11cb0ef41Sopenharmony_ci/* 21cb0ef41Sopenharmony_ci * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 31cb0ef41Sopenharmony_ci * 41cb0ef41Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 51cb0ef41Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 61cb0ef41Sopenharmony_ci * in the file LICENSE in the source distribution or at 71cb0ef41Sopenharmony_ci * https://www.openssl.org/source/license.html 81cb0ef41Sopenharmony_ci */ 91cb0ef41Sopenharmony_ci 101cb0ef41Sopenharmony_ci#ifdef OPENSSL_NO_CT 111cb0ef41Sopenharmony_ci# error "CT is disabled" 121cb0ef41Sopenharmony_ci#endif 131cb0ef41Sopenharmony_ci 141cb0ef41Sopenharmony_ci#include <openssl/ct.h> 151cb0ef41Sopenharmony_ci#include <openssl/err.h> 161cb0ef41Sopenharmony_ci#include <time.h> 171cb0ef41Sopenharmony_ci 181cb0ef41Sopenharmony_ci#include "ct_local.h" 191cb0ef41Sopenharmony_ci 201cb0ef41Sopenharmony_ci/* 211cb0ef41Sopenharmony_ci * Number of seconds in the future that an SCT timestamp can be, by default, 221cb0ef41Sopenharmony_ci * without being considered invalid. This is added to time() when setting a 231cb0ef41Sopenharmony_ci * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. 241cb0ef41Sopenharmony_ci * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). 251cb0ef41Sopenharmony_ci */ 261cb0ef41Sopenharmony_cistatic const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; 271cb0ef41Sopenharmony_ci 281cb0ef41Sopenharmony_ciCT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, 291cb0ef41Sopenharmony_ci const char *propq) 301cb0ef41Sopenharmony_ci{ 311cb0ef41Sopenharmony_ci CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); 321cb0ef41Sopenharmony_ci 331cb0ef41Sopenharmony_ci if (ctx == NULL) { 341cb0ef41Sopenharmony_ci ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); 351cb0ef41Sopenharmony_ci return NULL; 361cb0ef41Sopenharmony_ci } 371cb0ef41Sopenharmony_ci 381cb0ef41Sopenharmony_ci ctx->libctx = libctx; 391cb0ef41Sopenharmony_ci if (propq != NULL) { 401cb0ef41Sopenharmony_ci ctx->propq = OPENSSL_strdup(propq); 411cb0ef41Sopenharmony_ci if (ctx->propq == NULL) { 421cb0ef41Sopenharmony_ci ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); 431cb0ef41Sopenharmony_ci OPENSSL_free(ctx); 441cb0ef41Sopenharmony_ci return NULL; 451cb0ef41Sopenharmony_ci } 461cb0ef41Sopenharmony_ci } 471cb0ef41Sopenharmony_ci 481cb0ef41Sopenharmony_ci /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ 491cb0ef41Sopenharmony_ci ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * 501cb0ef41Sopenharmony_ci 1000; 511cb0ef41Sopenharmony_ci 521cb0ef41Sopenharmony_ci return ctx; 531cb0ef41Sopenharmony_ci} 541cb0ef41Sopenharmony_ci 551cb0ef41Sopenharmony_ciCT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) 561cb0ef41Sopenharmony_ci{ 571cb0ef41Sopenharmony_ci return CT_POLICY_EVAL_CTX_new_ex(NULL, NULL); 581cb0ef41Sopenharmony_ci} 591cb0ef41Sopenharmony_ci 601cb0ef41Sopenharmony_civoid CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) 611cb0ef41Sopenharmony_ci{ 621cb0ef41Sopenharmony_ci if (ctx == NULL) 631cb0ef41Sopenharmony_ci return; 641cb0ef41Sopenharmony_ci X509_free(ctx->cert); 651cb0ef41Sopenharmony_ci X509_free(ctx->issuer); 661cb0ef41Sopenharmony_ci OPENSSL_free(ctx->propq); 671cb0ef41Sopenharmony_ci OPENSSL_free(ctx); 681cb0ef41Sopenharmony_ci} 691cb0ef41Sopenharmony_ci 701cb0ef41Sopenharmony_ciint CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) 711cb0ef41Sopenharmony_ci{ 721cb0ef41Sopenharmony_ci if (!X509_up_ref(cert)) 731cb0ef41Sopenharmony_ci return 0; 741cb0ef41Sopenharmony_ci ctx->cert = cert; 751cb0ef41Sopenharmony_ci return 1; 761cb0ef41Sopenharmony_ci} 771cb0ef41Sopenharmony_ci 781cb0ef41Sopenharmony_ciint CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) 791cb0ef41Sopenharmony_ci{ 801cb0ef41Sopenharmony_ci if (!X509_up_ref(issuer)) 811cb0ef41Sopenharmony_ci return 0; 821cb0ef41Sopenharmony_ci ctx->issuer = issuer; 831cb0ef41Sopenharmony_ci return 1; 841cb0ef41Sopenharmony_ci} 851cb0ef41Sopenharmony_ci 861cb0ef41Sopenharmony_civoid CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, 871cb0ef41Sopenharmony_ci CTLOG_STORE *log_store) 881cb0ef41Sopenharmony_ci{ 891cb0ef41Sopenharmony_ci ctx->log_store = log_store; 901cb0ef41Sopenharmony_ci} 911cb0ef41Sopenharmony_ci 921cb0ef41Sopenharmony_civoid CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) 931cb0ef41Sopenharmony_ci{ 941cb0ef41Sopenharmony_ci ctx->epoch_time_in_ms = time_in_ms; 951cb0ef41Sopenharmony_ci} 961cb0ef41Sopenharmony_ci 971cb0ef41Sopenharmony_ciX509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) 981cb0ef41Sopenharmony_ci{ 991cb0ef41Sopenharmony_ci return ctx->cert; 1001cb0ef41Sopenharmony_ci} 1011cb0ef41Sopenharmony_ci 1021cb0ef41Sopenharmony_ciX509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) 1031cb0ef41Sopenharmony_ci{ 1041cb0ef41Sopenharmony_ci return ctx->issuer; 1051cb0ef41Sopenharmony_ci} 1061cb0ef41Sopenharmony_ci 1071cb0ef41Sopenharmony_ciconst CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) 1081cb0ef41Sopenharmony_ci{ 1091cb0ef41Sopenharmony_ci return ctx->log_store; 1101cb0ef41Sopenharmony_ci} 1111cb0ef41Sopenharmony_ci 1121cb0ef41Sopenharmony_ciuint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) 1131cb0ef41Sopenharmony_ci{ 1141cb0ef41Sopenharmony_ci return ctx->epoch_time_in_ms; 1151cb0ef41Sopenharmony_ci} 116