12 #define TOR_X509_PRIVATE
14 #include "lib/tls/x509_internal.h"
21 tor_tls_pick_certificate_lifetime(time_t now,
22 unsigned int cert_lifetime,
23 time_t *start_time_out,
27 time_t start_time, end_time;
36 const time_t min_real_lifetime = 24*3600;
37 const time_t start_granularity = 24*3600;
38 time_t earliest_start_time;
40 if ((
int)cert_lifetime <= min_real_lifetime + start_granularity) {
41 earliest_start_time = now - 1;
43 earliest_start_time = now + min_real_lifetime + start_granularity
48 start_time -= start_time % start_granularity;
50 end_time = start_time + cert_lifetime;
52 *start_time_out = start_time;
53 *end_time_out = end_time;
61 if (cert->pkey_digests_set)
62 return &cert->pkey_digests;
71 return &cert->cert_digests;
80 tor_x509_cert_impl_free(cert->cert);
84 memwipe(cert, 0x03,
sizeof(*cert));
96 tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert))
98 tor_x509_cert_t *cert;
103 cert = tor_malloc_zero(
sizeof(tor_x509_cert_t));
104 cert->cert = x509_cert;
110 const uint8_t *encoded=NULL;
111 size_t encoded_len=0;
121 log_warn(
LD_CRYPTO,
"unable to compute digests of certificate key");
126 cert->pkey_digests_set = 1;
132 log_err(
LD_CRYPTO,
"Couldn't wrap encoded X509 certificate.");
133 tor_x509_cert_free(cert);
143 return tor_x509_cert_new(tor_x509_cert_impl_dup_(cert->cert));
int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
Common functions for using (pseudo-)random number generators.
time_t crypto_rand_time_range(time_t min, time_t max)
int crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
#define MOCK_IMPL(rv, funcname, arglist)
Macros to manage assertions, fatal and non-fatal.
tor_x509_cert_t * tor_x509_cert_dup(const tor_x509_cert_t *cert)
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out)
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
void tor_x509_cert_free_(tor_x509_cert_t *cert)
int tor_x509_cert_set_cached_der_encoding(tor_x509_cert_t *cert)