Skip to content

Commit 4a5fe3e

Browse files
andy31415emargolis
authored and
pull[bot]
committed
Improve code clarity on IsTimeGreaterThanEqual (#17178)
* Improve code clarity on IsTimeGreaterThanEqual Existing code is very hard to validate given the complex boolean expression. Split the logic into clearer steps of comparing year, month, day, hr, min, sec individually. The code change should generally be a NOOP except code clarity. * Update src/crypto/CHIPCryptoPALmbedTLS.cpp Co-authored-by: Evgeny Margolis <[email protected]> Co-authored-by: Evgeny Margolis <[email protected]>
1 parent 5d267d1 commit 4a5fe3e

File tree

1 file changed

+22
-21
lines changed

1 file changed

+22
-21
lines changed

src/crypto/CHIPCryptoPALmbedTLS.cpp

+22-21
Original file line numberDiff line numberDiff line change
@@ -1351,27 +1351,28 @@ CHIP_ERROR ValidateCertificateChain(const uint8_t * rootCertificate, size_t root
13511351

13521352
inline bool IsTimeGreaterThanEqual(const mbedtls_x509_time * const timeA, const mbedtls_x509_time * const timeB)
13531353
{
1354-
return timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) ||
1355-
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
1356-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon)) ||
1357-
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
1358-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
1359-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day)) ||
1360-
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
1361-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
1362-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day) &&
1363-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(hour)) ||
1364-
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
1365-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
1366-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day) &&
1367-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) &&
1368-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(min) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(min)) ||
1369-
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
1370-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
1371-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day) &&
1372-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) &&
1373-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(min) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(min) &&
1374-
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(sec) >= timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(sec));
1354+
1355+
// checks if two values are different and if yes, then returns first > second.
1356+
#define RETURN_STRICTLY_GREATER_IF_DIFFERENT(component) \
1357+
{ \
1358+
auto valueA = timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(component); \
1359+
auto valueB = timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(component); \
1360+
\
1361+
if (valueA != valueB) \
1362+
{ \
1363+
return valueA > valueB; \
1364+
} \
1365+
}
1366+
1367+
RETURN_STRICTLY_GREATER_IF_DIFFERENT(year);
1368+
RETURN_STRICTLY_GREATER_IF_DIFFERENT(mon);
1369+
RETURN_STRICTLY_GREATER_IF_DIFFERENT(day);
1370+
RETURN_STRICTLY_GREATER_IF_DIFFERENT(hour);
1371+
RETURN_STRICTLY_GREATER_IF_DIFFERENT(min);
1372+
RETURN_STRICTLY_GREATER_IF_DIFFERENT(sec);
1373+
1374+
// all above are equal
1375+
return true;
13751376
}
13761377

13771378
CHIP_ERROR IsCertificateValidAtIssuance(const ByteSpan & referenceCertificate, const ByteSpan & toBeEvaluatedCertificate)

0 commit comments

Comments
 (0)