Add x509parse_time_future()
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 6dabf37..9cc757b 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -669,16 +669,27 @@
/**
* \brief Check a given x509_time against the system time and check
- * if it is valid.
+ * if it is not expired.
*
* \param time x509_time to check
*
- * \return Return 0 if the x509_time is still valid,
+ * \return 0 if the x509_time is still valid,
* or 1 otherwise.
*/
int x509parse_time_expired( const x509_time *time );
/**
+ * \brief Check a given x509_time against the system time and check
+ * if it is not from the future.
+ *
+ * \param time x509_time to check
+ *
+ * \return 0 if the x509_time is already valid,
+ * or 1 otherwise.
+ */
+int x509parse_time_future( const x509_time *time );
+
+/**
* \name Functions to verify a certificate
* \{
*/
diff --git a/library/x509parse.c b/library/x509parse.c
index d3174c3..8de0d98 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3078,22 +3078,19 @@
/*
* Return 0 if the x509_time is still valid, or 1 otherwise.
*/
-int x509parse_time_expired( const x509_time *to )
+static void x509_get_current_time( x509_time *now )
{
- int year, mon, day;
- int hour, min, sec;
-
#if defined(_WIN32)
SYSTEMTIME st;
GetLocalTime(&st);
- year = st.wYear;
- mon = st.wMonth;
- day = st.wDay;
- hour = st.wHour;
- min = st.wMinute;
- sec = st.wSecond;
+ now->year = st.wYear;
+ now->mon = st.wMonth;
+ now->day = st.wDay;
+ now->hour = st.wHour;
+ now->min = st.wMinute;
+ now->sec = st.wSecond;
#else
struct tm *lt;
time_t tt;
@@ -3101,50 +3098,74 @@
tt = time( NULL );
lt = localtime( &tt );
- year = lt->tm_year + 1900;
- mon = lt->tm_mon + 1;
- day = lt->tm_mday;
- hour = lt->tm_hour;
- min = lt->tm_min;
- sec = lt->tm_sec;
+ now->year = lt->tm_year + 1900;
+ now->mon = lt->tm_mon + 1;
+ now->day = lt->tm_mday;
+ now->hour = lt->tm_hour;
+ now->min = lt->tm_min;
+ now->sec = lt->tm_sec;
#endif
+}
- if( year > to->year )
+/*
+ * Return 0 if before <= after, 1 otherwise
+ */
+static int x509_check_time( const x509_time *before, const x509_time *after )
+{
+ if( before->year > after->year )
return( 1 );
- if( year == to->year &&
- mon > to->mon )
+ if( before->year == after->year &&
+ before->mon > after->mon )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day > to->day )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day > after->day )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour > to->hour )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day == after->day &&
+ before->hour > after->hour )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour == to->hour &&
- min > to->min )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day == after->day &&
+ before->hour == after->hour &&
+ before->min > after->min )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour == to->hour &&
- min == to->min &&
- sec > to->sec )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day == after->day &&
+ before->hour == after->hour &&
+ before->min == after->min &&
+ before->sec > after->sec )
return( 1 );
return( 0 );
}
+int x509parse_time_expired( const x509_time *to )
+{
+ x509_time now;
+
+ x509_get_current_time( &now );
+
+ return( x509_check_time( &now, to ) );
+}
+
+int x509parse_time_future( const x509_time *from )
+{
+ x509_time now;
+
+ x509_get_current_time( &now );
+
+ return( x509_check_time( from, &now ) );
+}
+
/*
* Return 1 if the certificate is revoked, or 0 otherwise.
*/
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 1b87f8d..22f6355 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -226,6 +226,14 @@
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_time_expired:"data_files/test-ca.crt":valid_to:0
+X509 Time Future #1
+depends_on:POLARSSL_FS_IO
+x509_time_future:"data_files/server2.crt":valid_from:0
+
+X509 Time Future #2
+depends_on:POLARSSL_FS_IO
+x509_time_future:"data_files/server2.crt":valid_to:1
+
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 26f5c4c..637d13c 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -137,6 +137,20 @@
END_CASE
BEGIN_CASE
+x509_time_future:crt_file:entity:result
+{
+ x509_cert crt;
+
+ memset( &crt, 0, sizeof( x509_cert ) );
+
+ TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
+ TEST_ASSERT( x509parse_time_future( &crt.{entity} ) == {result} );
+
+ x509_free( &crt );
+}
+END_CASE
+
+BEGIN_CASE
x509parse_keyfile:key_file:password:result
{
rsa_context rsa;