From: Denis Kenzior <denkenz@gmail.com>
To: Andrew Zaborowski <andrew.zaborowski@intel.com>, ell@lists.linux.dev
Subject: Re: [PATCH 2/4] cert: Check validity dates in l_certchain_verify
Date: Tue, 1 Nov 2022 09:04:51 -0500 [thread overview]
Message-ID: <a1b6179d-4472-1924-65f1-e49631972bf0@gmail.com> (raw)
In-Reply-To: <20221031105342.2660357-2-andrew.zaborowski@intel.com>
On 10/31/22 05:53, Andrew Zaborowski wrote:
> Check the validity start and end dates of every certificate in the chain
> being verified (must all be valid) and every trusted CA certificate
> (ignore invalid ones, use the valid ones if any left). The dates are
> checked against current CLOCK_REALTIME value. There may be use cases
> for verifying a certificate chain without looking at the dates at all,
> such as when the system clock hasn't been initialized in early boot and
> that can be added if there's an actual user for that. Until now we've
> almost fully relied on the kernel to do all the verification and
> consistency checks on the certificates and the kernel does not look at
> validity dates.
>
> Do these checks only in l_certchain_verify rather than directly in
> l_cert_load_container_file() or l_pem_load_certificate_chain_from_data()
> because 1. users may want to parse and display information about expired
> certificates for a UI. 2. l_certchain_verify also returns a debug error
> string which is going to be very helpful in diagnosing user issues from
> logs, unlike the loader functions. 3. in some usages there may be a
> longer periods of time between certchain loading, CA certificate loading
> and/or verifying the chain against the CAs, and we mainly care about
> them being valid at the time of the verification.
> ---
> ell/cert.c | 159 ++++++++++++++++++++++++++++++++++++++++++-----------
> 1 file changed, 126 insertions(+), 33 deletions(-)
<snip>
> @@ -655,22 +684,81 @@ LIB_EXPORT bool l_certchain_verify(struct l_certchain *chain,
> struct l_key *prev_key = NULL;
> int verified = 0;
> int ca_match = 0;
> - int i = 0;
> + int i;
> static char error_buf[200];
I bumped this to 1024 since gcc was complaining:
ell/cert.c: In function 'l_certchain_verify':
ell/cert.c:865:30: error: '%s' directive output may be truncated writing up to
99 bytes into a region of size between 47 and 166 [-Werror=format-truncation=]
865 | RETURN_ERROR("Linking certificate %i / %i failed, %s%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
866 | verified + 1, total, str1, str2);
| ~~~~
ell/cert.c:672:64: note: in definition of macro 'RETURN_ERROR'
672 | snprintf(error_buf, sizeof(error_buf), msg, ## args); \
| ^~~
ell/cert.c:865:69: note: format string is defined here
865 | RETURN_ERROR("Linking certificate %i / %i failed, %s%s",
| ^~
ell/cert.c:672:25: note: 'snprintf' output between 35 and 253 bytes into a
destination of size 200
672 | snprintf(error_buf, sizeof(error_buf), msg, ##
args); \
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ell/cert.c:865:17: note: in expansion of macro 'RETURN_ERROR'
865 | RETURN_ERROR("Linking certificate %i / %i failed, %s%s",
| ^~~~~~~~~~~~
> + int total = 0;
> + uint64_t now;
> + _auto_(l_free) struct l_cert **ca_certs_valid = NULL;
> + int ca_certs_total_count = 0;
> + int ca_certs_valid_count = 0;
>
All 4 applied, thanks.
Regards,
-Denis
next prev parent reply other threads:[~2022-11-01 14:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-31 10:53 [PATCH 1/4] cert: Fix logic in cert_parse_asn1_time check Andrew Zaborowski
2022-10-31 10:53 ` [PATCH 2/4] cert: Check validity dates in l_certchain_verify Andrew Zaborowski
2022-11-01 14:04 ` Denis Kenzior [this message]
2022-10-31 10:53 ` [PATCH 3/4] build: Generate an expired test certificate Andrew Zaborowski
2022-10-31 10:53 ` [PATCH 4/4] unit: Minimal l_certchain_verify validity dates test Andrew Zaborowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1b6179d-4472-1924-65f1-e49631972bf0@gmail.com \
--to=denkenz@gmail.com \
--cc=andrew.zaborowski@intel.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).