/src/openssl31/crypto/ct/ct_policy.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifdef OPENSSL_NO_CT |
11 | | # error "CT is disabled" |
12 | | #endif |
13 | | |
14 | | #include <openssl/ct.h> |
15 | | #include <openssl/err.h> |
16 | | #include <time.h> |
17 | | |
18 | | #include "ct_local.h" |
19 | | |
20 | | /* |
21 | | * Number of seconds in the future that an SCT timestamp can be, by default, |
22 | | * without being considered invalid. This is added to time() when setting a |
23 | | * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. |
24 | | * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). |
25 | | */ |
26 | | static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; |
27 | | |
28 | | CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, |
29 | | const char *propq) |
30 | 0 | { |
31 | 0 | CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); |
32 | |
|
33 | 0 | if (ctx == NULL) { |
34 | 0 | ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); |
35 | 0 | return NULL; |
36 | 0 | } |
37 | | |
38 | 0 | ctx->libctx = libctx; |
39 | 0 | if (propq != NULL) { |
40 | 0 | ctx->propq = OPENSSL_strdup(propq); |
41 | 0 | if (ctx->propq == NULL) { |
42 | 0 | ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); |
43 | 0 | OPENSSL_free(ctx); |
44 | 0 | return NULL; |
45 | 0 | } |
46 | 0 | } |
47 | | |
48 | | /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ |
49 | 0 | ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * |
50 | 0 | 1000; |
51 | |
|
52 | 0 | return ctx; |
53 | 0 | } |
54 | | |
55 | | CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) |
56 | 0 | { |
57 | 0 | return CT_POLICY_EVAL_CTX_new_ex(NULL, NULL); |
58 | 0 | } |
59 | | |
60 | | void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) |
61 | 0 | { |
62 | 0 | if (ctx == NULL) |
63 | 0 | return; |
64 | 0 | X509_free(ctx->cert); |
65 | 0 | X509_free(ctx->issuer); |
66 | 0 | OPENSSL_free(ctx->propq); |
67 | 0 | OPENSSL_free(ctx); |
68 | 0 | } |
69 | | |
70 | | int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) |
71 | 0 | { |
72 | 0 | if (!X509_up_ref(cert)) |
73 | 0 | return 0; |
74 | 0 | ctx->cert = cert; |
75 | 0 | return 1; |
76 | 0 | } |
77 | | |
78 | | int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) |
79 | 0 | { |
80 | 0 | if (!X509_up_ref(issuer)) |
81 | 0 | return 0; |
82 | 0 | ctx->issuer = issuer; |
83 | 0 | return 1; |
84 | 0 | } |
85 | | |
86 | | void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, |
87 | | CTLOG_STORE *log_store) |
88 | 0 | { |
89 | 0 | ctx->log_store = log_store; |
90 | 0 | } |
91 | | |
92 | | void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) |
93 | 0 | { |
94 | 0 | ctx->epoch_time_in_ms = time_in_ms; |
95 | 0 | } |
96 | | |
97 | | X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) |
98 | 0 | { |
99 | 0 | return ctx->cert; |
100 | 0 | } |
101 | | |
102 | | X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) |
103 | 0 | { |
104 | 0 | return ctx->issuer; |
105 | 0 | } |
106 | | |
107 | | const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) |
108 | 0 | { |
109 | 0 | return ctx->log_store; |
110 | 0 | } |
111 | | |
112 | | uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) |
113 | 0 | { |
114 | 0 | return ctx->epoch_time_in_ms; |
115 | 0 | } |