summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ct/ct_vfy.c
diff options
context:
space:
mode:
authorbeck <>2021-11-20 01:10:49 +0000
committerbeck <>2021-11-20 01:10:49 +0000
commit945f084e2204432f02dc67409d640c082c7d12b1 (patch)
tree09562d0baf42f60ea370c64468465708195ec887 /src/lib/libcrypto/ct/ct_vfy.c
parent3d755921799d0394eade3c0043ddc31a5a71be7c (diff)
downloadopenbsd-945f084e2204432f02dc67409d640c082c7d12b1.tar.gz
openbsd-945f084e2204432f02dc67409d640c082c7d12b1.tar.bz2
openbsd-945f084e2204432f02dc67409d640c082c7d12b1.zip
Make these files compile - not hooked up to build yet.
ok jsing@ tb@
Diffstat (limited to 'src/lib/libcrypto/ct/ct_vfy.c')
-rw-r--r--src/lib/libcrypto/ct/ct_vfy.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c
index 74642a9304..bde3534c97 100644
--- a/src/lib/libcrypto/ct/ct_vfy.c
+++ b/src/lib/libcrypto/ct/ct_vfy.c
@@ -32,6 +32,7 @@ sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
32 unsigned char tmpbuf[12]; 32 unsigned char tmpbuf[12];
33 unsigned char *p, *der; 33 unsigned char *p, *der;
34 size_t derlen; 34 size_t derlen;
35
35 /*+ 36 /*+
36 * digitally-signed struct { 37 * digitally-signed struct {
37 * (1 byte) Version sct_version; 38 * (1 byte) Version sct_version;
@@ -102,21 +103,22 @@ SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
102 103
103 if (!SCT_is_complete(sct) || sctx->pkey == NULL || 104 if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
104 sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || 105 sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
105 (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { 106 (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
106 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET); 107 sctx->ihash == NULL)) {
108 CTerror(CT_R_SCT_NOT_SET);
107 return 0; 109 return 0;
108 } 110 }
109 if (sct->version != SCT_VERSION_V1) { 111 if (sct->version != SCT_VERSION_V1) {
110 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION); 112 CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
111 return 0; 113 return 0;
112 } 114 }
113 if (sct->log_id_len != sctx->pkeyhashlen || 115 if (sct->log_id_len != sctx->pkeyhashlen ||
114 memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { 116 memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
115 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH); 117 CTerror(CT_R_SCT_LOG_ID_MISMATCH);
116 return 0; 118 return 0;
117 } 119 }
118 if (sct->timestamp > sctx->epoch_time_in_ms) { 120 if (sct->timestamp > sctx->epoch_time_in_ms) {
119 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP); 121 CTerror(CT_R_SCT_FUTURE_TIMESTAMP);
120 return 0; 122 return 0;
121 } 123 }
122 124
@@ -134,7 +136,7 @@ SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
134 ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len); 136 ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
135 /* If ret < 0 some other error: fall through without setting error */ 137 /* If ret < 0 some other error: fall through without setting error */
136 if (ret == 0) 138 if (ret == 0)
137 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE); 139 CTerror(CT_R_SCT_INVALID_SIGNATURE);
138 140
139 end: 141 end:
140 EVP_MD_CTX_free(ctx); 142 EVP_MD_CTX_free(ctx);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-03 22:14:59 +0000