From 6a125fea8d4ddb545a6c88dbab04b6ac26c183ab Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 26 May 2011 08:07:22 +0200 Subject: Added gnutls_global_set_time_function() to allow overriding the default system time() function. --- lib/ext/session_ticket.c | 2 +- lib/gnutls_db.c | 2 +- lib/gnutls_dtls.c | 6 +++--- lib/gnutls_global.c | 17 +++++++++++++++++ lib/gnutls_handshake.c | 6 +++--- lib/gnutls_int.h | 1 + lib/gnutls_session_pack.c | 2 +- lib/gnutls_v2_compat.c | 2 +- lib/includes/gnutls/gnutls.h.in | 3 +++ lib/libgnutls.map | 1 + lib/nettle/rnd.c | 6 +++--- lib/opencdk/keydb.c | 5 ++--- lib/opencdk/literal.c | 3 +-- lib/opencdk/read-packet.c | 2 +- lib/opencdk/sig-check.c | 3 +-- lib/openpgp/gnutls_openpgp.c | 1 - lib/system.c | 1 + lib/system.h | 1 + lib/x509/common.c | 1 - lib/x509/verify.c | 4 ++-- tests/chainverify.c | 4 ++-- 21 files changed, 46 insertions(+), 27 deletions(-) diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 29756914aa..3bae19bfc5 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -124,7 +124,7 @@ decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, cipher_hd_st cipher_hd; gnutls_datum_t key, IV, mac_secret, state; opaque final[MAC_SECRET_SIZE]; - time_t timestamp = time (0); + time_t timestamp = gnutls_time (0); int ret; /* Check the integrity of ticket using HMAC-SHA-256. */ diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 1c26ffb8c7..9946c8e88b 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -153,7 +153,7 @@ gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry) { time_t timestamp; - timestamp = time (0); + timestamp = gnutls_time (0); if (session_entry.data != NULL) if (timestamp - diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c index b00b3e83e9..a548abd101 100644 --- a/lib/gnutls_dtls.c +++ b/lib/gnutls_dtls.c @@ -143,7 +143,7 @@ static int drop_usage_count(gnutls_session_t session, mbuffer_head_st *const sen */ int _dtls_retransmit(gnutls_session_t session) { -time_t now = time(0); +time_t now = gnutls_time (0); if (now - session->internals.dtls.last_retransmit > RETRANSMIT_WINDOW) { @@ -175,7 +175,7 @@ int ret; &session->internals.handshake_send_buffer; mbuffer_st *cur; gnutls_handshake_description_t last_type = 0; - time_t now = time(0); + time_t now = gnutls_time (0); /* If we have already sent a flight and we are operating in a * non blocking way, check if it is time to retransmit or just @@ -277,7 +277,7 @@ int ret; } UPDATE_TIMER; - now = time(0); + now = gnutls_time (0); } while(ret == GNUTLS_E_TIMEDOUT); if (ret < 0) diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 15bf0cdf17..0710f43f84 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -32,6 +32,7 @@ #include /* for _gnutls_ext_init */ #include +#include #include #include @@ -88,6 +89,22 @@ gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func) _gnutls_audit_log_func = log_func; } +/** + * gnutls_global_set_time_function: + * @time_func: it's the system time function + * + * This is the function where you can override the default system + * time function. + * + * gnutls_time_func is of the form, + * time_t (*gnutls_time_func)( time*); + **/ +void +gnutls_global_set_time_function (gnutls_time_func time_func) +{ + gnutls_time = time_func; +} + /** * gnutls_global_set_log_level: * @level: it's an integer from 0 to 9. diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index babf71e904..c60e9ba35b 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -338,7 +338,7 @@ _gnutls_tls_create_random (opaque * dst) * system's time. */ - tim = time (NULL); + tim = gnutls_time (NULL); /* generate server random value */ _gnutls_write_uint32 (tim, dst); @@ -454,7 +454,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, _gnutls_tls_create_random (rnd); _gnutls_set_server_random (session, rnd); - session->security_parameters.timestamp = time (NULL); + session->security_parameters.timestamp = gnutls_time (NULL); DECR_LEN (len, 1); session_id_len = data[pos++]; @@ -1968,7 +1968,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) /* In order to know when this session was initiated. */ - session->security_parameters.timestamp = time (NULL); + session->security_parameters.timestamp = gnutls_time (NULL); /* Generate random data */ diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 0f7609d6c2..88f83a53b2 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -60,6 +60,7 @@ typedef struct #include #include +#include /* * They are not needed any more. You can simply enable diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index d88919c9ce..6f92c4bb39 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -803,7 +803,7 @@ unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) { size_t pack_size; int ret; - time_t timestamp = time (0); + time_t timestamp = gnutls_time (0); BUFFER_POP_NUM (ps, pack_size); diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 73e22b760b..1492ad1934 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -223,7 +223,7 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, _gnutls_tls_create_random (rnd); _gnutls_set_server_random (session, rnd); - session->security_parameters.timestamp = time (NULL); + session->security_parameters.timestamp = gnutls_time (NULL); /* RESUME SESSION */ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 2659918df8..a44205bb05 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1134,6 +1134,7 @@ int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve); int gnutls_global_init (void); void gnutls_global_deinit (void); + typedef time_t (*gnutls_time_func) (time_t *t); typedef int (*mutex_init_func) (void **mutex); typedef int (*mutex_lock_func) (void **mutex); typedef int (*mutex_unlock_func) (void **mutex); @@ -1155,6 +1156,8 @@ int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve); gnutls_realloc_function realloc_func, gnutls_free_function free_func); + void gnutls_global_set_time_function (gnutls_time_func); + /* For use in callbacks */ extern gnutls_alloc_function gnutls_malloc; extern gnutls_alloc_function gnutls_secure_malloc; diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 96c2e93c4e..3d906e6211 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -679,6 +679,7 @@ GNUTLS_2_12 gnutls_pubkey_verify_data; gnutls_certificate_get_issuer; gnutls_x509_crq_verify; + gnutls_global_set_time_function; } GNUTLS_2_10; GNUTLS_3_0_0 { diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index d9f3488e3f..3e4a8b468c 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -94,7 +94,7 @@ do_trivia_source (int init) static int do_device_source (int init) { - time_t now = time (NULL); + time_t now = gnutls_time (NULL); int read_size = DEVICE_READ_SIZE; if (init) @@ -226,7 +226,7 @@ do_trivia_source (int init) static int do_device_source_urandom (int init) { - time_t now = time (NULL); + time_t now = gnutls_time (NULL); int read_size = DEVICE_READ_SIZE; if (init) @@ -291,7 +291,7 @@ do_device_source_urandom (int init) static int do_device_source_egd (int init) { - time_t now = time (NULL); + time_t now = gnutls_time (NULL); int read_size = DEVICE_READ_SIZE; if (init) diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 7ef91e4caf..5be3129c8a 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -29,7 +29,6 @@ #include #include #include -#include #include #include "opencdk.h" @@ -1677,7 +1676,7 @@ keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid) if (key_expire) { pk->expiredate = pk->timestamp + key_expire; - pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1; + pk->has_expired = pk->expiredate > (u32) gnutls_time (NULL) ? 0 : 1; } pk->is_invalid = 0; @@ -1694,7 +1693,7 @@ keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check) cdk_pkt_signature_t sig; cdk_pkt_pubkey_t pk; cdk_subpkt_t s = NULL; - u32 expiredate = 0, curtime = (u32) time (NULL); + u32 expiredate = 0, curtime = (u32) gnutls_time (NULL); u32 keyid[2]; if (!knode) diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c index dfbdbf565f..0490c616d2 100644 --- a/lib/opencdk/literal.c +++ b/lib/opencdk/literal.c @@ -26,7 +26,6 @@ #include #endif #include -#include #include #include #include @@ -212,7 +211,7 @@ literal_encode (void *data, FILE * in, FILE * out) memcpy (pt->name, pfx->filename, filelen); pt->namelen = filelen; pt->name[pt->namelen] = '\0'; - pt->timestamp = (u32) time (NULL); + pt->timestamp = (u32) gnutls_time (NULL); pt->mode = intmode_to_char (pfx->mode); pt->len = cdk_stream_get_length (si); pt->buf = si; diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index aa2a89c9cd..1e447b8b7e 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -680,7 +680,7 @@ parse_sig_subpackets (cdk_pkt_signature_t sig) else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4) { sig->expiredate = _cdk_buftou32 (node->d); - if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL)) + if (sig->expiredate > 0 && sig->expiredate < (u32) gnutls_time (NULL)) sig->flags.expired = 1; } else if (node->type == CDK_SIGSUBPKT_POLICY) diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index c1a9154396..75f0d9bdce 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -26,7 +26,6 @@ #include #endif #include -#include #include #include "opencdk.h" @@ -236,7 +235,7 @@ _cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig, { cdk_error_t rc; byte md[MAX_DIGEST_LEN]; - time_t cur_time = (u32) time (NULL); + time_t cur_time = (u32) gnutls_time (NULL); if (!pk || !sig || !digest) { diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index f006ebdce3..5b1a7d451d 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -35,7 +35,6 @@ #include #include #include -#include #include #define datum_append(x, y, z) _gnutls_datum_append_m (x, y, z, gnutls_realloc) diff --git a/lib/system.c b/lib/system.c index 379f5d14d3..9e0460aa18 100644 --- a/lib/system.c +++ b/lib/system.c @@ -292,6 +292,7 @@ _gnutls_atfork (void (*prepare) (void), void (*parent) (void), #endif /* NO_LOCKS */ +gnutls_time_func gnutls_time = time; mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init; mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit; mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock; diff --git a/lib/system.h b/lib/system.h index 849090ee3a..7029c9c6b1 100644 --- a/lib/system.h +++ b/lib/system.h @@ -36,6 +36,7 @@ ssize_t system_read_peek (gnutls_transport_ptr_t ptr, void *data, int _gnutls_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void)); +extern gnutls_time_func gnutls_time; static inline void millisleep(unsigned int ms) { diff --git a/lib/x509/common.c b/lib/x509/common.c index 3395834091..788b335030 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -34,7 +34,6 @@ #include #include "x509_int.h" #include -#include struct oid2string { diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 76fe41a350..aa511f5dc2 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -306,7 +306,7 @@ gnutls_x509_crt_t issuer = NULL; } else { - time_t now = time(0); + time_t now = gnutls_time(0); if (now < gnutls_x509_crt_get_expiration_time(trusted_cas[i]) && now >= gnutls_x509_crt_get_activation_time(trusted_cas[i])) @@ -549,7 +549,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, { int i = 0, ret; unsigned int status = 0, output; - time_t now = time (0); + time_t now = gnutls_time (0); gnutls_x509_crt_t issuer = NULL; if (clist_size > 1) diff --git a/tests/chainverify.c b/tests/chainverify.c index 65c4bcf25b..dd87f0aa05 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -38,8 +38,7 @@ verifying certificates. To avoid a time bomb, we hard code the current time. This should work fine on systems where the library call to time is resolved at run-time. */ -time_t -time (time_t * t) +static time_t mytime (time_t * t) { time_t then = 1256803113; @@ -814,6 +813,7 @@ doit (void) exit (EXIT_FAILURE); } + gnutls_global_set_time_function (mytime); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (4711); -- cgit v1.2.1