From e7e89844d6341024fbf96a956adecd6a326b8114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Jun 2015 19:15:32 +0200 Subject: [PATCH] Fix and document corner-cases of time checking --- include/mbedtls/x509.h | 22 ++++++++++++++-------- library/x509.c | 4 ++-- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 59986d834..de184156e 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -238,24 +238,30 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ); int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ); /** - * \brief Check a given mbedtls_x509_time against the system time and check - * if it is not expired. + * \brief Check a given mbedtls_x509_time against the system time + * and tell if it's in the past. + * + * \note Intended usage is "if( is_past( valid_to ) ) ERROR". + * Hence the return value of 1 if on internal errors. * * \param time mbedtls_x509_time to check * - * \return 0 if the mbedtls_x509_time is still valid, - * 1 otherwise. + * \return 1 if the given time is in the past or an error occured, + * 0 otherwise. */ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); /** - * \brief Check a given mbedtls_x509_time against the system time and check - * if it is not from the future. + * \brief Check a given mbedtls_x509_time against the system time + * and tell if it's in the future. + * + * \note Intended usage is "if( is_future( valid_from ) ) ERROR". + * Hence the return value of 1 if on internal errors. * * \param time mbedtls_x509_time to check * - * \return 0 if the mbedtls_x509_time is already valid, - * 1 otherwise. + * \return 1 if the given time is in the future or an error occured, + * 0 otherwise. */ int mbedtls_x509_time_is_future( const mbedtls_x509_time *time ); diff --git a/library/x509.c b/library/x509.c index 4214ceede..2ba3f98bf 100644 --- a/library/x509.c +++ b/library/x509.c @@ -922,7 +922,7 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ) mbedtls_x509_time now; if( x509_get_current_time( &now ) != 0 ) - return( -1 ); + return( 1 ); return( x509_check_time( &now, to ) ); } @@ -932,7 +932,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) mbedtls_x509_time now; if( x509_get_current_time( &now ) != 0 ) - return( -1 ); + return( 1 ); return( x509_check_time( from, &now ) ); }