ct_policy.c revision 1.4
1/* $OpenBSD: ct_policy.c,v 1.4 2021/12/05 09:37:46 tb Exp $ */ 2/* 3 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11#ifdef OPENSSL_NO_CT 12# error "CT is disabled" 13#endif 14 15#include <openssl/ct.h> 16#include <openssl/err.h> 17#include <time.h> 18 19#include "ct_local.h" 20 21/* 22 * Number of seconds in the future that an SCT timestamp can be, by default, 23 * without being considered invalid. This is added to time() when setting a 24 * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. 25 * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). 26 */ 27static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; 28 29CT_POLICY_EVAL_CTX * 30CT_POLICY_EVAL_CTX_new(void) 31{ 32 CT_POLICY_EVAL_CTX *ctx = calloc(1, sizeof(CT_POLICY_EVAL_CTX)); 33 34 if (ctx == NULL) { 35 CTerror(ERR_R_MALLOC_FAILURE); 36 return NULL; 37 } 38 39 /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ 40 ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * 41 1000; 42 43 return ctx; 44} 45 46void 47CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) 48{ 49 if (ctx == NULL) 50 return; 51 X509_free(ctx->cert); 52 X509_free(ctx->issuer); 53 free(ctx); 54} 55 56int 57CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) 58{ 59 if (!X509_up_ref(cert)) 60 return 0; 61 ctx->cert = cert; 62 return 1; 63} 64 65int 66CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) 67{ 68 if (!X509_up_ref(issuer)) 69 return 0; 70 ctx->issuer = issuer; 71 return 1; 72} 73 74void 75CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, 76 CTLOG_STORE *log_store) 77{ 78 ctx->log_store = log_store; 79} 80 81void 82CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) 83{ 84 ctx->epoch_time_in_ms = time_in_ms; 85} 86 87X509 * 88CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) 89{ 90 return ctx->cert; 91} 92 93X509 * 94CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) 95{ 96 return ctx->issuer; 97} 98 99const CTLOG_STORE * 100CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) 101{ 102 return ctx->log_store; 103} 104 105uint64_t 106CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) 107{ 108 return ctx->epoch_time_in_ms; 109} 110