Blame - ap/lib/libssl/openssl-1.1.1o/crypto/ct/ct_policy.c - R306

blob: df66e8a494d015fd24713c1070707168fbb2ceb8 [file] [log] [blame]

yuezonghe	824eb0c	2024-06-27 02:32:26 -0700	[diff] [blame^]	1	/*
				2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
				3	*
				4	* Licensed under the OpenSSL license (the "License"). You may not use
				5	* this file except in compliance with the License. You can obtain a copy
				6	* in the file LICENSE in the source distribution or at
				7	* https://www.openssl.org/source/license.html
				8	*/
				9
				10	#ifdef OPENSSL_NO_CT
				11	# error "CT is disabled"
				12	#endif
				13
				14	#include <openssl/ct.h>
				15	#include <openssl/err.h>
				16	#include <time.h>
				17
				18	#include "ct_local.h"
				19
				20	/*
				21	* Number of seconds in the future that an SCT timestamp can be, by default,
				22	* without being considered invalid. This is added to time() when setting a
				23	* default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
				24	* It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
				25	*/
				26	static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
				27
				28	CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
				29	{
				30	CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
				31
				32	if (ctx == NULL) {
				33	CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
				34	return NULL;
				35	}
				36
				37	/* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
				38	ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
				39	1000;
				40
				41	return ctx;
				42	}
				43
				44	void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
				45	{
				46	if (ctx == NULL)
				47	return;
				48	X509_free(ctx->cert);
				49	X509_free(ctx->issuer);
				50	OPENSSL_free(ctx);
				51	}
				52
				53	int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX ctx, X509 cert)
				54	{
				55	if (!X509_up_ref(cert))
				56	return 0;
				57	ctx->cert = cert;
				58	return 1;
				59	}
				60
				61	int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer)
				62	{
				63	if (!X509_up_ref(issuer))
				64	return 0;
				65	ctx->issuer = issuer;
				66	return 1;
				67	}
				68
				69	void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
				70	CTLOG_STORE *log_store)
				71	{
				72	ctx->log_store = log_store;
				73	}
				74
				75	void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
				76	{
				77	ctx->epoch_time_in_ms = time_in_ms;
				78	}
				79
				80	X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
				81	{
				82	return ctx->cert;
				83	}
				84
				85	X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
				86	{
				87	return ctx->issuer;
				88	}
				89
				90	const CTLOG_STORE CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX ctx)
				91	{
				92	return ctx->log_store;
				93	}
				94
				95	uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
				96	{
				97	return ctx->epoch_time_in_ms;
				98	}