X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fct%2Fct_vfy.c;h=71c03611261f74f90b5be8157ff13e6c87a43001;hp=27f9e23a8d3d75640488c3e2ed5763ce8a785de6;hb=e0d32e98f00cfd39977593ae1bc6cfd2ab6bbb0e;hpb=0dfd6cf901d34b5774fa406c44fcfbe9e3ef6d5e diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c index 27f9e23a8d..71c0361126 100644 --- a/crypto/ct/ct_vfy.c +++ b/crypto/ct/ct_vfy.c @@ -65,34 +65,6 @@ #include "ct_locl.h" -#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),c+=2) - -#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ - c[1]=(unsigned char)(((s) )&0xff)),c+=2) - -#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ - c[1]=(unsigned char)(((l)>> 8)&0xff), \ - c[2]=(unsigned char)(((l) )&0xff)),c+=3) - -#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - typedef enum sct_signature_type_t { SIGNATURE_TYPE_NOT_SET = -1, SIGNATURE_TYPE_CERT_TIMESTAMP, @@ -173,13 +145,13 @@ static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) int SCT_verify(const SCT_CTX *sctx, const SCT *sct) { EVP_MD_CTX *ctx = NULL; - int ret = -1; + int ret = 0; if (!SCT_is_complete(sct) || sctx->pkey == NULL || sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { CTerr(CT_F_SCT_VERIFY, CT_R_SCT_NOT_SET); - return -1; + return 0; } if (sct->version != SCT_VERSION_V1) { CTerr(CT_F_SCT_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION); @@ -220,7 +192,7 @@ int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer, if (!SCT_is_complete(sct)) { CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_NOT_SET); - return -1; + return 0; } if (sct->version != 0) { @@ -232,22 +204,17 @@ int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer, if (sctx == NULL) goto done; - ret = SCT_CTX_set1_pubkey(sctx, log_pubkey); - if (ret <= 0) + if (!SCT_CTX_set1_pubkey(sctx, log_pubkey)) goto done; - ret = SCT_CTX_set1_cert(sctx, cert, preissuer); - if (ret <= 0) + if (!SCT_CTX_set1_cert(sctx, cert, preissuer)) goto done; - if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { - ret = SCT_CTX_set1_issuer(sctx, issuer_cert); - if (ret <= 0) - goto done; - } + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && + !SCT_CTX_set1_issuer(sctx, issuer_cert)) + goto done; ret = SCT_verify(sctx, sct); - done: SCT_CTX_free(sctx); return ret;