2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 # error "CT is disabled"
14 #include <openssl/ct.h>
15 #include <openssl/err.h>
21 * Number of seconds in the future that an SCT timestamp can be, by default,
22 * without being considered invalid. This is added to time() when setting a
23 * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
24 * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
26 static const time_t SCT_CLOCK_DRIFT_TOLERANCE
= 300;
28 CT_POLICY_EVAL_CTX
*CT_POLICY_EVAL_CTX_new(void)
30 CT_POLICY_EVAL_CTX
*ctx
= OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX
));
33 CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW
, ERR_R_MALLOC_FAILURE
);
37 /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
38 ctx
->epoch_time_in_ms
= (uint64_t)(time(NULL
) + SCT_CLOCK_DRIFT_TOLERANCE
) *
44 void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX
*ctx
)
49 X509_free(ctx
->issuer
);
53 int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX
*ctx
, X509
*cert
)
55 if (!X509_up_ref(cert
))
61 int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX
*ctx
, X509
*issuer
)
63 if (!X509_up_ref(issuer
))
69 void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX
*ctx
,
70 CTLOG_STORE
*log_store
)
72 ctx
->log_store
= log_store
;
75 void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX
*ctx
, uint64_t time_in_ms
)
77 ctx
->epoch_time_in_ms
= time_in_ms
;
80 X509
* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX
*ctx
)
85 X509
* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX
*ctx
)
90 const CTLOG_STORE
*CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX
*ctx
)
92 return ctx
->log_store
;
95 uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX
*ctx
)
97 return ctx
->epoch_time_in_ms
;