RFC5280 strict time string check

[InfoHunter]

Checklist

• documentation is added or updated
• tests are added or updated

Fixes #3444

Thoughts: introduce a new API called "ASN1_TIME_set_string_strict" which is used to check if the time string (both UTC and Generalized) matches what RFC 5280 requires.

To make it compatible with those legacy certificates generated by previous versions of OpenSSL command line tool, all use the original "loose" rule to check the time string except the 'ca' application which is enforced to use the strict version to produce RFC-5280-fulfilled certificates only. Thus, openssl command can still read and use RFC-5280-time-conficting certificates but can't generate any of them.

Docs and tests will be updated as this fix is generally accepted for the concept/idea.

Please ignore the first unrelated 3 outdated commits : )

[kroeckx]

I guess I would prefer a function in the X509 name space and not in the generic ASN1. It's for X509 that we want to be strict. But then I'm not sure it's important.

I would also like to see tests to see that we reject invalid strings now, and that it properly ends up as UTC / Generalized.

[InfoHunter]

Test cases updated.

[InfoHunter]

Hi @kroeckx

I changed ASN1_TIME_set_string_strict to ASN1_TIME_set_string_X509, it's still in the ASN1 name space but the function name is more specific to X509. Since all X509 time related stuff is handled by ASN1 time functions now in OpenSSL, so it might be 'OK' to consider the strict X509 format as a a 'subset' feature offered by the underlaying ASN1. But it still looks good if we add an X509_time_xxx function in x509_vfy.c to wrap the ASN1 layer, so what do you think?

Documentation and test cases are all updated. Please let me know your considerations.

[kroeckx]

I think you should probably either add something to the TESTDATA structure or use a different one. The current expected is the result of a compare, so you have a cmp_time and when comparing the parsed and the expected value you expect to get something. You don't use the cmp_time, and use expected for something else.

You also don't seem to be using the type you set in the test data, and adjust the type based on the string you give, which doesn't make sense. I think you should check both that parsing is successful and that it returned the correct type. The correct type for all of your strings should be V_ASN1_UTCTIME, because they're all before 2050. You should also create strings that are after 2050.

[kroeckx]

It might also be useful to do a check like giving "20170217180154Z" and checking that it turned it into "170217180154Z" (and is a V_ASN1_UTCTIME)

[InfoHunter]

Hmm, I know what's going wrong: previously I only considered 'checking' the time string format but what is described in the 4.1.2.5. section of RFC 5280 is not implemented in my patch. So the test cases cover only the 'check' part, but no 're-format' the time string.

I need a little more time to add the missing functionality, thanks man!

[InfoHunter]

Hi @kroeckx , I have update the code to have "2050-Generalized-to-UTC" feature implemented, as well as test cases and documentation. Please review them, thanks.

[kroeckx]

I've been wondering if we shouldn't just set this flag somehow instead of creating a new API just to set this flag. I don't actually know enough about the whole API to know how to extend it best, so I'm open for other ideas.

[InfoHunter]

IMHO, since we need to utilize the ASN1_TIME to struct tm parsing logic, it might be one of the best ways to reduce duplicated code if we use a flag and treat it in current ASN1_TIME to struct tm parsing functions.

[levitte]

There is no precedent, all other flags are set internally, so I think we're at liberty to define how to set this particular flag whatever way we wish. The way it's implemented here seems sane to me.

[kroeckx]

use t != NULL

[InfoHunter]

OK

[kroeckx]

I don't really understand the point of this, why not always give it an ASN1_TIME?

[InfoHunter]

Because we need to test if this function can accept a NULL input for the first parameter and if behaves properly. The doc under doc/man3/ASN1_TIME_set.pod didn't describe this usage for the original ASN1_TIME_set_string(), but it's indeed used that way in apps/ca.c and might be used already by other applications. So I think we need to cover this scenario in case of the future-API-internal-change, we would probably get noticed if input of NULL ASN1_TIME still works or not.

[InfoHunter]

Is there a way to re-launch the travis-ci manually?

It seems it failed because the server didn't start:

Client command: echo test | ../util/shlib_wrap.sh ../apps/openssl s_client -engine ossltest -connect localhost:4453 -ct
engine "ossltest" set.
Connection opened
Failed to start up server (localhost,4443): Connection refused
Server command: ../util/shlib_wrap.sh ../apps/openssl s_server -no_comp -rev -engine ossltest -accept 4443 -cert ../apps/server.pem -cert2 ../apps/server.pem -naccept 1 -cipher AES128-SHA:TLS13-AES-128-GCM-SHA256 -status_file ../test/recipes/ocsp-response.der -serverinfo ../test/serverinfo2.pem

Per 9fa299f

I cannot reproduce this locally.

[levitte]

Okie, job restarted

[InfoHunter]

@levitte , is this normal? I mean a server can't start

[mattcaswell]

@levitte , is this normal? I mean a server can't start

Looking at the logs it seems to me that the server did actually start eventually. If you look at the following test the server fails to start there too because the address is already in use. The problem seems to be we gave up trying to connect too quickly. Looking at the code we try 3 times with a 0.1 sec pause between each attempt. Perhaps that is too aggressive.

[InfoHunter]

Yep, I noticed those bind errors. I agree with you that an 0.1s internal is too aggressive. Should it be adjust to avoid this? Or maybe the number of tries should be increased.

[mattcaswell]

Yep, I noticed those bind errors. I agree with you that an 0.1s internal is too aggressive. Should it be adjust to avoid this? Or maybe the number of tries should be increased.

I upped the retries: #3587

[levitte]

Please add a history section mentioning this was added for OpenSSL 1.1.1. There are examples on how to do this in other .pod files

[InfoHunter]

Roger.

[kroeckx]

I think we don't need to document in detail what it all checks, just that it's restricts it to what RFC5280 allows. So maybe it should say that it only allows YYMMDDHHMMSSZ and YYYYMMDDHHMMSSZ, while the other functions allows others.

[InfoHunter]

Okay, I'll make it briefer.

[kroeckx]

So it seems there is a conflict that you will need to resolve.

[kroeckx]

@richsalz: Are you still happy with the current version?

[richsalz]

I'm still okay; let me know if you want me to merge.

[kroeckx]

Feel free to merge

[richsalz]

merged and squashed. thanks, paul!