From f6e5a658df84cf9dd01ab7d61cfb25f0fb9040c1 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 13 Feb 2017 15:37:41 -0500 Subject: [PATCH] Revise the logic for picking the start time for link certs Since 0.2.4.11-alpha (in 0196647970a91d) we've tried to randomize the start time to up to some time in the past. But unfortunately we allowed the start time to be in the future as well, which isn't really legit. The new behavior lets the start time be be up to MAX(cert_lifetime-2days, 0) in the past, but never in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha. --- changes/bug21420 | 3 +++ src/common/tortls.c | 19 ++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 changes/bug21420 diff --git a/changes/bug21420 b/changes/bug21420 new file mode 100644 index 0000000000..014404466a --- /dev/null +++ b/changes/bug21420 @@ -0,0 +1,3 @@ + o Minor bugfixes (certificate expiration time): + - Avoid using link certificates that don't become valid till + some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha diff --git a/src/common/tortls.c b/src/common/tortls.c index 62ed5be344..5c5aa727a6 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -482,8 +482,22 @@ MOCK_IMPL(STATIC X509 *, * then we might pick a time where we're about to expire. Lastly, be * sure to start on a day boundary. */ time_t now = time(NULL); - start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600; - start_time -= start_time % (24*3600); + /* Our certificate lifetime will be cert_lifetime no matter what, but if we + * start cert_lifetime in the past, we'll have 0 real lifetime. instead we + * start up to (cert_lifetime - min_real_lifetime - start_granularity) in + * the past. */ + const time_t min_real_lifetime = 24*3600; + const time_t start_granularity = 24*3600; + time_t earliest_start_time = now - cert_lifetime + min_real_lifetime + + start_granularity; + /* Don't actually start in the future! */ + if (earliest_start_time >= now) + earliest_start_time = now - 1; + start_time = crypto_rand_time_range(earliest_start_time, now); + /* Round the start time back to the start of a day. */ + start_time -= start_time % start_granularity; + + end_time = start_time + cert_lifetime; tor_assert(rsa); tor_assert(cname); @@ -517,7 +531,6 @@ MOCK_IMPL(STATIC X509 *, if (!X509_time_adj(X509_get_notBefore(x509),0,&start_time)) goto error; - end_time = start_time + cert_lifetime; if (!X509_time_adj(X509_get_notAfter(x509),0,&end_time)) goto error; if (!X509_set_pubkey(x509, pkey))