Add test for CT_POLICY_EVAL_CTX default time

Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized to approximately the current time (as returned by time()) by default. This prevents the addition of this field, and its verification during SCT validation, from breaking existing code that calls SCT_validate directly. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554)
2025-01-30 14:01:55 +08:00 · 2016-11-15 10:42:57 +00:00 · 2016-11-15 10:42:57 +00:00 · ebcb536858
commit ebcb536858
parent 08e588b7d5
1 changed files with 26 additions and 0 deletions
--- a/test/ct_test.c
+++ b/test/ct_test.c
@ -8,6 +8,7 @@
 */

 #include <ctype.h>
+#include <math.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -550,6 +551,30 @@ static int test_encode_tls_sct()
    EXECUTE_CT_TEST();
 }

+/*
+ * Tests that the CT_POLICY_EVAL_CTX default time is approximately now.
+ * Allow +-10 minutes, as it may compensate for clock skew.
+ */
+static int test_default_ct_policy_eval_ctx_time_is_now()
+{
+    int success = 0;
+    CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
+    const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) /
+            1000;
+    const time_t time_tolerance = 600;  /* 10 minutes */
+
+    if (fabs(difftime(time(NULL), default_time)) > time_tolerance) {
+        fprintf(stderr,
+                "Default CT_POLICY_EVAL_CTX time is not approximately now.\n");
+        goto end;
+    }
+
+    success = 1;
+end:
+    CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
+    return success;
+}
+
 int test_main(int argc, char *argv[])
 {
    int result = 0;
@ -568,6 +593,7 @@ int test_main(int argc, char *argv[])
    ADD_TEST(test_verify_fails_for_future_sct);
    ADD_TEST(test_decode_tls_sct);
    ADD_TEST(test_encode_tls_sct);
+    ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now);

    result = run_tests(argv[0]);