goto err;`

			`/* Open content being signed */`

			`in = BIO_new_file("smout.txt", "r");`

X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00			`if (in == NULL)`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`goto err;`

			`/* Sign content */`
			`p7 = SMIME_read_PKCS7(in, &cont);`

X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00			`if (p7 == NULL)`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`goto err;`

			`/* File to output verified content to */`
			`out = BIO_new_file("smver.txt", "w");`
X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00			`if (out == NULL)`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`goto err;`

			`if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) {`
			`fprintf(stderr, "Verification Failure\n");`
			`goto err;`
			`}`

demos: tidy up makefiles, fix warnings Update makefiles so that consistent patterns are used. Object files are compiled from source using an implicit rule (but using our CFLAGS); for linking, we give an explicit rule. Ensure that "make test" works in each subdirectory (even if it does not actually run any applications). The top-level demo makefile now works. The makefiles are not make-agnostic. e.g. they use the variable $(RM) in "clean" recipes, which is defined in gnu-make but may not be defined in others. Part of #17806 Testing: $ cd demo $ make test Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22698) 2023-11-11 03:02:00 +08:00			`printf("Verification Successful\n");`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00
Fixup demo exit status magic numbers The demo code is quite often block copied for new demos, so this PR changes demos to use EXIT_SUCCESS & EXIT_FAILURE instead of using 0 and 1. Internal functions use the normal notation of 0 = error, 1 = success, but the value returned by main() must use EXIT_SUCCESS and EXIT_FAILURE. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20545) 2023-03-20 12:48:33 +08:00			`ret = EXIT_SUCCESS;`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`err:`
Fixup demo exit status magic numbers The demo code is quite often block copied for new demos, so this PR changes demos to use EXIT_SUCCESS & EXIT_FAILURE instead of using 0 and 1. Internal functions use the normal notation of 0 = error, 1 = success, but the value returned by main() must use EXIT_SUCCESS and EXIT_FAILURE. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20545) 2023-03-20 12:48:33 +08:00			`if (ret != EXIT_SUCCESS) {`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`fprintf(stderr, "Error Verifying Data\n");`
			`ERR_print_errors_fp(stderr);`
			`}`
X509_STORE_new: memory needs to be freed Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17278) 2021-12-15 16:24:21 +08:00
			`X509_STORE_free(st);`
free NULL cleanup 9 Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-04-12 04:32:54 +08:00			`PKCS7_free(p7);`
free NULL cleanup 5a Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-05-01 05:33:59 +08:00			`X509_free(cacert);`
free NULL cleanup This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org> 2015-03-25 23:31:18 +08:00			`BIO_free(in);`
			`BIO_free(out);`
			`BIO_free(tbio);`
Add a bunch of S/MIME sample programs and data. 2007-04-14 04:40:47 +08:00			`return ret;`
			`}`