Check that SCT timestamps are not in the future (1fa9ffd9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/ct/ct_err.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@ static ERR_STRING_DATA CT_str_functs[] = {
		{ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},
		{ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},
		{ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"},
		{ERR_FUNC(CT_F_SCT_CTX_VERIFY), "SCT_CTX_verify"},
		{ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},
		{ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"},
		{ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},
		@@ -45,7 +46,6 @@ static ERR_STRING_DATA CT_str_functs[] = {
		{ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
		{ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
		{ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
		{ERR_FUNC(CT_F_SCT_CTX_VERIFY), "SCT_CTX_verify"},
		{0, NULL}
		};

		@@ -58,6 +58,7 @@ static ERR_STRING_DATA CT_str_reasons[] = {
		"log conf missing description"},
		{ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"},
		{ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"},
		{ERR_REASON(CT_R_SCT_FUTURE_TIMESTAMP), "sct future timestamp"},
		{ERR_REASON(CT_R_SCT_INVALID), "sct invalid"},
		{ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"},
		{ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"},

+12 −0

Original line number	Diff line number	Diff line
		@@ -98,6 +98,8 @@ struct sct_ctx_st {
		/* pre-certificate encoding */
		unsigned char *preder;
		size_t prederlen;
		/* milliseconds since epoch (to check that the SCT isn't from the future) */
		uint64_t epoch_time_in_ms;
		};

		/* Context when evaluating whether a Certificate Transparency policy is met */
		@@ -105,6 +107,8 @@ struct ct_policy_eval_ctx_st {
		X509 *cert;
		X509 *issuer;
		CTLOG_STORE *log_store;
		/* milliseconds since epoch (to check that SCTs aren't from the future) */
		uint64_t epoch_time_in_ms;
		};

		/*
		@@ -150,6 +154,14 @@ __owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX sctx, X509_PUBKEY pubkey);
		*/
		__owur int SCT_CTX_set1_pubkey(SCT_CTX sctx, X509_PUBKEY pubkey);

		/*
		* Sets the current time, in milliseconds since the Unix epoch.
		* The timestamp of the SCT will be compared to this, to check that it was not
		* issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
		* timestamp is in the future", so SCT verification will fail in this case.
		*/
		void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);

		/*
		* Verifies an SCT with the given context.
		* Returns 1 if the SCT verifies successfully; any other value indicates

+9 −0

Original line number	Diff line number	Diff line
		@@ -59,6 +59,11 @@ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
		ctx->log_store = log_store;
		}

		void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
		{
		ctx->epoch_time_in_ms = time_in_ms;
		}

		X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
		{
		return ctx->cert;
		@@ -74,3 +79,7 @@ const CTLOG_STORE CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX c
		return ctx->log_store;
		}

		uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
		{
		return ctx->epoch_time_in_ms;
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -332,6 +332,8 @@ int SCT_validate(SCT sct, const CT_POLICY_EVAL_CTX ctx)
		goto err;
		}

		SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);

		/*
		* XXX: Potential for optimization. This repeats some idempotent heavy
		* lifting on the certificate for each candidate SCT, and appears to not

+5 −0

Original line number	Diff line number	Diff line
		@@ -256,3 +256,8 @@ int SCT_CTX_set1_pubkey(SCT_CTX sctx, X509_PUBKEY pubkey)
		sctx->pkey = pkey;
		return 1;
		}

		void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
		{
		sctx->epoch_time_in_ms = time_in_ms;
		}