From 4874e92ccf86df3e00cdd660bcd5c635bbc9c33e Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 22:01:05 +0000 Subject: [PATCH] Add test for CRL with invalid GeneralizedTime length of 13 characters Co-Authored-By: Anthony H --- certs/crl/invalid/gentime13.pem | 13 ++++ tests/test_invalid_gentime_crl.c | 101 +++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 certs/crl/invalid/gentime13.pem create mode 100644 tests/test_invalid_gentime_crl.c diff --git a/certs/crl/invalid/gentime13.pem b/certs/crl/invalid/gentime13.pem new file mode 100644 index 000000000..589771d8f --- /dev/null +++ b/certs/crl/invalid/gentime13.pem @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB7DCB1QIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzELMAkGA1UE +CAwCVVMxCzAJBgNVBAcMAlVTMQswCQYDVQQKDAJVUzELMAkGA1UEAwwCVVMxCzAJ +BgNVBAsMAlVTGA0yNDAxMjMwMDAwMDBaGA0zNDAxMjAwMDAwMDBaMDUwMwIUHIAC +LvgfJAXulqYS3LYf4KxwHl4XDTI1MDMxMzAyNDQ0MFowDDAKBgNVHRUEAwoBBqAc +MBowGAYDVR0UBBECDxnP/97adO3y9qRGDM7hQDANBgkqhkiG9w0BAQsFAAOCAQEA +aDY9jBdAJiAujUkaLYLVtzNWF/0SxD5CB4dYIcZMqtPKLn5ykcxkXvnRbVihJ+Kn +AAv9Fkn5iwj77EGwxNjyZktQ4gAmcMhCTBEcAHbmi92tHttot9Sr44+CN+0NaaQD +OflIeVw7Zir90TWufjScy8/e7FkVm+aD5CicrbJWqoe21pB1Q1jS49iNrZzqZ2vw +HLiqNAzpecxwUih/YPe5+CBk5Nq4vICeieGVC/JO9r5SkdDwWQTl0I3kSK6n4Jh7 +53FmIen80F2ZZuZu4/fhJ7C4rlr6W9i6FrK06s5mk1PeYFHKhCkwI8wp8cIudJQD +lLsK2u4CTcuTKdbDLsszYA== +-----END X509 CRL----- diff --git a/tests/test_invalid_gentime_crl.c b/tests/test_invalid_gentime_crl.c new file mode 100644 index 000000000..b38572bae --- /dev/null +++ b/tests/test_invalid_gentime_crl.c @@ -0,0 +1,101 @@ +/* test_invalid_gentime_crl.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include + +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + +#include +#include +#include + +#include + +int test_invalid_gentime_crl(void) +{ + int ret = 0; + XFILE fp = XBADFILE; + X509_CRL *crl = NULL; + const char* crlFile = "../certs/crl/invalid/gentime13.pem"; + + printf("Testing CRL with invalid GeneralizedTime length (13 characters)...\n"); + + /* Try to load CRL with invalid GeneralizedTime length */ + fp = XFOPEN(crlFile, "rb"); + if (fp == XBADFILE) { + printf("Failed to open CRL file: %s\n", crlFile); + ret = -1; + goto done; + } + + /* This should fail due to invalid GeneralizedTime length */ + crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL**)NULL, NULL, NULL); + + /* Expect crl to be NULL due to invalid date format */ + if (crl != NULL) { + printf("ERROR: Successfully parsed CRL with invalid GeneralizedTime length\n"); + ret = -1; + } else { + printf("SUCCESS: CRL with invalid GeneralizedTime length was rejected\n"); + } + + if (fp != XBADFILE) { + XFCLOSE(fp); + } + +done: + if (crl != NULL) { + X509_CRL_free(crl); + } + + return ret; +} + +int main(void) +{ + int ret = 0; + + ret = test_invalid_gentime_crl(); + + if (ret != 0) { + printf("Test failed with error: %d\n", ret); + return ret; + } + + printf("All tests passed!\n"); + return 0; +} + +#else + +int main(void) +{ + printf("Test skipped: OPENSSL_EXTRA and HAVE_CRL required\n"); + return 0; +} + +#endif /* OPENSSL_EXTRA && HAVE_CRL */