*/
if (!PKCS12_parse(p12, NULL, priv, cert, NULL) &&
!PKCS12_parse(p12, "", priv, cert, NULL)) {
- pb_log("%s: Error parsing OpenSSL PKCS12:\n", __func__);
+ pb_log_fn("Error parsing OpenSSL PKCS12:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
} else
ok = 1;
if (cert)
sk_X509_push(certs, get_cert(keyfile));
} else {
- pb_log("%s: Error allocating OpenSSL X509 stack:\n", __func__);
+ pb_log_fn("Error allocating OpenSSL X509 stack:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
}
/* handles both cases */
if (!pkey) {
- pb_log("%s: Error loading OpenSSL public key:\n", __func__);
+ pb_log_fn("Error loading OpenSSL public key:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
}
certs = sk_X509_new_null();
if (!certs) {
- pb_log("%s: Error allocating OpenSSL X509 stack:\n", __func__);
+ pb_log_fn("Error allocating OpenSSL X509 stack:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
goto out;
}
/* in this mode its attached content */
if (!CMS_verify(cms, certs, NULL, content_bio, out_bio,
CMS_NO_SIGNER_CERT_VERIFY | CMS_BINARY)) {
- pb_log("%s: Failed OpenSSL CMS decrypt verify:\n", __func__);
+ pb_log_fn("Failed OpenSSL CMS decrypt verify:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
goto out;
}
if (!CMS_verify(cms, certs, NULL, plaintext_bio, NULL,
CMS_DETACHED | CMS_NO_SIGNER_CERT_VERIFY | CMS_BINARY)) {
- pb_log("%s: Failed OpenSSL CMS verify:\n", __func__);
+ pb_log_fn("Failed OpenSSL CMS verify:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
goto out;
}
ctx = EVP_MD_CTX_create();
if (!ctx) {
- pb_log("%s: Error allocating OpenSSL MD ctx:\n", __func__);
+ pb_log_fn("Error allocating OpenSSL MD ctx:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
goto out;
}
goto out;
if (EVP_DigestVerifyInit(ctx, NULL, s_verify_md, NULL, pkey) < 1) {
- pb_log("%s: Error initializing OpenSSL verify:\n", __func__);
+ pb_log_fn("Error initializing OpenSSL verify:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
goto out;
}
if (EVP_DigestVerifyFinal(ctx, (unsigned char*)sigbuf, siglen))
nok = 0;
else {
- pb_log("%s: Error finalizing OpenSSL verify:\n", __func__);
+ pb_log_fn("Error finalizing OpenSSL verify:\n");
ERR_print_errors_cb(&pb_log_print_errors_cb, NULL);
}
}
int ret = PB_LOCKDOWN_SIGN;
PKCS12 *p12 = NULL;
+#if !defined(HARD_LOCKDOWN)
if (access(LOCKDOWN_FILE, F_OK) == -1)
return PB_LOCKDOWN_NONE;
+#endif
/* determine lockdown type */
fclose(authorized_signatures_handle);
}
- return ret;
+ return ret;
}