From: Rob Percival Date: Tue, 15 Nov 2016 10:42:57 +0000 (+0000) Subject: Add test for CT_POLICY_EVAL_CTX default time X-Git-Tag: OpenSSL_1_1_1-pre1~3056 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ebcb536858a271e8812fb9bbafbc0b825e5ece24;p=oweals%2Fopenssl.git Add test for CT_POLICY_EVAL_CTX default time Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized to approximately the current time (as returned by time()) by default. This prevents the addition of this field, and its verification during SCT validation, from breaking existing code that calls SCT_validate directly. Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1554) --- diff --git a/test/ct_test.c b/test/ct_test.c index 223037ed39..eaf05dcd71 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -550,6 +551,30 @@ static int test_encode_tls_sct() EXECUTE_CT_TEST(); } +/* + * Tests that the CT_POLICY_EVAL_CTX default time is approximately now. + * Allow +-10 minutes, as it may compensate for clock skew. + */ +static int test_default_ct_policy_eval_ctx_time_is_now() +{ + int success = 0; + CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); + const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / + 1000; + const time_t time_tolerance = 600; /* 10 minutes */ + + if (fabs(difftime(time(NULL), default_time)) > time_tolerance) { + fprintf(stderr, + "Default CT_POLICY_EVAL_CTX time is not approximately now.\n"); + goto end; + } + + success = 1; +end: + CT_POLICY_EVAL_CTX_free(ct_policy_ctx); + return success; +} + int test_main(int argc, char *argv[]) { int result = 0; @@ -568,6 +593,7 @@ int test_main(int argc, char *argv[]) ADD_TEST(test_verify_fails_for_future_sct); ADD_TEST(test_decode_tls_sct); ADD_TEST(test_encode_tls_sct); + ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now); result = run_tests(argv[0]);