ct_policy.c 2.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. /*
  2. * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifdef OPENSSL_NO_CT
  10. # error "CT is disabled"
  11. #endif
  12. #include <openssl/ct.h>
  13. #include <openssl/err.h>
  14. #include <time.h>
  15. #include "ct_local.h"
  16. /*
  17. * Number of seconds in the future that an SCT timestamp can be, by default,
  18. * without being considered invalid. This is added to time() when setting a
  19. * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
  20. * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
  21. */
  22. static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
  23. CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
  24. {
  25. CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
  26. if (ctx == NULL) {
  27. CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
  28. return NULL;
  29. }
  30. /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
  31. ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
  32. 1000;
  33. return ctx;
  34. }
  35. void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
  36. {
  37. if (ctx == NULL)
  38. return;
  39. X509_free(ctx->cert);
  40. X509_free(ctx->issuer);
  41. OPENSSL_free(ctx);
  42. }
  43. int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
  44. {
  45. if (!X509_up_ref(cert))
  46. return 0;
  47. ctx->cert = cert;
  48. return 1;
  49. }
  50. int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
  51. {
  52. if (!X509_up_ref(issuer))
  53. return 0;
  54. ctx->issuer = issuer;
  55. return 1;
  56. }
  57. void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
  58. CTLOG_STORE *log_store)
  59. {
  60. ctx->log_store = log_store;
  61. }
  62. void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
  63. {
  64. ctx->epoch_time_in_ms = time_in_ms;
  65. }
  66. X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
  67. {
  68. return ctx->cert;
  69. }
  70. X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
  71. {
  72. return ctx->issuer;
  73. }
  74. const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
  75. {
  76. return ctx->log_store;
  77. }
  78. uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
  79. {
  80. return ctx->epoch_time_in_ms;
  81. }