Internalizes SCT_verify and removes SCT_verify_v1

SCT_verify is impossible to call through the public API (SCT_CTX_new() is not part of the public API), so rename it to SCT_CTX_verify and move it out of the public API. SCT_verify_v1 is redundant, since SCT_validate does the same verification (by calling SCT_verify) and more. The API is less confusing with a single verification function (SCT_validate). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: Rob Percival <robpercival@google.com> 2016-08-23 12:52:43 +0100
committer: Matt Caswell <matt@openssl.org> 2016-08-23 20:12:25 +0100
commit: cdb2a60347f988037d29adc7e4415e9c66c8a5a5 (patch)
tree: ce213a2202bbbbe21c33014db2d1ecef97c7a71a /crypto/ct/ct_locl.h
parent: 5579eab9efd2c8e2f21340f9b9fe20ee89f25857 (diff)
download: openssl-cdb2a60347f988037d29adc7e4415e9c66c8a5a5.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
index 1180455e1a..6b2fa3ef0c 100644
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -151,6 +151,13 @@ __owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
 __owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
 
 /*
+ * Verifies an SCT with the given context.
+ * Returns 1 if the SCT verifies successfully; any other value indicates
+ * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
+ */
+__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+
+/*
  * Does this SCT have the minimum fields populated to be usable?
  * Returns 1 if so, 0 otherwise.
  */
author	Rob Percival <robpercival@google.com>	2016-08-23 12:52:43 +0100
committer	Matt Caswell <matt@openssl.org>	2016-08-23 20:12:25 +0100
commit	cdb2a60347f988037d29adc7e4415e9c66c8a5a5 (patch)
tree	ce213a2202bbbbe21c33014db2d1ecef97c7a71a /crypto/ct/ct_locl.h
parent	5579eab9efd2c8e2f21340f9b9fe20ee89f25857 (diff)
download	openssl-cdb2a60347f988037d29adc7e4415e9c66c8a5a5.tar.gz