[thirdparty/openssl.git] / crypto / ct / ct_policy.c

/*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifdef OPENSSL_NO_CT
# error "CT is disabled"
#endif

#include <openssl/ct.h>
#include <openssl/err.h>
#include <time.h>

#include "ct_locl.h"

/*
 * Number of seconds in the future that an SCT timestamp can be, by default,
 * without being considered invalid. This is added to time() when setting a
 * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
 * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
 */
static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;

CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
{
    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));

    if (ctx == NULL) {
        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
    ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
            1000;

    return ctx;
}

void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
{
    if (ctx == NULL)
        return;
    X509_free(ctx->cert);
    X509_free(ctx->issuer);
    OPENSSL_free(ctx);
}

int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
{
    if (!X509_up_ref(cert))
        return 0;
    ctx->cert = cert;
    return 1;
}

int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
{
    if (!X509_up_ref(issuer))
        return 0;
    ctx->issuer = issuer;
    return 1;
}

void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
                                               CTLOG_STORE *log_store)
{
    ctx->log_store = log_store;
}

void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
{
    ctx->epoch_time_in_ms = time_in_ms;
}

X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
{
    return ctx->cert;
}

X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
{
    return ctx->issuer;
}

const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
{
    return ctx->log_store;
}

uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
{
    return ctx->epoch_time_in_ms;
}
Commit	Line	Data
7d054e5a	1	/*
d2e9e320 RS	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
d2e9e320 RS	3	*
5477e842	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
d2e9e320 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
7d054e5a RP	9
	10	#ifdef OPENSSL_NO_CT
	11	# error "CT is disabled"
	12	#endif
	13
	14	#include <openssl/ct.h>
	15	#include <openssl/err.h>
e25233d9	16	#include <time.h>
7d054e5a RP	17
	18	#include "ct_locl.h"
	19
08e588b7 RP	20	/*
	21	* Number of seconds in the future that an SCT timestamp can be, by default,
	22	* without being considered invalid. This is added to time() when setting a
	23	* default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
	24	* It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
	25	*/
c22aa33e RP	26	static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
c22aa33e RP	27
7d054e5a RP	28	CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
	29	{
	30	CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
	31
	32	if (ctx == NULL) {
	33	CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
	34	return NULL;
	35	}
	36
08e588b7	37	/* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
5e086066 RP	38	ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
	39	1000;
	40
7d054e5a RP	41	return ctx;
	42	}
	43
	44	void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
	45	{
2b201c5c MC	46	if (ctx == NULL)
2b201c5c MC	47	return;
a1bb7708 RP	48	X509_free(ctx->cert);
a1bb7708 RP	49	X509_free(ctx->issuer);
7d054e5a RP	50	OPENSSL_free(ctx);
	51	}
	52
11c68cea	53	int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX ctx, X509 cert)
7d054e5a	54	{
11c68cea RP	55	if (!X509_up_ref(cert))
	56	return 0;
	57	ctx->cert = cert;
	58	return 1;
7d054e5a RP	59	}
7d054e5a RP	60
11c68cea	61	int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer)
7d054e5a	62	{
11c68cea RP	63	if (!X509_up_ref(issuer))
	64	return 0;
	65	ctx->issuer = issuer;
	66	return 1;
7d054e5a RP	67	}
7d054e5a RP	68
a1bb7708 RP	69	void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
a1bb7708 RP	70	CTLOG_STORE *log_store)
7d054e5a RP	71	{
	72	ctx->log_store = log_store;
	73	}
	74
1fa9ffd9 RP	75	void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
	76	{
	77	ctx->epoch_time_in_ms = time_in_ms;
	78	}
	79
680ddc99	80	X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
7d054e5a RP	81	{
	82	return ctx->cert;
	83	}
	84
680ddc99	85	X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
7d054e5a RP	86	{
	87	return ctx->issuer;
	88	}
	89
680ddc99	90	const CTLOG_STORE CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX ctx)
7d054e5a RP	91	{
	92	return ctx->log_store;
	93	}
	94
1fa9ffd9 RP	95	uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
	96	{
	97	return ctx->epoch_time_in_ms;
	98	}