[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #20027 [Core Tor/Tor]: Ed25519 certificate parsing does badly with expirations after 2038

Subject: [tor-bugs] #20027 [Core Tor/Tor]: Ed25519 certificate parsing does badly with expirations after 2038
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 30 Aug 2016 12:57:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 30 Aug 2016 08:57:37 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20027: Ed25519 certificate parsing does badly with expirations after 2038
------------------------------+--------------------------------
     Reporter:  nickm         |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.2.9.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  TorCoreTeam201608
Actual Points:                |  Parent ID:  #15055
       Points:  0             |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 We deliberately chose an hour-based expiration counter for ed certs,
 because of 32-bit issues.  But when we parse them, we just multiply the
 32-bit field by 3600.  That results in an overflow if the time is greater
 than UINT32_MAX.

 The impact here isn't too bad.  First, it only affects certs that expire
 after 32-bit signed time overflows in Y2038.  Second, it can only make it
 seem that a non-expired cert is expired: it can never make it seem that an
 expired cert is still live.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20027>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #20027 [Core Tor/Tor]: Ed25519 certificate parsing does badly with expirations after 2038
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20027 [Core Tor/Tor]: Ed25519 certificate parsing does badly with expirations after 2038
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #19919 [Core Tor/Tor]: If ORPort address is publicly routable, use it to guess Address
Next by Author: Re: [tor-bugs] #19950 [Applications/Tor Browser]: Replace Tor Project bookmarks in TBB to their onion service equivalent (was: Replace Torproject bookmarks in TBB to darknet ones)
Previous by thread: Re: [tor-bugs] #15087 [Core Tor/Tor]: Move timeliness check out of tor_cert_checksig, or into tor_cert_get_checkable_sig
Next by thread: Re: [tor-bugs] #20027 [Core Tor/Tor]: Ed25519 certificate parsing does badly with expirations after 2038
Index(es):
- Author
- Thread