From 94b1809ffa44062e9724314fdb6d3af2e2675f65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= <v.code.ngyvz7vf@what.tf>
Date: Sat, 16 Mar 2024 10:29:06 +0100
Subject: [PATCH] Do not use expired IKMs

---
 src/ikm.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ikm.rs b/src/ikm.rs
index 9d15dcf..bf6dcf4 100644
--- a/src/ikm.rs
+++ b/src/ikm.rs
@@ -136,10 +136,11 @@ impl InputKeyMaterialList {
 
 	#[cfg(feature = "encryption")]
 	pub(crate) fn get_latest_ikm(&self) -> Result<&InputKeyMaterial> {
+		let now = SystemTime::now();
 		self.ikm_lst
 			.iter()
 			.rev()
-			.find(|&ikm| !ikm.is_revoked && ikm.created_at < SystemTime::now())
+			.find(|&ikm| !ikm.is_revoked && ikm.created_at < now && ikm.expire_at > now)
 			.ok_or(Error::IkmNoneAvailable)
 	}