diff options
author | Rob Percival <robpercival@google.com> | 2016-03-04 19:51:43 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-09 11:34:48 -0500 |
commit | 5da65ef23ce30285e87652469298ce6513560032 (patch) | |
tree | 5705e2768ab285d640e8d06172903dc158d42354 /crypto/ct | |
parent | 8fbb93d0e24da283a21bb48c4361e20a17bba955 (diff) |
Extensive application of __owur to CT functions that return a boolean
Also improves some documentation of those functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/ct')
-rw-r--r-- | crypto/ct/ct_locl.h | 41 | ||||
-rw-r--r-- | crypto/ct/ct_sct_ctx.c | 11 |
2 files changed, 36 insertions, 16 deletions
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h index b82fabc4f0..eb1d377b4a 100644 --- a/crypto/ct/ct_locl.h +++ b/crypto/ct/ct_locl.h @@ -167,20 +167,41 @@ SCT_CTX *SCT_CTX_new(void); */ void SCT_CTX_free(SCT_CTX *sctx); -/* Sets the certificate that the SCT is related to */ -int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); -/* Sets the issuer of the certificate that the SCT is related to */ -int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); -/* Sets the public key of the issuer of the certificate that the SCT relates to */ -int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); -/* Sets the public key of the CT log that the SCT is from */ -int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); +/* + * Sets the certificate that the SCT is being verified against. + * This will fail if the certificate is invalid. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); + +/* + * Sets the issuer of the certificate that the SCT is being verified against. + * This is just a convenience method to save extracting the public key and + * calling SCT_CTX_set1_issuer_pubkey(). + * Issuer must not be NULL. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); + +/* + * Sets the public key of the issuer of the certificate that the SCT is being + * verified against. + * The public key must not be NULL. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the public key of the CT log that the SCT is from. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); /* * Does this SCT have the minimum fields populated to be usuable? * Returns 1 if so, 0 otherwise. */ -int SCT_is_complete(const SCT *sct); +__owur int SCT_is_complete(const SCT *sct); /* * Does this SCT have the signature-related fields populated? @@ -188,6 +209,6 @@ int SCT_is_complete(const SCT *sct); * This checks that the signature and hash algorithms are set to supported * values and that the signature field is set. */ -int SCT_signature_is_complete(const SCT *sct); +__owur int SCT_signature_is_complete(const SCT *sct); diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c index 7c50c91d69..89051d2f7c 100644 --- a/crypto/ct/ct_sct_ctx.c +++ b/crypto/ct/ct_sct_ctx.c @@ -111,7 +111,7 @@ static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) * AKID from the presigner certificate, if necessary. * Returns 1 on success, 0 otherwise. */ -static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) +__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) { int preidx, certidx; int pre_akid_ext_is_dup, cert_akid_ext_is_dup; @@ -230,10 +230,10 @@ err: return 0; } -static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, - size_t *hash_len) +__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, + size_t *hash_len) { - int ret = -1; + int ret = 0; unsigned char *md = NULL, *der = NULL; int der_len; unsigned int md_len; @@ -271,8 +271,7 @@ static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) { - return ct_public_key_hash(X509_get_X509_PUBKEY(issuer), &sctx->ihash, - &sctx->ihashlen); + return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); } int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) |