[Bug 3329] New: Certificate validity dates greater than 32bit are truncated to 2038-01-19T03:14:07

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jul 2 14:00:25 AEST 2021 

https://bugzilla.mindrot.org/show_bug.cgi?id=3329

            Bug ID: 3329
           Summary: Certificate validity dates greater than 32bit are
                    truncated to 2038-01-19T03:14:07
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: anthony at ajmartinez.com
                CC: dtucker at dtucker.net
            Blocks: 3302
                CC: dtucker at dtucker.net
            Blocks: 3302
   Attachment #3531 1
       is obsolete:

Creation of certificates with validity dates beyond the 32-bit limit
are truncated to the edge.

Example from 8.4p1:

[user at disp8853 ~]$ ssh-keygen -t ecdsa -N "" -q -f ca
[user at disp8853 ~]$ ssh-keygen -t ecdsa -N "" -q -f user
[user at disp8853 ~]$ ssh-keygen -s ca -I bug-report -z 911 -n 32bitdates
-V always:20390101 user.pub
Signed user key user-cert.pub: id "bug-report" serial 911 for
32bitdates valid before 2038-01-19T03:14:07
[user at disp8853 ~]$ ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021

This has been observed in several versions from 7.x to 8.x on x86_64
(Windows and Linux), and armv7 (Linux)

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
It looks like the cert validity is fine, it's the formatting function
that has the limit:

        if (cert->valid_after != 0) {
                /* XXX revisit INT_MAX in 2038 :) */
                tt = cert->valid_after > INT_MAX ?
                    INT_MAX : cert->valid_after;
                tm = localtime(&tt);
                strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm);
        }

Unfortunately there's no TIME_T_MAX, and while we can figure out how
big time_t is but there's nothing specifying whether it's signed or
unsigned.

Anyway there's a format_absolute_time in misc.c, we should factor these
out of sshkey.c and fix it in format_absolute_time.

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3531
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3531&action=edit
allow formatting dates >INT_MAX

This patch ought to fix it on platforms with 64bit time_t, although
it'll also require some work in configure to be correct on other
systems.

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3532
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3532&action=edit
allow formatting dates >INT_MAX


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list