Import Certificate Transparency verbatim from OpenSSL 1.1.1

This is not yet hooked up and will not compile. Follow on commits will KNF and then make it build. ok jsing@ tb@
author: beck <> 2021-10-28 11:21:03 +0000
committer: beck <> 2021-10-28 11:21:03 +0000
commit: 75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d (patch)
tree: 9ff551b95f548635aaa5da4f2fe4441215e48df4 /src/lib/libcrypto/ct/ct_policy.c
parent: ee22e7c226c205d772141de01defd5c3f92c36a6 (diff)
download: openbsd-75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d.tar.gz
openbsd-75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d.tar.bz2
openbsd-75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d.zip
1 files changed, 98 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ct/ct_policy.c b/src/lib/libcrypto/ct/ct_policy.c
new file mode 100644
index 0000000000..df66e8a494
--- /dev/null
+++ b/src/lib/libcrypto/ct/ct_policy.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <time.h>
+#include "ct_local.h"
+/*
+ * Number of seconds in the future that an SCT timestamp can be, by default,
+ * without being considered invalid. This is added to time() when setting a
+ * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
+ * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
+ */
+static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
+{
+    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+    if (ctx == NULL) {
+        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
+    ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
+            1000;
+    return ctx;
+}
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    X509_free(ctx->cert);
+    X509_free(ctx->issuer);
+    OPENSSL_free(ctx);
+}
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+{
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
+}
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+{
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
+}
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store)
+{
+    ctx->log_store = log_store;
+}
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
+{
+    ctx->epoch_time_in_ms = time_in_ms;
+}
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->cert;
+}
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->issuer;
+}
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->log_store;
+}
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->epoch_time_in_ms;
+}
author	beck <>	2021-10-28 11:21:03 +0000
committer	beck <>	2021-10-28 11:21:03 +0000
commit	75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d (patch)
tree	9ff551b95f548635aaa5da4f2fe4441215e48df4 /src/lib/libcrypto/ct/ct_policy.c
parent	ee22e7c226c205d772141de01defd5c3f92c36a6 (diff)
download	openbsd-75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d.tar.gz openbsd-75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d.tar.bz2 openbsd-75b3e83cc7ac4c558b39a6ff97eee42c60b08f3d.zip

diff --git a/src/lib/libcrypto/ct/ct_policy.c b/src/lib/libcrypto/ct/ct_policy.c new file mode 100644 index 0000000000..df66e8a494 --- /dev/null +++ b/src/lib/libcrypto/ct/ct_policy.c
@@ -0,0 +1,98 @@
	1	/*
	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#ifdef OPENSSL_NO_CT
	11	# error "CT is disabled"
	12	#endif
	13
	14	#include <openssl/ct.h>
	15	#include <openssl/err.h>
	16	#include <time.h>
	17
	18	#include "ct_local.h"
	19
	20	/*
	21	* Number of seconds in the future that an SCT timestamp can be, by default,
	22	* without being considered invalid. This is added to time() when setting a
	23	* default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
	24	* It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
	25	*/
	26	static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
	27
	28	CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
	29	{
	30	CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
	31
	32	if (ctx == NULL) {
	33	CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
	34	return NULL;
	35	}
	36
	37	/* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
	38	ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
	39	1000;
	40
	41	return ctx;
	42	}
	43
	44	void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
	45	{
	46	if (ctx == NULL)
	47	return;
	48	X509_free(ctx->cert);
	49	X509_free(ctx->issuer);
	50	OPENSSL_free(ctx);
	51	}
	52
	53	int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX ctx, X509 cert)
	54	{
	55	if (!X509_up_ref(cert))
	56	return 0;
	57	ctx->cert = cert;
	58	return 1;
	59	}
	60
	61	int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer)
	62	{
	63	if (!X509_up_ref(issuer))
	64	return 0;
	65	ctx->issuer = issuer;
	66	return 1;
	67	}
	68
	69	void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
	70	CTLOG_STORE *log_store)
	71	{
	72	ctx->log_store = log_store;
	73	}
	74
	75	void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
	76	{
	77	ctx->epoch_time_in_ms = time_in_ms;
	78	}
	79
	80	X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
	81	{
	82	return ctx->cert;
	83	}
	84
	85	X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
	86	{
	87	return ctx->issuer;
	88	}
	89
	90	const CTLOG_STORE CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX ctx)
	91	{
	92	return ctx->log_store;
	93	}
	94
	95	uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
	96	{
	97	return ctx->epoch_time_in_ms;
	98	}