Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Coverity times #19004

Closed
wants to merge 4 commits into from
Closed

Coverity times #19004

wants to merge 4 commits into from

Conversation

paulidale
Copy link
Contributor

Various TLS time_t use fixes for problems that will happen when the low 32 bits of time_t rolls over.

I've flagged this for all supported branches but it might be better to refactor master to use OSSL_TIME instead of persisting with time_t. That's too much change for 3.0 and 1.1.1.

@paulidale
Coverity 1508506: misuse of time_t
67a43c3 
Fixes a bug in the cookie code which would have caused problems for ten
minutes before and after the lower 32 bits of time_t rolled over.
@paulidale
Coverity 1508540: misuse of time_t
b1f1801 
Avoid a problem when the lower 32 bits of time_t roll over by delaying the cast
to integer until after the time delta has been computed.
@paulidale
Coverity 1508534: misuse of time_t
0a5c7da 
Avoid a problem when the lower 32 bits of time_t roll over by delaying the cast
to integer until after the time delta has been computed.
@paulidale paulidale added branch: master Merge to master branch approval: review pending This pull request needs review by a committer branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch labels Aug 16, 2022
@paulidale paulidale self-assigned this Aug 16, 2022
kaduk
kaduk reviewed Aug 16, 2022
View reviewed changes
Copy link
Contributor

@kaduk kaduk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's interesting how little overlap there is with #17701, #17786, or #17778.
This does introduce an incompatible change in the cookie format, so cookies received across a software upgrade would not be accepted. This is probably uninteresting, given how cookies are used (whereas for session tickets it would be a bigger deal!), but I wanted to confirm that you'd thought about it before hitting 'approve'.

@paulidale
Copy link
Contributor Author

This isn't attempting to fix all of the y2038 problems but it should help with some. There will be more required 😢

I did dig into the cookies a bit and I think it's okay except, as you noted, across software upgrades. Is this better or worse than rejecting cookies issued during the window of failure? I think it's better, but it's not clear cut. A move to OSSL_TIME would likely break cookies again, assuming that that is stored in the cookie instead of the time_t value.

kaduk
kaduk requested changes Aug 16, 2022
View reviewed changes
Copy link
Contributor

@kaduk kaduk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the cookie usage a bit more, you do need to update MAX_COOKIE_SIZE and the associated comment.
Bumping COOKIE_STATE_FORMAT_VERSION would alleviate basically all of my (nascent) concerns. I think it would mean dropping connection attempts across the software upgrade, but the alternative is a lot harder to analyze and ensure the safety of.

@paulidale
Copy link
Contributor Author

Okay, made those changes. Thanks for the suggestion.

kaduk
kaduk approved these changes Aug 16, 2022
View reviewed changes
Copy link
Contributor

@kaduk kaduk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update.
I'm okay with this and can tolerate the expansion of the cookie size. That seems like the main lingering risk/concern, but we can always make a future change to optimize its encoding if it becomes an issue.

@kaduk kaduk removed the approval: review pending This pull request needs review by a committer label Aug 16, 2022
@t8m t8m requested a review from mattcaswell August 17, 2022 08:17
@mattcaswell mattcaswell added approval: done This pull request has the required number of approvals and removed approval: otc review pending This pull request needs review by an OTC member labels Aug 17, 2022
@openssl-machine openssl-machine removed the approval: done This pull request has the required number of approvals label Aug 18, 2022
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@openssl-machine openssl-machine added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Aug 18, 2022
openssl-machine pushed a commit that referenced this pull request Aug 18, 2022
@paulidale
Coverity: misuses of time_t
e8a557d 
Coverity 1508506:

    Fixes a bug in the cookie code which would have caused problems for
    ten minutes before and after the lower 32 bits of time_t rolled over.

Coverity 1508534 & 1508540:

    Avoid problems when the lower 32 bits of time_t roll over by delaying
    the cast to integer until after the time delta has been computed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #19004)
openssl-machine pushed a commit that referenced this pull request Aug 18, 2022
@paulidale
Coverity 1508534 & 1508540: misuses of time_t
a6cadcb 
    Avoid problems when the lower 32 bits of time_t roll over by delaying
    the cast to integer until after the time delta has been computed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #19004)

(cherry picked from commit e8a557d)
@paulidale
Copy link
Contributor Author

Merged to master.
Merged everything bar the cookie change to 3.0 and 1.1.1. They lack the 8 byte helper functions.

@paulidale paulidale closed this Aug 18, 2022
openssl-machine pushed a commit that referenced this pull request Aug 18, 2022
@paulidale
Coverity 1508534 & 1508540: misuses of time_t
552603e 
Avoid problems when the lower 32 bits of time_t roll over by delaying
the cast to integer until after the time delta has been computed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #19004)

(cherry picked from commit a6cadcb)
@paulidale paulidale deleted the coverity-times branch August 18, 2022 22:46
This was referenced Aug 18, 2022
Closed
Closed
sftcd pushed a commit to sftcd/openssl that referenced this pull request Sep 24, 2022
@paulidale @sftcd
Coverity: misuses of time_t
3192714 
Coverity 1508506:

    Fixes a bug in the cookie code which would have caused problems for
    ten minutes before and after the lower 32 bits of time_t rolled over.

Coverity 1508534 & 1508540:

    Avoid problems when the lower 32 bits of time_t roll over by delaying
    the cast to integer until after the time delta has been computed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#19004)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaduk kaduk kaduk approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

Assignees

@paulidale paulidale

Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch branch: 3.0 Merge to openssl-3.0 branch triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@paulidale @openssl-machine @kaduk @mattcaswell