yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 01:55:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add x509parse_time_future()

Browse source
This commit is contained in:
Paul Bakker 2014-07-07 17:44:14 +02:00
parent 963918b88f
commit 0d844dd650
4 changed files with 93 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
include/polarssl/x509.h
View file

@ -669,15 +669,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/** /**
* \brief Check a given x509_time against the system time and check * \brief Check a given x509_time against the system time and check
* if it is valid. * if it is not expired.
* *
* \param time x509_time to check * \param time x509_time to check
* *
* \return Return 0 if the x509_time is still valid, * \return 0 if the x509_time is still valid,
* or 1 otherwise. * or 1 otherwise.
*/ */
int x509parse_time_expired( const x509_time *time ); int x509parse_time_expired( const x509_time *time );
/**
* \brief Check a given x509_time against the system time and check
* if it is not from the future.
*
* \param time x509_time to check
*
* \return 0 if the x509_time is already valid,
* or 1 otherwise.
*/
int x509parse_time_future( const x509_time *time );
/** /**
* \name Functions to verify a certificate * \name Functions to verify a certificate
* \{ * \{

95
library/x509parse.c
View file

@ -3078,22 +3078,19 @@ int x509parse_crl_info( char *buf, size_t size, const char *prefix,
/* /*
* Return 0 if the x509_time is still valid, or 1 otherwise. * Return 0 if the x509_time is still valid, or 1 otherwise.
*/ */
int x509parse_time_expired( const x509_time *to ) static void x509_get_current_time( x509_time *now )
{ {
int year, mon, day;
int hour, min, sec;
#if defined(_WIN32) #if defined(_WIN32)
SYSTEMTIME st; SYSTEMTIME st;
GetLocalTime(&st); GetLocalTime(&st);
year = st.wYear; now->year = st.wYear;
mon = st.wMonth; now->mon = st.wMonth;
day = st.wDay; now->day = st.wDay;
hour = st.wHour; now->hour = st.wHour;
min = st.wMinute; now->min = st.wMinute;
sec = st.wSecond; now->sec = st.wSecond;
#else #else
struct tm *lt; struct tm *lt;
time_t tt; time_t tt;
@ -3101,50 +3098,74 @@ int x509parse_time_expired( const x509_time *to )
tt = time( NULL ); tt = time( NULL );
lt = localtime( &tt ); lt = localtime( &tt );
year = lt->tm_year + 1900; now->year = lt->tm_year + 1900;
mon = lt->tm_mon + 1; now->mon = lt->tm_mon + 1;
day = lt->tm_mday; now->day = lt->tm_mday;
hour = lt->tm_hour; now->hour = lt->tm_hour;
min = lt->tm_min; now->min = lt->tm_min;
sec = lt->tm_sec; now->sec = lt->tm_sec;
#endif #endif
}
if( year > to->year ) /*
* Return 0 if before <= after, 1 otherwise
*/
static int x509_check_time( const x509_time *before, const x509_time *after )
{
if( before->year > after->year )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon > to->mon ) before->mon > after->mon )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day > to->day ) before->day > after->day )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day == to->day && before->day == after->day &&
hour > to->hour ) before->hour > after->hour )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day == to->day && before->day == after->day &&
hour == to->hour && before->hour == after->hour &&
min > to->min ) before->min > after->min )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day == to->day && before->day == after->day &&
hour == to->hour && before->hour == after->hour &&
min == to->min && before->min == after->min &&
sec > to->sec ) before->sec > after->sec )
return( 1 ); return( 1 );
return( 0 ); return( 0 );
} }
int x509parse_time_expired( const x509_time *to )
{
x509_time now;
x509_get_current_time( &now );
return( x509_check_time( &now, to ) );
}
int x509parse_time_future( const x509_time *from )
{
x509_time now;
x509_get_current_time( &now );
return( x509_check_time( from, &now ) );
}
/* /*
* Return 1 if the certificate is revoked, or 0 otherwise. * Return 1 if the certificate is revoked, or 0 otherwise.
*/ */

8
tests/suites/test_suite_x509parse.data
View file

@ -226,6 +226,14 @@ X509 Time Expired #6:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_time_expired:"data_files/test-ca.crt":valid_to:0 x509_time_expired:"data_files/test-ca.crt":valid_to:0
X509 Time Future #1
depends_on:POLARSSL_FS_IO
x509_time_future:"data_files/server2.crt":valid_from:0
X509 Time Future #2
depends_on:POLARSSL_FS_IO
x509_time_future:"data_files/server2.crt":valid_to:1
X509 Certificate verification #1 (Revoked Cert, Expired CRL) X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL

14
tests/suites/test_suite_x509parse.function
View file

@ -136,6 +136,20 @@ x509_time_expired:crt_file:entity:result
} }
END_CASE END_CASE
BEGIN_CASE
x509_time_future:crt_file:entity:result
{
x509_cert crt;
memset( &crt, 0, sizeof( x509_cert ) );
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
TEST_ASSERT( x509parse_time_future( &crt.{entity} ) == {result} );
x509_free( &crt );
}
END_CASE
BEGIN_CASE BEGIN_CASE
x509parse_keyfile:key_file:password:result x509parse_keyfile:key_file:password:result
{ {