From 416dc034670a539b170caa09dfbc066c15842c9a Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Thu, 30 Jun 2022 00:38:53 -0400
Subject: [PATCH] mbedtls_x509_time_cmp() compare mbedtls_x509_time

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 ChangeLog.d/mbedtls_x509_time.txt |  2 +
 include/mbedtls/x509.h            | 12 +++++
 library/x509.c                    | 77 +++++++++++--------------------
 3 files changed, 42 insertions(+), 49 deletions(-)
 create mode 100644 ChangeLog.d/mbedtls_x509_time.txt

diff --git a/ChangeLog.d/mbedtls_x509_time.txt b/ChangeLog.d/mbedtls_x509_time.txt
new file mode 100644
index 000000000..3eacc29a1
--- /dev/null
+++ b/ChangeLog.d/mbedtls_x509_time.txt
@@ -0,0 +1,2 @@
+Features
+   * Improve mbedtls_x509_time performance and reduce memory use.
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index df6d7623a..ac8ff9ad3 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -366,6 +366,18 @@ static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
  */
 int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
 
+/**
+ * \brief          Compare pair of mbedtls_x509_time.
+ *
+ * \param t1       mbedtls_x509_time to compare
+ * \param t2       mbedtls_x509_time to compare
+ *
+ * \return         < 0 if t1 is before t2
+ *                   0 if t1 equals t2
+ *                 > 0 if t1 is after t2
+ */
+int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2);
+
 /**
  * \brief          Check a given mbedtls_x509_time against the system time
  *                 and tell if it's in the past.
diff --git a/library/x509.c b/library/x509.c
index 6e16c4c27..031a3f0e3 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -994,6 +994,32 @@ int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name)
     return 0;
 }
 
+int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1,
+                          const mbedtls_x509_time *t2)
+{
+    if (t1->year != t2->year) {
+        return t1->year - t2->year;
+    }
+
+    if (t1->mon  != t2->mon) {
+        return t1->mon  - t2->mon;
+    }
+
+    if (t1->day  != t2->day) {
+        return t1->day  - t2->day;
+    }
+
+    if (t1->hour != t2->hour) {
+        return t1->hour - t2->hour;
+    }
+
+    if (t1->min  != t2->min) {
+        return t1->min  - t2->min;
+    }
+
+    return t1->sec  - t2->sec;
+}
+
 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /*
  * Set the time structure to the current time.
@@ -1022,53 +1048,6 @@ static int x509_get_current_time(mbedtls_x509_time *now)
     return ret;
 }
 
-/*
- * Return 0 if before <= after, 1 otherwise
- */
-static int x509_check_time(const mbedtls_x509_time *before, const mbedtls_x509_time *after)
-{
-    if (before->year  > after->year) {
-        return 1;
-    }
-
-    if (before->year == after->year &&
-        before->mon   > after->mon) {
-        return 1;
-    }
-
-    if (before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day   > after->day) {
-        return 1;
-    }
-
-    if (before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day  == after->day  &&
-        before->hour  > after->hour) {
-        return 1;
-    }
-
-    if (before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day  == after->day  &&
-        before->hour == after->hour &&
-        before->min   > after->min) {
-        return 1;
-    }
-
-    if (before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day  == after->day  &&
-        before->hour == after->hour &&
-        before->min  == after->min  &&
-        before->sec   > after->sec) {
-        return 1;
-    }
-
-    return 0;
-}
-
 int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
 {
     mbedtls_x509_time now;
@@ -1077,7 +1056,7 @@ int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
         return 1;
     }
 
-    return x509_check_time(&now, to);
+    return mbedtls_x509_time_cmp(to, &now) < 0;
 }
 
 int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
@@ -1088,7 +1067,7 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
         return 1;
     }
 
-    return x509_check_time(from, &now);
+    return mbedtls_x509_time_cmp(from, &now) > 0;
 }
 
 #else  /* MBEDTLS_HAVE_TIME_DATE */