[tor-bugs] #21420 [Core Tor/Tor]: Link certificate start date in the future
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 13 21:34:50 UTC 2017
#21420: Link certificate start date in the future
--------------------------+------------------------------------
Reporter: mmcloughlin | Owner: nickm
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 029-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by arma):
I think you're right that commit 0196647 is the problem here.
I suspect you're right that fixing the underlying math is the right
answer.
However, I'm unable to follow the math here:
{{{
- start_time = crypto_rand_time_range(now - cert_lifetime, now) +
2*24*3600;
+ const time_t min_real_lifetime = 2*24*3600;
+ time_t earliest_start_time = now - cert_lifetime + min_real_lifetime;
+ if (earliest_start_time < now)
+ earliest_start_time = now;
+ start_time = crypto_rand_time_range(earliest_start_time, now);
}}}
Maybe some more comments to explain what we're computing, and *why*, would
help?
Looking at the origin commit, it seems maybe I wanted to say "- 2 days",
not "+ 2 days". Would that resolve everything here?
Maybe I am deeply confused, but won't
{{{
+ if (earliest_start_time < now)
+ earliest_start_time = now;
+ start_time = crypto_rand_time_range(earliest_start_time, now);
}}}
trigger the assert in crypto_rand_time_range() that min < max, since we'll
be passing it "now, now"?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21420#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list