feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add user clock skew defines for date skew before checks

Browse Source
This commit is contained in:
toddouska
2017-02-06 16:30:48 -08:00
parent f938a75780
commit 7ddeb1afd9
1 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
wolfcrypt/src/asn.c
View File

@@ -3475,6 +3475,21 @@ int ValidateDate(const byte* date, byte format, int dateType)
#endif #endif
ltime = XTIME(0); ltime = XTIME(0);
#ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
if (dateType == BEFORE) {
WOLFSSL_MSG("Skewing local time for before date check");
ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW;
}
#endif
#ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW
if (dateType == AFTER) {
WOLFSSL_MSG("Skewing local time for after date check");
ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW;
}
#endif
if (!ExtractDate(date, format, &certTime, &i)) { if (!ExtractDate(date, format, &certTime, &i)) {
WOLFSSL_MSG("Error extracting the date"); WOLFSSL_MSG("Error extracting the date");
return 0; return 0;
@@ -3500,12 +3515,17 @@ int ValidateDate(const byte* date, byte format, int dateType)
} }
if (dateType == BEFORE) { if (dateType == BEFORE) {
if (DateLessThan(localTime, &certTime)) if (DateLessThan(localTime, &certTime)) {
WOLFSSL_MSG("Date BEFORE check failed");
return 0; return 0;
}
} }
else else { /* dateType == AFTER */
if (DateGreaterThan(localTime, &certTime)) if (DateGreaterThan(localTime, &certTime)) {
WOLFSSL_MSG("Date AFTER check failed");
return 0; return 0;
}
}
return 1; return 1;
} }