mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 08:11:04 +00:00
Add x509parse_time_future()
This commit is contained in:
parent
963918b88f
commit
0d844dd650
|
@ -669,15 +669,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Check a given x509_time against the system time and check
|
* \brief Check a given x509_time against the system time and check
|
||||||
* if it is valid.
|
* if it is not expired.
|
||||||
*
|
*
|
||||||
* \param time x509_time to check
|
* \param time x509_time to check
|
||||||
*
|
*
|
||||||
* \return Return 0 if the x509_time is still valid,
|
* \return 0 if the x509_time is still valid,
|
||||||
* or 1 otherwise.
|
* or 1 otherwise.
|
||||||
*/
|
*/
|
||||||
int x509parse_time_expired( const x509_time *time );
|
int x509parse_time_expired( const x509_time *time );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Check a given x509_time against the system time and check
|
||||||
|
* if it is not from the future.
|
||||||
|
*
|
||||||
|
* \param time x509_time to check
|
||||||
|
*
|
||||||
|
* \return 0 if the x509_time is already valid,
|
||||||
|
* or 1 otherwise.
|
||||||
|
*/
|
||||||
|
int x509parse_time_future( const x509_time *time );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \name Functions to verify a certificate
|
* \name Functions to verify a certificate
|
||||||
* \{
|
* \{
|
||||||
|
|
|
@ -3078,22 +3078,19 @@ int x509parse_crl_info( char *buf, size_t size, const char *prefix,
|
||||||
/*
|
/*
|
||||||
* Return 0 if the x509_time is still valid, or 1 otherwise.
|
* Return 0 if the x509_time is still valid, or 1 otherwise.
|
||||||
*/
|
*/
|
||||||
int x509parse_time_expired( const x509_time *to )
|
static void x509_get_current_time( x509_time *now )
|
||||||
{
|
{
|
||||||
int year, mon, day;
|
|
||||||
int hour, min, sec;
|
|
||||||
|
|
||||||
#if defined(_WIN32)
|
#if defined(_WIN32)
|
||||||
SYSTEMTIME st;
|
SYSTEMTIME st;
|
||||||
|
|
||||||
GetLocalTime(&st);
|
GetLocalTime(&st);
|
||||||
|
|
||||||
year = st.wYear;
|
now->year = st.wYear;
|
||||||
mon = st.wMonth;
|
now->mon = st.wMonth;
|
||||||
day = st.wDay;
|
now->day = st.wDay;
|
||||||
hour = st.wHour;
|
now->hour = st.wHour;
|
||||||
min = st.wMinute;
|
now->min = st.wMinute;
|
||||||
sec = st.wSecond;
|
now->sec = st.wSecond;
|
||||||
#else
|
#else
|
||||||
struct tm *lt;
|
struct tm *lt;
|
||||||
time_t tt;
|
time_t tt;
|
||||||
|
@ -3101,50 +3098,74 @@ int x509parse_time_expired( const x509_time *to )
|
||||||
tt = time( NULL );
|
tt = time( NULL );
|
||||||
lt = localtime( &tt );
|
lt = localtime( &tt );
|
||||||
|
|
||||||
year = lt->tm_year + 1900;
|
now->year = lt->tm_year + 1900;
|
||||||
mon = lt->tm_mon + 1;
|
now->mon = lt->tm_mon + 1;
|
||||||
day = lt->tm_mday;
|
now->day = lt->tm_mday;
|
||||||
hour = lt->tm_hour;
|
now->hour = lt->tm_hour;
|
||||||
min = lt->tm_min;
|
now->min = lt->tm_min;
|
||||||
sec = lt->tm_sec;
|
now->sec = lt->tm_sec;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
if( year > to->year )
|
/*
|
||||||
|
* Return 0 if before <= after, 1 otherwise
|
||||||
|
*/
|
||||||
|
static int x509_check_time( const x509_time *before, const x509_time *after )
|
||||||
|
{
|
||||||
|
if( before->year > after->year )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon > to->mon )
|
before->mon > after->mon )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day > to->day )
|
before->day > after->day )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day == to->day &&
|
before->day == after->day &&
|
||||||
hour > to->hour )
|
before->hour > after->hour )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day == to->day &&
|
before->day == after->day &&
|
||||||
hour == to->hour &&
|
before->hour == after->hour &&
|
||||||
min > to->min )
|
before->min > after->min )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
if( year == to->year &&
|
if( before->year == after->year &&
|
||||||
mon == to->mon &&
|
before->mon == after->mon &&
|
||||||
day == to->day &&
|
before->day == after->day &&
|
||||||
hour == to->hour &&
|
before->hour == after->hour &&
|
||||||
min == to->min &&
|
before->min == after->min &&
|
||||||
sec > to->sec )
|
before->sec > after->sec )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int x509parse_time_expired( const x509_time *to )
|
||||||
|
{
|
||||||
|
x509_time now;
|
||||||
|
|
||||||
|
x509_get_current_time( &now );
|
||||||
|
|
||||||
|
return( x509_check_time( &now, to ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
int x509parse_time_future( const x509_time *from )
|
||||||
|
{
|
||||||
|
x509_time now;
|
||||||
|
|
||||||
|
x509_get_current_time( &now );
|
||||||
|
|
||||||
|
return( x509_check_time( from, &now ) );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return 1 if the certificate is revoked, or 0 otherwise.
|
* Return 1 if the certificate is revoked, or 0 otherwise.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -226,6 +226,14 @@ X509 Time Expired #6:POLARSSL_FS_IO
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509_time_expired:"data_files/test-ca.crt":valid_to:0
|
x509_time_expired:"data_files/test-ca.crt":valid_to:0
|
||||||
|
|
||||||
|
X509 Time Future #1
|
||||||
|
depends_on:POLARSSL_FS_IO
|
||||||
|
x509_time_future:"data_files/server2.crt":valid_from:0
|
||||||
|
|
||||||
|
X509 Time Future #2
|
||||||
|
depends_on:POLARSSL_FS_IO
|
||||||
|
x509_time_future:"data_files/server2.crt":valid_to:1
|
||||||
|
|
||||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
||||||
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
||||||
|
|
|
@ -136,6 +136,20 @@ x509_time_expired:crt_file:entity:result
|
||||||
}
|
}
|
||||||
END_CASE
|
END_CASE
|
||||||
|
|
||||||
|
BEGIN_CASE
|
||||||
|
x509_time_future:crt_file:entity:result
|
||||||
|
{
|
||||||
|
x509_cert crt;
|
||||||
|
|
||||||
|
memset( &crt, 0, sizeof( x509_cert ) );
|
||||||
|
|
||||||
|
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||||
|
TEST_ASSERT( x509parse_time_future( &crt.{entity} ) == {result} );
|
||||||
|
|
||||||
|
x509_free( &crt );
|
||||||
|
}
|
||||||
|
END_CASE
|
||||||
|
|
||||||
BEGIN_CASE
|
BEGIN_CASE
|
||||||
x509parse_keyfile:key_file:password:result
|
x509parse_keyfile:key_file:password:result
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue