Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
OWEALs
/
openssl
-ын хуулбар git://git.openssl.org/openssl.git
2
0
Салаа 0
Файлууд Асуудлууд 1 Мэдлэгийн сан
Мод: c2bd8d2783
Салаанууд Тагууд
openssl
/
crypto
/
ct
/
ct_policy.c

ct_policy.c 2.9 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. /*
    2. 

  2.  * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #ifdef OPENSSL_NO_CT
    11. 

  11. # error "CT is disabled"
    12. 

  12. #endif
    13. 

  13. 

  14. #include <openssl/ct.h>
    15. 

  15. #include <openssl/err.h>
    16. 

  16. #include <time.h>
    17. 

  17. 

  18. #include "ct_local.h"
    19. 

  19. 

  20. /*
    21. 

  21.  * Number of seconds in the future that an SCT timestamp can be, by default,
    22. 

  22.  * without being considered invalid. This is added to time() when setting a
    23. 

  23.  * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
    24. 

  24.  * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
    25. 

  25.  */
    26. 

  26. static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
    27. 

  27. 

  28. CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
    29. 

  29.                                               const char *propq)
    30. 

  30. {
    31. 

  31.     CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
    32. 

  32. 

  33.     if (ctx == NULL) {
    34. 

  34.         ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
    35. 

  35.         return NULL;
    36. 

  36.     }
    37. 

  37. 

  38.     ctx->libctx = libctx;
    39. 

  39.     if (propq != NULL) {
    40. 

  40.         ctx->propq = OPENSSL_strdup(propq);
    41. 

  41.         if (ctx->propq == NULL) {
    42. 

  42.             ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
    43. 

  43.             OPENSSL_free(ctx);
    44. 

  44.             return NULL;
    45. 

  45.         }
    46. 

  46.     }
    47. 

  47. 

  48.     /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
    49. 

  49.     ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
    50. 

  50.             1000;
    51. 

  51. 

  52.     return ctx;
    53. 

  53. }
    54. 

  54. 

  55. CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
    56. 

  56. {
    57. 

  57.     return CT_POLICY_EVAL_CTX_new_ex(NULL, NULL);
    58. 

  58. }
    59. 

  59. 

  60. void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
    61. 

  61. {
    62. 

  62.     if (ctx == NULL)
    63. 

  63.         return;
    64. 

  64.     X509_free(ctx->cert);
    65. 

  65.     X509_free(ctx->issuer);
    66. 

  66.     OPENSSL_free(ctx->propq);
    67. 

  67.     OPENSSL_free(ctx);
    68. 

  68. }
    69. 

  69. 

  70. int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
    71. 

  71. {
    72. 

  72.     if (!X509_up_ref(cert))
    73. 

  73.         return 0;
    74. 

  74.     ctx->cert = cert;
    75. 

  75.     return 1;
    76. 

  76. }
    77. 

  77. 

  78. int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
    79. 

  79. {
    80. 

  80.     if (!X509_up_ref(issuer))
    81. 

  81.         return 0;
    82. 

  82.     ctx->issuer = issuer;
    83. 

  83.     return 1;
    84. 

  84. }
    85. 

  85. 

  86. void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
    87. 

  87.                                                CTLOG_STORE *log_store)
    88. 

  88. {
    89. 

  89.     ctx->log_store = log_store;
    90. 

  90. }
    91. 

  91. 

  92. void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
    93. 

  93. {
    94. 

  94.     ctx->epoch_time_in_ms = time_in_ms;
    95. 

  95. }
    96. 

  96. 

  97. X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
    98. 

  98. {
    99. 

  99.     return ctx->cert;
    100. 

  100. }
    101. 

  101. 

  102. X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
    103. 

  103. {
    104. 

  104.     return ctx->issuer;
    105. 

  105. }
    106. 

  106. 

  107. const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
    108. 

  108. {
    109. 

  109.     return ctx->log_store;
    110. 

  110. }
    111. 

  111. 

  112. uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
    113. 

  113. {
    114. 

  114.     return ctx->epoch_time_in_ms;
    115. 

  115. }
    116.