diff options
author | Rob Percival <robpercival@google.com> | 2016-03-10 18:17:23 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-10 14:53:04 -0500 |
commit | 8359b57f27bbc320c3c08035917d829b303ea850 (patch) | |
tree | 0a63789a4ffb5b5562a5d5716d9dd502f877eff7 /crypto | |
parent | f0667b1430bac3b8c9c5b76985ad24cf9b13a0a9 (diff) |
check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ct/ct_locl.h | 2 | ||||
-rw-r--r-- | crypto/ct/ct_prn.c | 17 | ||||
-rw-r--r-- | crypto/ct/ct_sct.c | 34 | ||||
-rw-r--r-- | crypto/ct/ct_x509v3.c | 2 |
4 files changed, 20 insertions, 35 deletions
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h index 3625e5039c..66a6d1cfcd 100644 --- a/crypto/ct/ct_locl.h +++ b/crypto/ct/ct_locl.h @@ -125,8 +125,6 @@ struct sct_st { ct_log_entry_type_t entry_type; /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ sct_source_t source; - /* The CT log that produced this SCT. */ - const CTLOG *log; /* The result of the last attempt to validate this SCT. */ sct_validation_status_t validation_status; }; diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c index c2e11b1e24..239ffc832c 100644 --- a/crypto/ct/ct_prn.c +++ b/crypto/ct/ct_prn.c @@ -96,7 +96,7 @@ static void timestamp_print(uint64_t timestamp, BIO *out) ASN1_GENERALIZEDTIME_free(gen); } -void SCT_print(const SCT *sct, BIO *out, int indent) +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG *log) { BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); @@ -109,9 +109,9 @@ void SCT_print(const SCT *sct, BIO *out, int indent) BIO_printf(out, "v1 (0x0)"); - if (sct->log != NULL) { + if (log != NULL) { BIO_printf(out, "\n%*sLog : %s", indent + 4, "", - SCT_get0_log_name(sct)); + CTLOG_get0_name(log)); } BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); @@ -133,13 +133,20 @@ void SCT_print(const SCT *sct, BIO *out, int indent) } void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator) + const char *separator, const CTLOG_STORE *log_store) { int i; for (i = 0; i < sk_SCT_num(sct_list); ++i) { SCT *sct = sk_SCT_value(sct_list, i); - SCT_print(sct, out, indent); + const CTLOG *log = NULL; + + if (log_store != NULL) { + log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, + sct->log_id_len); + } + + SCT_print(sct, out, indent, log); if (i < sk_SCT_num(sct_list) - 1) BIO_printf(out, "%s", separator); } diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c index f83e155281..9eefa0caf0 100644 --- a/crypto/ct/ct_sct.c +++ b/crypto/ct/ct_sct.c @@ -251,11 +251,6 @@ size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id) return sct->log_id_len; } -const char *SCT_get0_log_name(const SCT *sct) -{ - return CTLOG_get0_name(sct->log); -} - uint64_t SCT_get_timestamp(const SCT *sct) { return sct->timestamp; @@ -327,18 +322,6 @@ int SCT_set_source(SCT *sct, sct_source_t source) } } -const CTLOG *SCT_get0_log(const SCT *sct) -{ - return sct->log; -} - -int SCT_set0_log(SCT *sct, const CTLOG_STORE *ct_logs) -{ - sct->log = CTLOG_STORE_get0_log_by_id(ct_logs, sct->log_id, sct->log_id_len); - - return sct->log != NULL; -} - sct_validation_status_t SCT_get_validation_status(const SCT *sct) { return sct->validation_status; @@ -349,20 +332,17 @@ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) int is_sct_valid = -1; SCT_CTX *sctx = NULL; X509_PUBKEY *pub = NULL, *log_pkey = NULL; + const CTLOG *log; - switch (sct->version) { - case SCT_VERSION_V1: - if (sct->log == NULL) - sct->log = CTLOG_STORE_get0_log_by_id(ctx->log_store, - sct->log_id, - CT_V1_HASHLEN); - break; - default: + if (sct->version != SCT_VERSION_V1) { sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION; goto end; } - if (sct->log == NULL) { + log = CTLOG_STORE_get0_log_by_id(ctx->log_store, + sct->log_id, sct->log_id_len); + + if (log == NULL) { sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG; goto end; } @@ -371,7 +351,7 @@ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) if (sctx == NULL) goto err; - if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(sct->log)) != 1) + if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1) goto err; if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1) goto err; diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c index 2617f13d28..db2c0e4875 100644 --- a/crypto/ct/ct_x509v3.c +++ b/crypto/ct/ct_x509v3.c @@ -75,7 +75,7 @@ static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out, int indent) { - SCT_LIST_print(sct_list, out, indent, "\n"); + SCT_LIST_print(sct_list, out, indent, "\n", NULL); return 1; } |