Add appropriate lower bound checks for GeneralizedTime and UTCTime

ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8 impose specific constraints on how GeneralizedTime and UTCTime can be encoded in BER/CER/DER. Following from these constraints a minimum length can be derived. Checking the length in this context can potentially help prevent applications from interpreting an invalid GeneralizedTime as a valid UTCTime. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23483)
author: Job Snijders <job@sobornost.net> 2024-02-21 21:26:50 +0000
committer: Tomas Mraz <tomas@openssl.org> 2024-02-25 09:17:41 +0100
commit: eadd8c4727b703049e4d2764751cb04f3108434d (patch)
tree: abcf29b5404084d6b13362654658e7d94d3ea230 /test
parent: 5d70f11823e3d8b7214a1e094b8a4f744ad396f5 (diff)
3 files changed, 61 insertions, 6 deletions
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 9c676d3dcc..f112dd7034 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -11,6 +11,7 @@
 #include <string.h>
 
 #include <openssl/rand.h>
+#include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/obj_mac.h>
 #include "internal/numbers.h"
@@ -161,6 +162,56 @@ static int test_uint64(void)
     return 1;
 }
 
+/* GeneralizedTime underflow *********************************************** */
+
+static int test_gentime(void)
+{
+    /* Underflowing GeneralizedTime 161208193400Z (YYMMDDHHMMSSZ) */
+    const unsigned char der[] = {
+        0x18, 0x0d, 0x31, 0x36, 0x31, 0x32, 0x30, 0x38, 0x31,
+        0x39, 0x33, 0x34, 0x30, 0x30, 0x5a,
+    };
+    const unsigned char *p;
+    int der_len, rc = 1;
+    ASN1_GENERALIZEDTIME *gentime;
+
+    p = der;
+    der_len = sizeof(der);
+    gentime = d2i_ASN1_GENERALIZEDTIME(NULL, &p, der_len);
+
+    if (!TEST_ptr_null(gentime))
+        rc = 0; /* fail */
+
+    ASN1_GENERALIZEDTIME_free(gentime);
+    return rc;
+}
+
+/* UTCTime underflow ******************************************************* */
+
+static int test_utctime(void)
+{
+    /* Underflowing UTCTime 0205104700Z (MMDDHHMMSSZ) */
+    const unsigned char der[] = {
+        0x17, 0x0b, 0x30, 0x32, 0x30, 0x35, 0x31, 0x30,
+        0x34, 0x37, 0x30, 0x30, 0x5a,
+    };
+    const unsigned char *p;
+    int der_len, rc = 1;
+    ASN1_UTCTIME *utctime;
+
+    p = der;
+    der_len = sizeof(der);
+    utctime = d2i_ASN1_UTCTIME(NULL, &p, der_len);
+
+    if (!TEST_ptr_null(utctime))
+        rc = 0; /* fail */
+
+    ASN1_UTCTIME_free(utctime);
+    return rc;
+}
+
+/* Invalid template ******************************************************** */
+
 typedef struct {
     ASN1_STRING *invalidDirString;
 } INVALIDTEMPLATE;
@@ -229,6 +280,8 @@ int setup_tests(void)
     ADD_TEST(test_uint32);
     ADD_TEST(test_int64);
     ADD_TEST(test_uint64);
+    ADD_TEST(test_gentime);
+    ADD_TEST(test_utctime);
     ADD_TEST(test_invalid_template);
     ADD_TEST(test_reuse_asn1_object);
     return 1;
diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c
index aa1aa79ebb..0daf88b203 100644
--- a/test/asn1_time_test.c
+++ b/test/asn1_time_test.c
@@ -101,6 +101,10 @@ static struct testdata tbl_testdata_pos[] = {
     { "1970010100000AZ",   V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0,           0,  0, 0, },
     { "700101000000X",     V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         0,           0,  0, 0, },
     { "19700101000000X",   V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0,           0,  0, 0, },
+    { "209912312359Z",     V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0,           0,  0, 0, },
+    { "199912310000Z",     V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0,           0,  0, 0, },
+    { "9912312359Z",       V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         0,           0,  0, 0, },
+    { "9912310000Z",       V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         0,           0,  0, 0, },
     { "19700101000000Z",   V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME,         1,           0, -1, 1, }, /* Epoch begins */
     { "700101000000Z",     V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         1,           0, -1, 1, }, /* ditto */
     { "20380119031407Z",   V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME,         1,  0x7FFFFFFF,  1, 1, }, /* Max 32bit time_t */
@@ -111,9 +115,7 @@ static struct testdata tbl_testdata_pos[] = {
     { "19701006121456Z",   V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME,         1,    24063296, -1, 1, },
     { "701006121456Z",     V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         1,    24063296, -1, 1, },
     { "19991231000000Z",   V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME,         1,   946598400,  0, 1, }, /* Match baseline */
-    { "199912310000Z",     V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME,         1,   946598400,  0, 1, }, /* In various flavors */
     { "991231000000Z",     V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         1,   946598400,  0, 1, },
-    { "9912310000Z",       V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         1,   946598400,  0, 1, },
     { "9912310000+0000",   V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         1,   946598400,  0, 1, },
     { "199912310000+0000", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME,         1,   946598400,  0, 1, },
     { "9912310000-0000",   V_ASN1_UTCTIME,         V_ASN1_UTCTIME,         1,   946598400,  0, 1, },
diff --git a/test/x509_time_test.c b/test/x509_time_test.c
index 9fa9297cf3..b6aad699b5 100644
--- a/test/x509_time_test.c
+++ b/test/x509_time_test.c
@@ -490,7 +490,7 @@ static const struct {
             "Jul 31 22:20:50 2017 GMT"),
     /* Generalized Time, no seconds */
     construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME,
-            "Jul 31 22:20:00 2017 GMT"),
+            "Bad time value"),
     /* Generalized Time, fractional seconds (3 digits) */
     construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME,
             "Jul 31 22:20:50.123 2017 GMT"),
@@ -505,7 +505,7 @@ static const struct {
             "Jul 31 22:20:50 2017 GMT"),
     /* UTC Time, no seconds */
     construct_asn1_time("1707312220Z", V_ASN1_UTCTIME,
-            "Jul 31 22:20:00 2017 GMT"),
+            "Bad time value"),
 };
 
 static const struct {
@@ -517,7 +517,7 @@ static const struct {
             "2017-07-31 22:20:50Z"),
     /* Generalized Time, no seconds */
     construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME,
-            "2017-07-31 22:20:00Z"),
+            "Bad time value"),
     /* Generalized Time, fractional seconds (3 digits) */
     construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME,
             "2017-07-31 22:20:50.123Z"),
@@ -532,7 +532,7 @@ static const struct {
             "2017-07-31 22:20:50Z"),
     /* UTC Time, no seconds */
     construct_asn1_time("1707312220Z", V_ASN1_UTCTIME,
-            "2017-07-31 22:20:00Z"),
+            "Bad time value"),
 };
 
 static int test_x509_time_print_rfc_822(int idx)
author	Job Snijders <job@sobornost.net>	2024-02-21 21:26:50 +0000
committer	Tomas Mraz <tomas@openssl.org>	2024-02-25 09:17:41 +0100
commit	eadd8c4727b703049e4d2764751cb04f3108434d (patch)
tree	abcf29b5404084d6b13362654658e7d94d3ea230 /test
parent	5d70f11823e3d8b7214a1e094b8a4f744ad396f5 (diff)