source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/ct/ct_policy.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 2.4 KB
Line 
1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifdef OPENSSL_NO_CT
11# error "CT is disabled"
12#endif
13
14#include <openssl/ct.h>
15#include <openssl/err.h>
16#include <time.h>
17
18#include "ct_locl.h"
19
20/*
21 * Number of seconds in the future that an SCT timestamp can be, by default,
22 * without being considered invalid. This is added to time() when setting a
23 * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
24 * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
25 */
26static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
27
28CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
29{
30 CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
31
32 if (ctx == NULL) {
33 CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
34 return NULL;
35 }
36
37 /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
38 ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
39 1000;
40
41 return ctx;
42}
43
44void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
45{
46 if (ctx == NULL)
47 return;
48 X509_free(ctx->cert);
49 X509_free(ctx->issuer);
50 OPENSSL_free(ctx);
51}
52
53int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
54{
55 if (!X509_up_ref(cert))
56 return 0;
57 ctx->cert = cert;
58 return 1;
59}
60
61int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
62{
63 if (!X509_up_ref(issuer))
64 return 0;
65 ctx->issuer = issuer;
66 return 1;
67}
68
69void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
70 CTLOG_STORE *log_store)
71{
72 ctx->log_store = log_store;
73}
74
75void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
76{
77 ctx->epoch_time_in_ms = time_in_ms;
78}
79
80X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
81{
82 return ctx->cert;
83}
84
85X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
86{
87 return ctx->issuer;
88}
89
90const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
91{
92 return ctx->log_store;
93}
94
95uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
96{
97 return ctx->epoch_time_in_ms;
98}
Note: See TracBrowser for help on using the repository browser.