/src/openssl/crypto/ct/ct_policy.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifdef OPENSSL_NO_CT |
11 | | # error "CT is disabled" |
12 | | #endif |
13 | | |
14 | | #include <openssl/ct.h> |
15 | | #include <openssl/err.h> |
16 | | #include <time.h> |
17 | | |
18 | | #include "ct_locl.h" |
19 | | |
20 | | /* |
21 | | * Number of seconds in the future that an SCT timestamp can be, by default, |
22 | | * without being considered invalid. This is added to time() when setting a |
23 | | * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. |
24 | | * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). |
25 | | */ |
26 | | static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; |
27 | | |
28 | | CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) |
29 | 0 | { |
30 | 0 | CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); |
31 | 0 |
|
32 | 0 | if (ctx == NULL) { |
33 | 0 | CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE); |
34 | 0 | return NULL; |
35 | 0 | } |
36 | 0 |
|
37 | 0 | /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ |
38 | 0 | ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * |
39 | 0 | 1000; |
40 | 0 |
|
41 | 0 | return ctx; |
42 | 0 | } |
43 | | |
44 | | void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) |
45 | 0 | { |
46 | 0 | if (ctx == NULL) |
47 | 0 | return; |
48 | 0 | X509_free(ctx->cert); |
49 | 0 | X509_free(ctx->issuer); |
50 | 0 | OPENSSL_free(ctx); |
51 | 0 | } |
52 | | |
53 | | int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) |
54 | 0 | { |
55 | 0 | if (!X509_up_ref(cert)) |
56 | 0 | return 0; |
57 | 0 | ctx->cert = cert; |
58 | 0 | return 1; |
59 | 0 | } |
60 | | |
61 | | int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) |
62 | 0 | { |
63 | 0 | if (!X509_up_ref(issuer)) |
64 | 0 | return 0; |
65 | 0 | ctx->issuer = issuer; |
66 | 0 | return 1; |
67 | 0 | } |
68 | | |
69 | | void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, |
70 | | CTLOG_STORE *log_store) |
71 | 0 | { |
72 | 0 | ctx->log_store = log_store; |
73 | 0 | } |
74 | | |
75 | | void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) |
76 | 0 | { |
77 | 0 | ctx->epoch_time_in_ms = time_in_ms; |
78 | 0 | } |
79 | | |
80 | | X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) |
81 | 0 | { |
82 | 0 | return ctx->cert; |
83 | 0 | } |
84 | | |
85 | | X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) |
86 | 0 | { |
87 | 0 | return ctx->issuer; |
88 | 0 | } |
89 | | |
90 | | const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) |
91 | 0 | { |
92 | 0 | return ctx->log_store; |
93 | 0 | } |
94 | | |
95 | | uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) |
96 | 0 | { |
97 | 0 | return ctx->epoch_time_in_ms; |
98 | 0 | } |