Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
external
mbedtls
Commits
6304f786
Commit
6304f786
authored
Mar 10, 2014
by
Manuel Pégourié-Gonnard
Browse files
Add x509_time_future()
parent
29dcc0b9
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
150 additions
and
40 deletions
+150
-40
include/polarssl/x509.h
include/polarssl/x509.h
+14
-3
library/x509.c
library/x509.c
+67
-37
tests/data_files/crl-future.pem
tests/data_files/crl-future.pem
+11
-0
tests/data_files/server5-future.crt
tests/data_files/server5-future.crt
+14
-0
tests/suites/test_suite_x509parse.data
tests/suites/test_suite_x509parse.data
+24
-0
tests/suites/test_suite_x509parse.function
tests/suites/test_suite_x509parse.function
+20
-0
No files found.
include/polarssl/x509.h
View file @
6304f786
...
...
@@ -230,15 +230,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/**
* \brief Check a given x509_time against the system time and check
* if it is
vali
d.
* if it is
not expire
d.
*
* \param time x509_time to check
*
* \return
Return
0 if the x509_time is still valid,
*
or
1 otherwise.
* \return 0 if the x509_time is still valid,
* 1 otherwise.
*/
int
x509_time_expired
(
const
x509_time
*
time
);
/**
* \brief Check a given x509_time against the system time and check
* if it is not from the future.
*
* \param time x509_time to check
*
* \return 0 if the x509_time is already valid,
* 1 otherwise.
*/
int
x509_time_future
(
const
x509_time
*
time
);
/**
* \brief Checkup routine
*
...
...
library/x509.c
View file @
6304f786
...
...
@@ -621,22 +621,20 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
* Return 0 if the x509_time is still valid, or 1 otherwise.
*/
#if defined(POLARSSL_HAVE_TIME)
int
x509_time_expired
(
const
x509_time
*
to
)
{
int
year
,
mon
,
day
;
int
hour
,
min
,
sec
;
static
void
x509_get_current_time
(
x509_time
*
now
)
{
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
SYSTEMTIME
st
;
GetLocalTime
(
&
st
);
year
=
st
.
wYear
;
mon
=
st
.
wMonth
;
day
=
st
.
wDay
;
hour
=
st
.
wHour
;
min
=
st
.
wMinute
;
sec
=
st
.
wSecond
;
now
->
year
=
st
.
wYear
;
now
->
mon
=
st
.
wMonth
;
now
->
day
=
st
.
wDay
;
now
->
hour
=
st
.
wHour
;
now
->
min
=
st
.
wMinute
;
now
->
sec
=
st
.
wSecond
;
#else
struct
tm
*
lt
;
time_t
tt
;
...
...
@@ -644,55 +642,87 @@ int x509_time_expired( const x509_time *to )
tt
=
time
(
NULL
);
lt
=
localtime
(
&
tt
);
year
=
lt
->
tm_year
+
1900
;
mon
=
lt
->
tm_mon
+
1
;
day
=
lt
->
tm_mday
;
hour
=
lt
->
tm_hour
;
min
=
lt
->
tm_min
;
sec
=
lt
->
tm_sec
;
now
->
year
=
lt
->
tm_year
+
1900
;
now
->
mon
=
lt
->
tm_mon
+
1
;
now
->
day
=
lt
->
tm_mday
;
now
->
hour
=
lt
->
tm_hour
;
now
->
min
=
lt
->
tm_min
;
now
->
sec
=
lt
->
tm_sec
;
#endif
}
if
(
year
>
to
->
year
)
/*
* Return 0 if before <= after, 1 otherwise
*/
static
int
x509_check_time
(
const
x509_time
*
before
,
const
x509_time
*
after
)
{
if
(
before
->
year
>
after
->
year
)
return
(
1
);
if
(
year
==
to
->
year
&&
mon
>
to
->
mon
)
if
(
before
->
year
==
after
->
year
&&
before
->
mon
>
after
->
mon
)
return
(
1
);
if
(
year
==
to
->
year
&&
mon
==
to
->
mon
&&
day
>
to
->
day
)
if
(
before
->
year
==
after
->
year
&&
before
->
mon
==
after
->
mon
&&
before
->
day
>
after
->
day
)
return
(
1
);
if
(
year
==
to
->
year
&&
mon
==
to
->
mon
&&
day
==
to
->
day
&&
hour
>
to
->
hour
)
if
(
before
->
year
==
after
->
year
&&
before
->
mon
==
after
->
mon
&&
before
->
day
==
after
->
day
&&
before
->
hour
>
after
->
hour
)
return
(
1
);
if
(
year
==
to
->
year
&&
mon
==
to
->
mon
&&
day
==
to
->
day
&&
hour
==
to
->
hour
&&
min
>
to
->
min
)
if
(
before
->
year
==
after
->
year
&&
before
->
mon
==
after
->
mon
&&
before
->
day
==
after
->
day
&&
before
->
hour
==
after
->
hour
&&
before
->
min
>
after
->
min
)
return
(
1
);
if
(
year
==
to
->
year
&&
mon
==
to
->
mon
&&
day
==
to
->
day
&&
hour
==
to
->
hour
&&
min
==
to
->
min
&&
sec
>
to
->
sec
)
if
(
before
->
year
==
after
->
year
&&
before
->
mon
==
after
->
mon
&&
before
->
day
==
after
->
day
&&
before
->
hour
==
after
->
hour
&&
before
->
min
==
after
->
min
&&
before
->
sec
>
after
->
sec
)
return
(
1
);
return
(
0
);
}
int
x509_time_expired
(
const
x509_time
*
to
)
{
x509_time
now
;
x509_get_current_time
(
&
now
);
return
(
x509_check_time
(
&
now
,
to
)
);
}
int
x509_time_future
(
const
x509_time
*
from
)
{
x509_time
now
;
x509_get_current_time
(
&
now
);
return
(
x509_check_time
(
from
,
&
now
)
);
}
#else
/* POLARSSL_HAVE_TIME */
int
x509_time_expired
(
const
x509_time
*
to
)
{
((
void
)
to
);
return
(
0
);
}
int
x509_time_future
(
const
x509_time
*
from
)
{
((
void
)
from
);
return
(
0
);
}
#endif
/* POLARSSL_HAVE_TIME */
#if defined(POLARSSL_SELF_TEST)
...
...
tests/data_files/crl-future.pem
0 → 100644
View file @
6304f786
-----BEGIN X509 CRL-----
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
+cE+lWxhCQ==
-----END X509 CRL-----
tests/data_files/server5-future.crt
0 → 100644
View file @
6304f786
-----BEGIN CERTIFICATE-----
MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
uqgLb4na3i94x9urgbZZYfVK
-----END CERTIFICATE-----
tests/suites/test_suite_x509parse.data
View file @
6304f786
...
...
@@ -170,6 +170,30 @@ X509 Time Expired #6
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
X509 Time Future #1
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5.crt":"valid_from":0
X509 Time Future #2
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5.crt":"valid_to":1
X509 Time Future #3
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5-future.crt":"valid_from":1
X509 Time Future #4
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5-future.crt":"valid_to":1
X509 Time Future #5
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/test-ca2.crt":"valid_from":0
X509 Time Future #6
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/test-ca2.crt":"valid_to":1
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
...
...
tests/suites/test_suite_x509parse.function
View file @
6304f786
...
...
@@ -166,6 +166,26 @@ void x509_time_expired( char *crt_file, char *entity, int result )
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
void x509_time_future( char *crt_file, char *entity, int result )
{
x509_crt crt;
x509_crt_init( &crt );
TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result )
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment