[tor-commits] [tor/release-0.3.0] Revise the logic for picking the start time for link certs

nickm at torproject.org nickm at torproject.org
Mon Feb 27 16:23:23 UTC 2017


commit f6e5a658df84cf9dd01ab7d61cfb25f0fb9040c1
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Feb 13 15:37:41 2017 -0500

    Revise the logic for picking the start time for link certs
    
    Since 0.2.4.11-alpha (in 0196647970a91d) we've tried to randomize
    the start time to up to some time in the past.  But unfortunately we
    allowed the start time to be in the future as well, which isn't
    really legit.
    
    The new behavior lets the start time be be up to
    MAX(cert_lifetime-2days, 0) in the past, but never in the future.
    
    Fixes bug 21420; bugfix on 0.2.4.11-alpha.
---
 changes/bug21420    |  3 +++
 src/common/tortls.c | 19 ++++++++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/changes/bug21420 b/changes/bug21420
new file mode 100644
index 0000000..0144044
--- /dev/null
+++ b/changes/bug21420
@@ -0,0 +1,3 @@
+  o Minor bugfixes (certificate expiration time):
+    - Avoid using link certificates that don't become valid till
+      some time in the future.  Fixes bug 21420; bugfix on 0.2.4.11-alpha
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62ed5be..5c5aa72 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -482,8 +482,22 @@ MOCK_IMPL(STATIC X509 *,
    * then we might pick a time where we're about to expire. Lastly, be
    * sure to start on a day boundary. */
   time_t now = time(NULL);
-  start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600;
-  start_time -= start_time % (24*3600);
+  /* Our certificate lifetime will be cert_lifetime no matter what, but if we
+   * start cert_lifetime in the past, we'll have 0 real lifetime.  instead we
+   * start up to (cert_lifetime - min_real_lifetime - start_granularity) in
+   * the past. */
+  const time_t min_real_lifetime = 24*3600;
+  const time_t start_granularity = 24*3600;
+  time_t earliest_start_time = now - cert_lifetime + min_real_lifetime
+    + start_granularity;
+  /* Don't actually start in the future! */
+  if (earliest_start_time >= now)
+    earliest_start_time = now - 1;
+  start_time = crypto_rand_time_range(earliest_start_time, now);
+  /* Round the start time back to the start of a day. */
+  start_time -= start_time % start_granularity;
+
+  end_time = start_time + cert_lifetime;
 
   tor_assert(rsa);
   tor_assert(cname);
@@ -517,7 +531,6 @@ MOCK_IMPL(STATIC X509 *,
 
   if (!X509_time_adj(X509_get_notBefore(x509),0,&start_time))
     goto error;
-  end_time = start_time + cert_lifetime;
   if (!X509_time_adj(X509_get_notAfter(x509),0,&end_time))
     goto error;
   if (!X509_set_pubkey(x509, pkey))





More information about the tor-commits mailing list