Add x509_time_future()
This commit is contained in:
parent
29dcc0b93c
commit
6304f786e0
@ -230,15 +230,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Check a given x509_time against the system time and check
|
* \brief Check a given x509_time against the system time and check
|
||||||
* if it is valid.
|
* if it is not expired.
|
||||||
*
|
*
|
||||||
* \param time x509_time to check
|
* \param time x509_time to check
|
||||||
*
|
*
|
||||||
* \return Return 0 if the x509_time is still valid,
|
* \return 0 if the x509_time is still valid,
|
||||||
* or 1 otherwise.
|
* 1 otherwise.
|
||||||
*/
|
*/
|
||||||
int x509_time_expired( const x509_time *time );
|
int x509_time_expired( const x509_time *time );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Check a given x509_time against the system time and check
|
||||||
|
* if it is not from the future.
|
||||||
|
*
|
||||||
|
* \param time x509_time to check
|
||||||
|
*
|
||||||
|
* \return 0 if the x509_time is already valid,
|
||||||
|
* 1 otherwise.
|
||||||
|
*/
|
||||||
|
int x509_time_future( const x509_time *time );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Checkup routine
|
* \brief Checkup routine
|
||||||
*
|
*
|
||||||
|
104
library/x509.c
104
library/x509.c
@ -621,22 +621,20 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
|
|||||||
* Return 0 if the x509_time is still valid, or 1 otherwise.
|
* Return 0 if the x509_time is still valid, or 1 otherwise.
|
||||||
*/
|
*/
|
||||||
#if defined(POLARSSL_HAVE_TIME)
|
#if defined(POLARSSL_HAVE_TIME)
|
||||||
int x509_time_expired( const x509_time *to )
|
|
||||||
{
|
|
||||||
int year, mon, day;
|
|
||||||
int hour, min, sec;
|
|
||||||
|
|
||||||
|
static void x509_get_current_time( x509_time *now )
|
||||||
|
{
|
||||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||||
SYSTEMTIME st;
|
SYSTEMTIME st;
|
||||||
|
|
||||||
GetLocalTime(&st);
|
GetLocalTime(&st);
|
||||||
|
|
||||||
year = st.wYear;
|
now->year = st.wYear;
|
||||||
mon = st.wMonth;
|
now->mon = st.wMonth;
|
||||||
day = st.wDay;
|
now->day = st.wDay;
|
||||||
hour = st.wHour;
|
now->hour = st.wHour;
|
||||||
min = st.wMinute;
|
now->min = st.wMinute;
|
||||||
sec = st.wSecond;
|
now->sec = st.wSecond;
|
||||||
#else
|
#else
|
||||||
struct tm *lt;
|
struct tm *lt;
|
||||||
time_t tt;
|
time_t tt;
|
||||||
@ -644,55 +642,87 @@ int x509_time_expired( const x509_time *to )
|
|||||||
tt = time( NULL );
|
tt = time( NULL );
|
||||||
lt = localtime( &tt );
|
lt = localtime( &tt );
|
||||||
|
|
||||||
year = lt->tm_year + 1900;
|
now->year = lt->tm_year + 1900;
|
||||||
mon = lt->tm_mon + 1;
|
now->mon = lt->tm_mon + 1;
|
||||||
day = lt->tm_mday;
|
now->day = lt->tm_mday;
|
||||||
hour = lt->tm_hour;
|
now->hour = lt->tm_hour;
|
||||||
min = lt->tm_min;
|
now->min = lt->tm_min;
|
||||||
sec = lt->tm_sec;
|
now->sec = lt->tm_sec;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
if( year > to->year )
|
/*
|
||||||
|
* Return 0 if before <= after, 1 otherwise
|
||||||
|
*/
|
||||||
|
static int x509_check_time( const x509_time *before, const x509_time *after )
|
||||||
|
{
|
||||||
|
if( before->year > after->year )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon > to->mon )
|
before->mon > after->mon )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day > to->day )
|
before->day > after->day )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day == to->day &&
|
before->day == after->day &&
|
||||||
hour > to->hour )
|
before->hour > after->hour )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day == to->day &&
|
before->day == after->day &&
|
||||||
hour == to->hour &&
|
before->hour == after->hour &&
|
||||||
min > to->min )
|
before->min > after->min )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day == to->day &&
|
before->day == after->day &&
|
||||||
hour == to->hour &&
|
before->hour == after->hour &&
|
||||||
min == to->min &&
|
before->min == after->min &&
|
||||||
sec > to->sec )
|
before->sec > after->sec )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int x509_time_expired( const x509_time *to )
|
||||||
|
{
|
||||||
|
x509_time now;
|
||||||
|
|
||||||
|
x509_get_current_time( &now );
|
||||||
|
|
||||||
|
return( x509_check_time( &now, to ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
int x509_time_future( const x509_time *from )
|
||||||
|
{
|
||||||
|
x509_time now;
|
||||||
|
|
||||||
|
x509_get_current_time( &now );
|
||||||
|
|
||||||
|
return( x509_check_time( from, &now ) );
|
||||||
|
}
|
||||||
|
|
||||||
#else /* POLARSSL_HAVE_TIME */
|
#else /* POLARSSL_HAVE_TIME */
|
||||||
|
|
||||||
int x509_time_expired( const x509_time *to )
|
int x509_time_expired( const x509_time *to )
|
||||||
{
|
{
|
||||||
((void) to);
|
((void) to);
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int x509_time_future( const x509_time *from )
|
||||||
|
{
|
||||||
|
((void) from);
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
#endif /* POLARSSL_HAVE_TIME */
|
#endif /* POLARSSL_HAVE_TIME */
|
||||||
|
|
||||||
#if defined(POLARSSL_SELF_TEST)
|
#if defined(POLARSSL_SELF_TEST)
|
||||||
|
11
tests/data_files/crl-future.pem
Normal file
11
tests/data_files/crl-future.pem
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN X509 CRL-----
|
||||||
|
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||||
|
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
|
||||||
|
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
|
||||||
|
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
|
||||||
|
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
|
||||||
|
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
|
||||||
|
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
|
||||||
|
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
|
||||||
|
+cE+lWxhCQ==
|
||||||
|
-----END X509 CRL-----
|
14
tests/data_files/server5-future.crt
Normal file
14
tests/data_files/server5-future.crt
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
|
||||||
|
MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
|
||||||
|
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
|
||||||
|
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
|
||||||
|
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
|
||||||
|
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
|
||||||
|
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
|
||||||
|
CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
|
||||||
|
TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
|
||||||
|
uqgLb4na3i94x9urgbZZYfVK
|
||||||
|
-----END CERTIFICATE-----
|
@ -170,6 +170,30 @@ X509 Time Expired #6
|
|||||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
|
||||||
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
|
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
|
||||||
|
|
||||||
|
X509 Time Future #1
|
||||||
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
x509_time_future:"data_files/server5.crt":"valid_from":0
|
||||||
|
|
||||||
|
X509 Time Future #2
|
||||||
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
x509_time_future:"data_files/server5.crt":"valid_to":1
|
||||||
|
|
||||||
|
X509 Time Future #3
|
||||||
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
x509_time_future:"data_files/server5-future.crt":"valid_from":1
|
||||||
|
|
||||||
|
X509 Time Future #4
|
||||||
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
x509_time_future:"data_files/server5-future.crt":"valid_to":1
|
||||||
|
|
||||||
|
X509 Time Future #5
|
||||||
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
x509_time_future:"data_files/test-ca2.crt":"valid_from":0
|
||||||
|
|
||||||
|
X509 Time Future #6
|
||||||
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||||
|
x509_time_future:"data_files/test-ca2.crt":"valid_to":1
|
||||||
|
|
||||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
||||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
|
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
|
||||||
|
@ -166,6 +166,26 @@ void x509_time_expired( char *crt_file, char *entity, int result )
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
|
||||||
|
void x509_time_future( char *crt_file, char *entity, int result )
|
||||||
|
{
|
||||||
|
x509_crt crt;
|
||||||
|
|
||||||
|
x509_crt_init( &crt );
|
||||||
|
|
||||||
|
TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||||
|
|
||||||
|
if( strcmp( entity, "valid_from" ) == 0 )
|
||||||
|
TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
|
||||||
|
else if( strcmp( entity, "valid_to" ) == 0 )
|
||||||
|
TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
|
||||||
|
else
|
||||||
|
TEST_ASSERT( "Unknown entity" == 0 );
|
||||||
|
|
||||||
|
x509_crt_free( &crt );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
|
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
|
||||||
void x509parse_crt( char *crt_data, char *result_str, int result )
|
void x509parse_crt( char *crt_data, char *result_str, int result )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user