[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21420 [Core Tor/Tor]: Link certificate start date in the future
#21420: Link certificate start date in the future
--------------------------+------------------------------------
Reporter: mmcloughlin | Owner: nickm
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 029-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by arma):
I think you're right that commit 0196647 is the problem here.
I suspect you're right that fixing the underlying math is the right
answer.
However, I'm unable to follow the math here:
{{{
- start_time = crypto_rand_time_range(now - cert_lifetime, now) +
2*24*3600;
+ const time_t min_real_lifetime = 2*24*3600;
+ time_t earliest_start_time = now - cert_lifetime + min_real_lifetime;
+ if (earliest_start_time < now)
+ earliest_start_time = now;
+ start_time = crypto_rand_time_range(earliest_start_time, now);
}}}
Maybe some more comments to explain what we're computing, and *why*, would
help?
Looking at the origin commit, it seems maybe I wanted to say "- 2 days",
not "+ 2 days". Would that resolve everything here?
Maybe I am deeply confused, but won't
{{{
+ if (earliest_start_time < now)
+ earliest_start_time = now;
+ start_time = crypto_rand_time_range(earliest_start_time, now);
}}}
trigger the assert in crypto_rand_time_range() that min < max, since we'll
be passing it "now, now"?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21420#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs