]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/ct/ct_policy.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Raise an error on syscall failure in tls_retry_write_records
[thirdparty/openssl.git] / crypto / ct / ct_policy.c
CommitLineData
7d054e5a 1/*
33388b44 2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
d2e9e320 3 *
5477e842 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
d2e9e320
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
7d054e5a
RP		 9
10#ifdef OPENSSL_NO_CT
11# error "CT is disabled"
12#endif
13
14#include <openssl/ct.h>
15#include <openssl/err.h>
5d1bb4fc 16#include "internal/time.h"
7d054e5a 17
706457b7 18#include "ct_local.h"
7d054e5a 19
08e588b7
RP		 20/*
21 * Number of seconds in the future that an SCT timestamp can be, by default,
22 * without being considered invalid. This is added to time() when setting a
23 * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
24 * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
25 */
c22aa33e
RP		 26static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
27
b4250010 28CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx,
d8652be0 29 const char *propq)
7d054e5a
RP		 30{
31 CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
5d1bb4fc 32 OSSL_TIME now;
7d054e5a 33
e077455e 34 if (ctx == NULL)
7d054e5a 35 return NULL;
7d054e5a 36
d4b2bfba
MC		 37 ctx->libctx = libctx;
38 if (propq != NULL) {
39 ctx->propq = OPENSSL_strdup(propq);
40 if (ctx->propq == NULL) {
9b0e74c4 41 OPENSSL_free(ctx);
d4b2bfba
MC		 42 return NULL;
43 }
44 }
45
5d1bb4fc
P		 46 now = ossl_time_add(ossl_time_now(),
47 ossl_seconds2time(SCT_CLOCK_DRIFT_TOLERANCE));
48 ctx->epoch_time_in_ms = ossl_time2ms(now);
5e086066 49
7d054e5a
RP		 50 return ctx;
51}
52
d4b2bfba
MC		 53CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
54{
d8652be0 55 return CT_POLICY_EVAL_CTX_new_ex(NULL, NULL);
d4b2bfba
MC		 56}
57
7d054e5a
RP		 58void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
59{
2b201c5c
MC		 60 if (ctx == NULL)
61 return;
a1bb7708
RP		 62 X509_free(ctx->cert);
63 X509_free(ctx->issuer);
d4b2bfba 64 OPENSSL_free(ctx->propq);
7d054e5a
RP		 65 OPENSSL_free(ctx);
66}
67
11c68cea 68int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
7d054e5a 69{
11c68cea
RP		 70 if (!X509_up_ref(cert))
71 return 0;
72 ctx->cert = cert;
73 return 1;
7d054e5a
RP		 74}
75
11c68cea 76int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
7d054e5a 77{
11c68cea
RP		 78 if (!X509_up_ref(issuer))
79 return 0;
80 ctx->issuer = issuer;
81 return 1;
7d054e5a
RP		 82}
83
a1bb7708
RP		 84void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
85 CTLOG_STORE *log_store)
7d054e5a
RP		 86{
87 ctx->log_store = log_store;
88}
89
1fa9ffd9
RP		 90void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
91{
92 ctx->epoch_time_in_ms = time_in_ms;
93}
94
680ddc99 95X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
7d054e5a
RP		 96{
97 return ctx->cert;
98}
99
680ddc99 100X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
7d054e5a
RP		 101{
102 return ctx->issuer;
103}
104
680ddc99 105const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
7d054e5a
RP		 106{
107 return ctx->log_store;
108}
109
1fa9ffd9
RP		 110uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
111{
112 return ctx->epoch_time_in_ms;
113}
A mirror of the official openssl repository