Add x509_time_future()
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index a456537..1520a7c 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -230,16 +230,27 @@
/**
* \brief Check a given x509_time against the system time and check
- * if it is valid.
+ * if it is not expired.
*
* \param time x509_time to check
*
- * \return Return 0 if the x509_time is still valid,
- * or 1 otherwise.
+ * \return 0 if the x509_time is still valid,
+ * 1 otherwise.
*/
int x509_time_expired( const x509_time *time );
/**
+ * \brief Check a given x509_time against the system time and check
+ * if it is not from the future.
+ *
+ * \param time x509_time to check
+ *
+ * \return 0 if the x509_time is already valid,
+ * 1 otherwise.
+ */
+int x509_time_future( const x509_time *time );
+
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/library/x509.c b/library/x509.c
index e042347..9c3b0f4 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -621,22 +621,20 @@
* Return 0 if the x509_time is still valid, or 1 otherwise.
*/
#if defined(POLARSSL_HAVE_TIME)
-int x509_time_expired( const x509_time *to )
-{
- int year, mon, day;
- int hour, min, sec;
+static void x509_get_current_time( x509_time *now )
+{
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
SYSTEMTIME st;
GetLocalTime(&st);
- year = st.wYear;
- mon = st.wMonth;
- day = st.wDay;
- hour = st.wHour;
- min = st.wMinute;
- sec = st.wSecond;
+ now->year = st.wYear;
+ now->mon = st.wMonth;
+ now->day = st.wDay;
+ now->hour = st.wHour;
+ now->min = st.wMinute;
+ now->sec = st.wSecond;
#else
struct tm *lt;
time_t tt;
@@ -644,55 +642,87 @@
tt = time( NULL );
lt = localtime( &tt );
- year = lt->tm_year + 1900;
- mon = lt->tm_mon + 1;
- day = lt->tm_mday;
- hour = lt->tm_hour;
- min = lt->tm_min;
- sec = lt->tm_sec;
+ now->year = lt->tm_year + 1900;
+ now->mon = lt->tm_mon + 1;
+ now->day = lt->tm_mday;
+ now->hour = lt->tm_hour;
+ now->min = lt->tm_min;
+ now->sec = lt->tm_sec;
#endif
+}
- if( year > to->year )
+/*
+ * Return 0 if before <= after, 1 otherwise
+ */
+static int x509_check_time( const x509_time *before, const x509_time *after )
+{
+ if( before->year > after->year )
return( 1 );
- if( year == to->year &&
- mon > to->mon )
+ if( before->year == after->year &&
+ before->mon > after->mon )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day > to->day )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day > after->day )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour > to->hour )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day == after->day &&
+ before->hour > after->hour )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour == to->hour &&
- min > to->min )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day == after->day &&
+ before->hour == after->hour &&
+ before->min > after->min )
return( 1 );
- if( year == to->year &&
- mon == to->mon &&
- day == to->day &&
- hour == to->hour &&
- min == to->min &&
- sec > to->sec )
+ if( before->year == after->year &&
+ before->mon == after->mon &&
+ before->day == after->day &&
+ before->hour == after->hour &&
+ before->min == after->min &&
+ before->sec > after->sec )
return( 1 );
return( 0 );
}
+
+int x509_time_expired( const x509_time *to )
+{
+ x509_time now;
+
+ x509_get_current_time( &now );
+
+ return( x509_check_time( &now, to ) );
+}
+
+int x509_time_future( const x509_time *from )
+{
+ x509_time now;
+
+ x509_get_current_time( &now );
+
+ return( x509_check_time( from, &now ) );
+}
+
#else /* POLARSSL_HAVE_TIME */
+
int x509_time_expired( const x509_time *to )
{
((void) to);
return( 0 );
}
+
+int x509_time_future( const x509_time *from )
+{
+ ((void) from);
+ return( 0 );
+}
#endif /* POLARSSL_HAVE_TIME */
#if defined(POLARSSL_SELF_TEST)
diff --git a/tests/data_files/crl-future.pem b/tests/data_files/crl-future.pem
new file mode 100644
index 0000000..1938219
--- /dev/null
+++ b/tests/data_files/crl-future.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
+MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
+DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
++zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
+BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
+MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
+or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
++cE+lWxhCQ==
+-----END X509 CRL-----
diff --git a/tests/data_files/server5-future.crt b/tests/data_files/server5-future.crt
new file mode 100644
index 0000000..969c84b
--- /dev/null
+++ b/tests/data_files/server5-future.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
+TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
+uqgLb4na3i94x9urgbZZYfVK
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index f9a5366..166be68 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -170,6 +170,30 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
+X509 Time Future #1
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5.crt":"valid_from":0
+
+X509 Time Future #2
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5.crt":"valid_to":1
+
+X509 Time Future #3
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5-future.crt":"valid_from":1
+
+X509 Time Future #4
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5-future.crt":"valid_to":1
+
+X509 Time Future #5
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/test-ca2.crt":"valid_from":0
+
+X509 Time Future #6
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/test-ca2.crt":"valid_to":1
+
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index d992c1d..8638235 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -166,6 +166,26 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
+void x509_time_future( char *crt_file, char *entity, int result )
+{
+ x509_crt crt;
+
+ x509_crt_init( &crt );
+
+ TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ if( strcmp( entity, "valid_from" ) == 0 )
+ TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
+ else if( strcmp( entity, "valid_to" ) == 0 )
+ TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
+ else
+ TEST_ASSERT( "Unknown entity" == 0 );
+
+ x509_crt_free( &crt );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result )
{