diff options
author | Rob Percival <robpercival@google.com> | 2016-09-08 16:02:46 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-11-15 16:12:41 -0500 |
commit | 1fa9ffd934429f140edcfbaf76d2f32cc21e449b (patch) | |
tree | 6fb2ae2a0d3e11febb094acc8e3df03621000ab1 /crypto/ct/ct_locl.h | |
parent | 7b176a549ea374fc9b64c3fa7f0812239528b696 (diff) | |
download | openssl-1fa9ffd934429f140edcfbaf76d2f32cc21e449b.tar.gz |
Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
Diffstat (limited to 'crypto/ct/ct_locl.h')
-rw-r--r-- | crypto/ct/ct_locl.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h index 7adc4961b3..4b5e344191 100644 --- a/crypto/ct/ct_locl.h +++ b/crypto/ct/ct_locl.h @@ -98,6 +98,8 @@ struct sct_ctx_st { /* pre-certificate encoding */ unsigned char *preder; size_t prederlen; + /* milliseconds since epoch (to check that the SCT isn't from the future) */ + uint64_t epoch_time_in_ms; }; /* Context when evaluating whether a Certificate Transparency policy is met */ @@ -105,6 +107,8 @@ struct ct_policy_eval_ctx_st { X509 *cert; X509 *issuer; CTLOG_STORE *log_store; + /* milliseconds since epoch (to check that SCTs aren't from the future) */ + uint64_t epoch_time_in_ms; }; /* @@ -151,6 +155,14 @@ __owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); __owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); /* + * Sets the current time, in milliseconds since the Unix epoch. + * The timestamp of the SCT will be compared to this, to check that it was not + * issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose + * timestamp is in the future", so SCT verification will fail in this case. + */ +void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); + +/* * Verifies an SCT with the given context. * Returns 1 if the SCT verifies successfully; any other value indicates * failure. See EVP_DigestVerifyFinal() for the meaning of those values. |