aboutsummaryrefslogtreecommitdiff
path: root/crypto/ct/ct_vfy.c
AgeCommit message (Collapse)AuthorFilesLines
2021-04-08Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
2021-03-12misc: other init function param additionsPauli1-1/+1
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
2020-11-13Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() callRichard Levitte1-5/+5
This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-10-01Run the withlibctx.pl scriptMatt Caswell1-3/+2
Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
2020-08-09Add EVP signature with libctx methods.Shane Lontis1-2/+3
-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-04-23Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-09Make the CT code library context awareMatt Caswell1-1/+2
Add the new functions CTLOG_STORE_new_with_libctx(), CTLOG_new_with_libctx() and CTLOG_new_from_base64_with_libctx() to pass in the library context/property query string to use a library context is to be used. We also add the function CT_POLICY_EVAL_CTX_new_with_libctx() to enable the creation of a CT_POLICY_EVAL_CTX to be associated with a libctx and property query string. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11483)
2019-09-28Reorganize local header filesDr. Matthias St. Pierre1-1/+1
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
2018-12-06Following the license change, modify the boilerplates in crypto/ct/Richard Levitte1-1/+1
[skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7786)
2016-11-15Check that SCT timestamps are not in the futureRob Percival1-0/+4
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554)
2016-08-23Internalizes SCT_verify and removes SCT_verify_v1Rob Percival1-41/+5
SCT_verify is impossible to call through the public API (SCT_CTX_new() is not part of the public API), so rename it to SCT_CTX_verify and move it out of the public API. SCT_verify_v1 is redundant, since SCT_validate does the same verification (by calling SCT_verify) and more. The API is less confusing with a single verification function (SCT_validate). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17Copyright consolidation 07/10Rich Salz1-54/+5
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-07Suppress CT callback as appropriateViktor Dukhovni1-59/+0
Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-09Treat boolean functions as booleansRob Percival1-13/+8
Use "!x" instead of "x <= 0", as these functions never return a negative value. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01CT policy validationRob Percival1-0/+59
Specifies a callback that will, in the future, be used by the SSL code to decide whether to abort a connection on Certificate Transparency grounds. Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01Move macros for reading/writing integers into ct_locl.hRob Percival1-28/+0
Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01Addresses review comments from richsalzRob Percival1-22/+21
Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01Verify SCT signaturesRob Percival1-0/+255
Tests included in future commit, which adds CT policy validation. Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.1 at 2024-07-13 00:32:06 +0000