int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b) { int day, sec; if (!ASN1_TIME_diff(&day, &sec, b, a)) return -2; if (day > 0 || sec > 0) return 1; if (day < 0 || sec < 0) return -1; return 0; }
static int test_offset(int idx) { ASN1_TIME at; const TESTDATA *testdata = &tests[idx]; int ret = -2; int day, sec; at.data = (unsigned char*)testdata->data; at.length = strlen(testdata->data); at.type = testdata->type; if (!TEST_true(ASN1_TIME_diff(&day, &sec, &the_asn1_time, &at))) { TEST_info("ASN1_TIME_diff() failed for %s\n", at.data); return 0; } if (day > 0) ret = 1; else if (day < 0) ret = -1; else if (sec > 0) ret = 1; else if (sec < 0) ret = -1; else ret = 0; if (!TEST_int_eq(testdata->time_result, ret)) { TEST_info("ASN1_TIME_diff() test failed for %s day=%d sec=%d\n", at.data, day, sec); return 0; } if (at.type == V_ASN1_UTCTIME) ret = ASN1_UTCTIME_cmp_time_t(&at, the_time); else return 1; /* no other cmp_time_t() functions available, yet */ if (!TEST_int_eq(testdata->time_result, ret)) { TEST_info("ASN1_UTCTIME_cmp_time_t() test failed for %s\n", at.data); return 0; } return 1; }
static int _checkExpiration(T C, X509_STORE_CTX *ctx, X509 *certificate) { if (C->minimumValidDays) { // If we have warn-X-days-before-expire condition, check the certificate validity (already expired certificates are catched in preverify => we don't need to handle them here). int deltadays = 0; #ifdef HAVE_ASN1_TIME_DIFF int deltaseconds; if (! ASN1_TIME_diff(&deltadays, &deltaseconds, NULL, X509_get_notAfter(certificate))) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD); snprintf(C->error, sizeof(C->error), "invalid time format (in certificate's notAfter field)"); return 0; } #else ASN1_GENERALIZEDTIME *t = ASN1_TIME_to_generalizedtime(X509_get_notAfter(certificate), NULL); if (! t) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD); snprintf(C->error, sizeof(C->error), "invalid time format (in certificate's notAfter field)"); return 0; } TRY { deltadays = (double)(Time_toTimestamp((const char *)t->data) - Time_now()) / 86400.; } ELSE { X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD); snprintf(C->error, sizeof(C->error), "invalid time format (in certificate's notAfter field) -- %s", t->data); } FINALLY { ASN1_STRING_free(t); } END_TRY; #endif if (deltadays < C->minimumValidDays) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); snprintf(C->error, sizeof(C->error), "certificate expire in %d days matches check limit [valid > %d days]", deltadays, C->minimumValidDays); return 0; } }
static int test_table(struct testdata *tbl, int idx) { int error = 0; ASN1_TIME atime; ASN1_TIME *ptime; struct testdata *td = &tbl[idx]; int day, sec; atime.data = (unsigned char*)td->data; atime.length = strlen((char*)atime.data); atime.type = td->type; atime.flags = 0; if (!TEST_int_eq(ASN1_TIME_check(&atime), td->check_result)) { TEST_info("ASN1_TIME_check(%s) unexpected result", atime.data); error = 1; } if (td->check_result == 0) return 1; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, td->t), 0)) { TEST_info("ASN1_TIME_cmp_time_t(%s vs %ld) compare failed", atime.data, (long)td->t); error = 1; } if (!TEST_true(ASN1_TIME_diff(&day, &sec, &atime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to self failed", atime.data); error = 1; } if (!TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(%s) to self not equal", atime.data); error = 1; } if (!TEST_true(ASN1_TIME_diff(&day, &sec, >ime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to baseline failed", atime.data); error = 1; } else if (!((td->cmp_result == 0 && TEST_true((day == 0 && sec == 0))) || (td->cmp_result == -1 && TEST_true((day < 0 || sec < 0))) || (td->cmp_result == 1 && TEST_true((day > 0 || sec > 0))))) { TEST_info("ASN1_TIME_diff(%s) to baseline bad comparison", atime.data); error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) to baseline bad comparison", atime.data); error = 1; } ptime = ASN1_TIME_set(NULL, td->t); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_set(%ld) failed", (long)td->t); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_set(%ld) compare failed (%s->%s)", (long)td->t, td->data, ptime->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { TEST_info("ASN1_TIME_set(%ld) unexpected type", (long)td->t); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } ptime = ASN1_TIME_new(); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_new() failed"); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) { TEST_info("ASN1_TIME_set_string_gmt(%s) failed", td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_normalize(ptime), td->check_result)) { TEST_info("ASN1_TIME_normalize(%s) failed", td->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { TEST_info("ASN1_TIME_set_string_gmt(%s) unexpected type", td->data); local_error = error = 1; } day = sec = 0; if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string_gmt() failed", day, sec, td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string_gnt() to baseline bad comparison", td->data); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set_string_gmt() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } ptime = ASN1_TIME_new(); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_new() failed"); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) { TEST_info("ASN1_TIME_set_string(%s) failed", td->data); local_error = error = 1; } day = sec = 0; if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string() failed", day, sec, td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string() to baseline bad comparison", td->data); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set_string() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } if (td->type == V_ASN1_UTCTIME) { ptime = ASN1_TIME_to_generalizedtime(&atime, NULL); if (td->convert_result == 1 && !TEST_ptr(ptime)) { TEST_info("ASN1_TIME_to_generalizedtime(%s) failed", atime.data); error = 1; } else if (td->convert_result == 0 && !TEST_ptr_null(ptime)) { TEST_info("ASN1_TIME_to_generalizedtime(%s) should have failed", atime.data); error = 1; } if (ptime != NULL && !TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_to_generalizedtime(%s->%s) bad result", atime.data, ptime->data); error = 1; } ASN1_TIME_free(ptime); } /* else cannot simply convert GENERALIZEDTIME to UTCTIME */ if (error) TEST_error("atime=%s", atime.data); return !error; }