commit 50a5c53398b5ffc3cc997a8c7d432a025c8de2f3
author Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 10:59:10 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 10:59:10 2014 +0200
tree fc2d276027caa94a1e6fe6274e076b07ebb3f8f0
parent 0d844dd650536c19c13b67cbad82efcffd6a8d4a

Reject certs and CRLs from the future

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 513f9f5..f1fc690 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
    * Forbid change of server certificate during renegotiation to prevent
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
+   * Check notBefore timestamp of certificates and CRLs from the future.
 
 Bugfix
    * Fixed X.509 hostname comparison (with non-regular characters)

include/polarssl/x509.h

diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 9cc757b..1dbc40d 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -80,6 +80,9 @@
 #define BADCERT_MISSING             0x40  /**< Certificate was missing. */
 #define BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
 #define BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
+#define BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
+#define BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
+
 /* \} name */
 /* \} addtogroup x509_module */
 

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 8de0d98..16b0149 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3275,6 +3275,9 @@
         if( x509parse_time_expired( &crl_list->next_update ) )
             flags |= BADCRL_EXPIRED;
 
+        if( x509parse_time_future( &crl_list->this_update ) )
+            flags |= BADCRL_FUTURE;
+
         /*
          * Check if certificate is revoked
          */
@@ -3358,6 +3361,9 @@
     if( x509parse_time_expired( &child->valid_to ) )
         *flags |= BADCERT_EXPIRED;
 
+    if( x509parse_time_future( &child->valid_from ) )
+        *flags |= BADCERT_FUTURE;
+
     /*
      * Child is the top of the chain. Check against the trust_ca list.
      */
@@ -3426,6 +3432,9 @@
         if( x509parse_time_expired( &trust_ca->valid_to ) )
             ca_flags |= BADCERT_EXPIRED;
 
+        if( x509parse_time_future( &trust_ca->valid_from ) )
+            ca_flags |= BADCERT_FUTURE;
+
         if( NULL != f_vrfy )
         {
             if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
@@ -3459,6 +3468,9 @@
     if( x509parse_time_expired( &child->valid_to ) )
         *flags |= BADCERT_EXPIRED;
 
+    if( x509parse_time_future( &child->valid_from ) )
+        *flags |= BADCERT_FUTURE;
+
     hash_id = child->sig_alg;
 
     x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );