Can you give some suggestion about how build a Hacked JDK for The Malformed Certificates tests

Matthew Hall mhall at mhcomputing.net
Wed Mar 19 19:01:40 UTC 2014


On Wed, Mar 19, 2014 at 07:55:30PM +0800, zaiyao liu wrote:
> I am developing The Malformed Certificates tests, this test  exist
> to test JDK's SSL  ability to withstand attack in the form of
> deliberately 1.3 million malformed ASN.1-encoded data.
> Detail please refer test plan: http://wiki.se.oracle.com/display/JPG/Malformed+Certificates+Test+Plan

This is a VERY good thing to try. I worked previously on a protocol mutation 
system and found several serious bugs in GnuTLS using X.509 field corruptions 
which resulted in a security advisory. A competitor later found very similar 
issues in OpenSSL.

> I want to use JDK8 as attack JDK, and this JDK should be modified to
> allow use of invalid certificates, I have try to use following code
> to generate invalid certificate:

This simply cannot work via any sort of hack or workaround, because the JDK 
trusts the ASN.1 data when creating and allocating X.509 certificate 
substructures, such as the values behind all of these getter functions on the 
X509Certificate class:

abstract int    getBasicConstraints()
List<String>    getExtendedKeyUsage()
Collection<List<?>>     getIssuerAlternativeNames()
abstract Principal  getIssuerDN()
abstract boolean[]  getIssuerUniqueID()
X500Principal   getIssuerX500Principal()
abstract boolean[]  getKeyUsage()
abstract Date   getNotAfter()
abstract Date   getNotBefore()
abstract BigInteger     getSerialNumber()
abstract String     getSigAlgName()
abstract String     getSigAlgOID()
abstract byte[]     getSigAlgParams()
abstract byte[]     getSignature()
Collection<List<?>>     getSubjectAlternativeNames()
abstract boolean[]  getSubjectUniqueID()
X500Principal   getSubjectX500Principal()
abstract byte[]     getTBSCertificate()
abstract int    getVersion()

When the JDK attempts to load a cert, it expects valid ASN.1 encodings for all 
of these when allocating the structures.

In order to perform your test, you'll need to make a modified version of JSSE 
or a modified version of the Bouncy Castle libraries, which will allow you to 
send an arbitrary byte[], *Stream class, or *Buffer class (from NIO), 
containing a corrupted X.509 certificate, which will be sent verbatim onto the 
Socket or Channel, with no modification.

Good Luck! I think you'll find some fascinating results, and more than a few 
potential bugs.

Matthew.



More information about the security-dev mailing list