Reject certs and CRLs from the future

2025-03-06 21:19:59 +00:00 · 2014-07-08 10:59:10 +02:00 · 2014-07-08 10:59:10 +02:00 · 50a5c53398
parent 0d844dd650
commit 50a5c53398
3 changed files with 16 additions and 0 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@ Security
   * Forbid change of server certificate during renegotiation to prevent
     "triple handshake" attack when authentication mode is optional (the
     attack was already impossible when authentication is required).
+   * Check notBefore timestamp of certificates and CRLs from the future.

 Bugfix
   * Fixed X.509 hostname comparison (with non-regular characters)
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@ -80,6 +80,9 @@
 #define BADCERT_MISSING             0x40  /**< Certificate was missing. */
 #define BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
 #define BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
+#define BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
+#define BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
+
 /* \} name */
 /* \} addtogroup x509_module */

--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -3275,6 +3275,9 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
        if( x509parse_time_expired( &crl_list->next_update ) )
            flags |= BADCRL_EXPIRED;

+        if( x509parse_time_future( &crl_list->this_update ) )
+            flags |= BADCRL_FUTURE;
+
        /*
         * Check if certificate is revoked
         */
@ -3358,6 +3361,9 @@ static int x509parse_verify_top(
    if( x509parse_time_expired( &child->valid_to ) )
        *flags |= BADCERT_EXPIRED;

+    if( x509parse_time_future( &child->valid_from ) )
+        *flags |= BADCERT_FUTURE;
+
    /*
     * Child is the top of the chain. Check against the trust_ca list.
     */
@ -3426,6 +3432,9 @@ static int x509parse_verify_top(
        if( x509parse_time_expired( &trust_ca->valid_to ) )
            ca_flags |= BADCERT_EXPIRED;

+        if( x509parse_time_future( &trust_ca->valid_from ) )
+            ca_flags |= BADCERT_FUTURE;
+
        if( NULL != f_vrfy )
        {
            if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
@ -3459,6 +3468,9 @@ static int x509parse_verify_child(
    if( x509parse_time_expired( &child->valid_to ) )
        *flags |= BADCERT_EXPIRED;

+    if( x509parse_time_future( &child->valid_from ) )
+        *flags |= BADCERT_FUTURE;
+
    hash_id = child->sig_alg;

    x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );