Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554)
2025-02-17 14:32:04 +08:00 · 2016-09-12 16:57:38 +01:00 · 2016-09-12 16:57:38 +01:00 · e25233d99c
commit e25233d99c
parent 1871a5aa8a
2 changed files with 9 additions and 2 deletions
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@ -13,18 +13,25 @@

 #include <openssl/ct.h>
 #include <openssl/err.h>
+#include <time.h>

 #include "ct_locl.h"

 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
 {
    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+    time_t epoch_time_in_s;

    if (ctx == NULL) {
        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

+    // Use the current time if available.
+    time(&epoch_time_in_s);
+    if (epoch_time_in_s != -1)
+        ctx->epoch_time_in_ms = epoch_time_in_s * 1000;
+
    return ctx;
 }

--- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
@ -68,8 +68,8 @@ CT_POLICY_EVAL_CTX.

 The SCT timestamp will be compared to this time to check whether the SCT was
 issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
-timestamp is in the future". Typically, the time provided to this function will
-be the current time.
+timestamp is in the future". By default, this will be set to the
+current time (obtained by calling time()) if possible.

 The time should be in milliseconds since the Unix epoch.