Skip to content

GitLab

Commit 6304f786 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Add x509_time_future()

parent 29dcc0b9
Hide whitespace changes
Inline Side-by-side
Showing with 150 additions and 40 deletions
include/polarssl/x509.h
View file @ 6304f786
......@@ -230,15 +230,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/**
* \brief Check a given x509_time against the system time and check
* if it is valid.
* if it is not expired.
*
* \param time x509_time to check
*
* \return Return 0 if the x509_time is still valid,
* or 1 otherwise.
* \return 0 if the x509_time is still valid,
* 1 otherwise.
*/
int x509_time_expired( const x509_time *time );
/**
* \brief Check a given x509_time against the system time and check
* if it is not from the future.
*
* \param time x509_time to check
*
* \return 0 if the x509_time is already valid,
* 1 otherwise.
*/
int x509_time_future( const x509_time *time );
/**
* \brief Checkup routine
*
......
library/x509.c
View file @ 6304f786
......@@ -621,22 +621,20 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
* Return 0 if the x509_time is still valid, or 1 otherwise.
*/
#if defined(POLARSSL_HAVE_TIME)
int x509_time_expired( const x509_time *to )
{
int year, mon, day;
int hour, min, sec;
static void x509_get_current_time( x509_time *now )
{
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
SYSTEMTIME st;
GetLocalTime(&st);
year = st.wYear;
mon = st.wMonth;
day = st.wDay;
hour = st.wHour;
min = st.wMinute;
sec = st.wSecond;
now->year = st.wYear;
now->mon = st.wMonth;
now->day = st.wDay;
now->hour = st.wHour;
now->min = st.wMinute;
now->sec = st.wSecond;
#else
struct tm *lt;
time_t tt;
......@@ -644,55 +642,87 @@ int x509_time_expired( const x509_time *to )
tt = time( NULL );
lt = localtime( &tt );
year = lt->tm_year + 1900;
mon = lt->tm_mon + 1;
day = lt->tm_mday;
hour = lt->tm_hour;
min = lt->tm_min;
sec = lt->tm_sec;
now->year = lt->tm_year + 1900;
now->mon = lt->tm_mon + 1;
now->day = lt->tm_mday;
now->hour = lt->tm_hour;
now->min = lt->tm_min;
now->sec = lt->tm_sec;
#endif
}
if( year > to->year )
/*
* Return 0 if before <= after, 1 otherwise
*/
static int x509_check_time( const x509_time *before, const x509_time *after )
{
if( before->year > after->year )
return( 1 );
if( year == to->year &&
mon > to->mon )
if( before->year == after->year &&
before->mon > after->mon )
return( 1 );
if( year == to->year &&
mon == to->mon &&
day > to->day )
if( before->year == after->year &&
before->mon == after->mon &&
before->day > after->day )
return( 1 );
if( year == to->year &&
mon == to->mon &&
day == to->day &&
hour > to->hour )
if( before->year == after->year &&
before->mon == after->mon &&
before->day == after->day &&
before->hour > after->hour )
return( 1 );
if( year == to->year &&
mon == to->mon &&
day == to->day &&
hour == to->hour &&
min > to->min )
if( before->year == after->year &&
before->mon == after->mon &&
before->day == after->day &&
before->hour == after->hour &&
before->min > after->min )
return( 1 );
if( year == to->year &&
mon == to->mon &&
day == to->day &&
hour == to->hour &&
min == to->min &&
sec > to->sec )
if( before->year == after->year &&
before->mon == after->mon &&
before->day == after->day &&
before->hour == after->hour &&
before->min == after->min &&
before->sec > after->sec )
return( 1 );
return( 0 );
}
int x509_time_expired( const x509_time *to )
{
x509_time now;
x509_get_current_time( &now );
return( x509_check_time( &now, to ) );
}
int x509_time_future( const x509_time *from )
{
x509_time now;
x509_get_current_time( &now );
return( x509_check_time( from, &now ) );
}
#else /* POLARSSL_HAVE_TIME */
int x509_time_expired( const x509_time *to )
{
((void) to);
return( 0 );
}
int x509_time_future( const x509_time *from )
{
((void) from);
return( 0 );
}
#endif /* POLARSSL_HAVE_TIME */
#if defined(POLARSSL_SELF_TEST)
......
tests/data_files/crl-future.pem 0 → 100644
View file @ 6304f786
-----BEGIN X509 CRL-----
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
+cE+lWxhCQ==
-----END X509 CRL-----
tests/data_files/server5-future.crt 0 → 100644
View file @ 6304f786
-----BEGIN CERTIFICATE-----
MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
uqgLb4na3i94x9urgbZZYfVK
-----END CERTIFICATE-----
tests/suites/test_suite_x509parse.data
View file @ 6304f786
......@@ -170,6 +170,30 @@ X509 Time Expired #6
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
X509 Time Future #1
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5.crt":"valid_from":0
X509 Time Future #2
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5.crt":"valid_to":1
X509 Time Future #3
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5-future.crt":"valid_from":1
X509 Time Future #4
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5-future.crt":"valid_to":1
X509 Time Future #5
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/test-ca2.crt":"valid_from":0
X509 Time Future #6
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/test-ca2.crt":"valid_to":1
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
......
tests/suites/test_suite_x509parse.function
View file @ 6304f786
......@@ -166,6 +166,26 @@ void x509_time_expired( char *crt_file, char *entity, int result )
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
void x509_time_future( char *crt_file, char *entity, int result )
{
x509_crt crt;
x509_crt_init( &crt );
TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result )
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment