Can you give some suggestion about how build a Hacked JDK for The Malformed Certificates tests

zaiyao liu zaiyao.liu at oracle.com
Wed Mar 19 11:55:30 UTC 2014


Hi team,

I am developing The Malformed Certificates tests, this test  exist to 
test JDK's SSL  ability to withstand attack in the form of deliberately 
1.3 million malformed ASN.1-encoded data.
Detail please refer test plan: 
http://wiki.se.oracle.com/display/JPG/Malformed+Certificates+Test+Plan

The idea is to "attack" an JDK SSL/SMIME process by sending it 
intentionally malformed certificates (or malformed SMIME messages), and 
ensure that the process under attack does not:

  * crash
  * leak
  * accept any of the bad certs or messages as if they were good

To do the Malformed Certificates tests with SSL certs, I should launch 
two JVM, one as "JDK under test", the other as "attack JDK",

I want to use JDK8 as attack JDK, and this JDK should be modified to 
allow use of invalid certificates, I have try to use following code to 
generate invalid certificate:
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public class X509CertificateLoad {

     /**
      * Load a X509 certificate from file.
      */
     public static void main(String[] args) throws Exception {
         FileInputStream fis = new FileInputStream(args[0]);
         CertificateFactory cf = CertificateFactory.getInstance("X509");
         X509Certificate cert = (X509Certificate) 
cf.generateCertificate(fis);
         System.out.println("SUCCESS");
     }
}

got following error:
         X509Certificate cert = (X509Certificate) 
cf.generateCertificate(fis);java.lang.NegativeArraySizeException
     at 
sun.security.util.DerInputStream.getUnalignedBitString(DerInputStream.java:238)
     at sun.security.x509.X509Key.parse(X509Key.java:171)
     at 
sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)

Can you give some suggestion about how to bypass this kind of check to 
generator a certificate for invalid certificate? (I will use this 
invalid to attack normal JDK).

Thanks

Kevin



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20140319/ae986e24/attachment-0001.html>


More information about the security-dev mailing list