summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-02-13 15:37:41 -0500
committerNick Mathewson <nickm@torproject.org>2017-02-27 11:19:54 -0500
commitf6e5a658df84cf9dd01ab7d61cfb25f0fb9040c1 (patch)
tree32ff03d1845f4f327d4472c541ab802bc082e5c5
parenta86f95df5c34df2921e8f3e76f171c0576fc2a20 (diff)
downloadtor-f6e5a658df84cf9dd01ab7d61cfb25f0fb9040c1.tar.gz
tor-f6e5a658df84cf9dd01ab7d61cfb25f0fb9040c1.zip
Revise the logic for picking the start time for link certs
Since 0.2.4.11-alpha (in 0196647970a91d) we've tried to randomize the start time to up to some time in the past. But unfortunately we allowed the start time to be in the future as well, which isn't really legit. The new behavior lets the start time be be up to MAX(cert_lifetime-2days, 0) in the past, but never in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha.
-rw-r--r--changes/bug214203
-rw-r--r--src/common/tortls.c19
2 files changed, 19 insertions, 3 deletions
diff --git a/changes/bug21420 b/changes/bug21420
new file mode 100644
index 0000000000..014404466a
--- /dev/null
+++ b/changes/bug21420
@@ -0,0 +1,3 @@
+ o Minor bugfixes (certificate expiration time):
+ - Avoid using link certificates that don't become valid till
+ some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62ed5be344..5c5aa727a6 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -482,8 +482,22 @@ MOCK_IMPL(STATIC X509 *,
* then we might pick a time where we're about to expire. Lastly, be
* sure to start on a day boundary. */
time_t now = time(NULL);
- start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600;
- start_time -= start_time % (24*3600);
+ /* Our certificate lifetime will be cert_lifetime no matter what, but if we
+ * start cert_lifetime in the past, we'll have 0 real lifetime. instead we
+ * start up to (cert_lifetime - min_real_lifetime - start_granularity) in
+ * the past. */
+ const time_t min_real_lifetime = 24*3600;
+ const time_t start_granularity = 24*3600;
+ time_t earliest_start_time = now - cert_lifetime + min_real_lifetime
+ + start_granularity;
+ /* Don't actually start in the future! */
+ if (earliest_start_time >= now)
+ earliest_start_time = now - 1;
+ start_time = crypto_rand_time_range(earliest_start_time, now);
+ /* Round the start time back to the start of a day. */
+ start_time -= start_time % start_granularity;
+
+ end_time = start_time + cert_lifetime;
tor_assert(rsa);
tor_assert(cname);
@@ -517,7 +531,6 @@ MOCK_IMPL(STATIC X509 *,
if (!X509_time_adj(X509_get_notBefore(x509),0,&start_time))
goto error;
- end_time = start_time + cert_lifetime;
if (!X509_time_adj(X509_get_notAfter(x509),0,&end_time))
goto error;
if (!X509_set_pubkey(x509, pkey))