diff options
Diffstat (limited to 'crypto/ct/ct_vfy.c')
-rw-r--r-- | crypto/ct/ct_vfy.c | 46 |
1 files changed, 5 insertions, 41 deletions
diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c index 8305ce678e..724f65579b 100644 --- a/crypto/ct/ct_vfy.c +++ b/crypto/ct/ct_vfy.c @@ -93,7 +93,7 @@ static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) return 1; } -int SCT_verify(const SCT_CTX *sctx, const SCT *sct) +int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) { EVP_MD_CTX *ctx = NULL; int ret = 0; @@ -101,16 +101,16 @@ int SCT_verify(const SCT_CTX *sctx, const SCT *sct) if (!SCT_is_complete(sct) || sctx->pkey == NULL || sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { - CTerr(CT_F_SCT_VERIFY, CT_R_SCT_NOT_SET); + CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET); return 0; } if (sct->version != SCT_VERSION_V1) { - CTerr(CT_F_SCT_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION); + CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION); return 0; } if (sct->log_id_len != sctx->pkeyhashlen || memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { - CTerr(CT_F_SCT_VERIFY, CT_R_SCT_LOG_ID_MISMATCH); + CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH); return 0; } @@ -128,45 +128,9 @@ int SCT_verify(const SCT_CTX *sctx, const SCT *sct) ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len); /* If ret < 0 some other error: fall through without setting error */ if (ret == 0) - CTerr(CT_F_SCT_VERIFY, CT_R_SCT_INVALID_SIGNATURE); + CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE); end: EVP_MD_CTX_free(ctx); return ret; } - -int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer, - X509_PUBKEY *log_pubkey, X509 *issuer_cert) -{ - int ret = 0; - SCT_CTX *sctx = NULL; - - if (!SCT_is_complete(sct)) { - CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_NOT_SET); - return 0; - } - - if (sct->version != 0) { - CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_UNSUPPORTED_VERSION); - return 0; - } - - sctx = SCT_CTX_new(); - if (sctx == NULL) - goto done; - - if (!SCT_CTX_set1_pubkey(sctx, log_pubkey)) - goto done; - - if (!SCT_CTX_set1_cert(sctx, cert, preissuer)) - goto done; - - if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && - !SCT_CTX_set1_issuer(sctx, issuer_cert)) - goto done; - - ret = SCT_verify(sctx, sct); -done: - SCT_CTX_free(sctx); - return ret; -} |