From c2278c8bc41b01df9fac5fc3d7134430a88dd0e5 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Sat, 8 Sep 2018 10:09:32 +0200
Subject: [PATCH] TESTS: add test of decoding of invalid zero length ASN.1
 INTEGER zero

Confirms #7134

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7153)
---
 test/asn1_decode_test.c            | 173 +++++++++++++++++++++++++++++
 test/build.info                    |   6 +-
 test/recipes/04-test_asn1_decode.t |  12 ++
 3 files changed, 190 insertions(+), 1 deletion(-)
 create mode 100644 test/asn1_decode_test.c
 create mode 100644 test/recipes/04-test_asn1_decode.t

diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
new file mode 100644
index 0000000000..369023d5f1
--- /dev/null
+++ b/test/asn1_decode_test.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/rand.h>
+#include <openssl/asn1t.h>
+#include "internal/numbers.h"
+#include "testutil.h"
+
+#ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wunused-function"
+#endif
+#ifdef __clang__
+# pragma clang diagnostic ignored "-Wunused-function"
+#endif
+
+/* Badly coded ASN.1 INTEGER zero wrapped in a sequence */
+static unsigned char t_invalid_zero[] = {
+    0x30, 0x02,                  /* SEQUENCE tag + length */
+    0x02, 0x00                   /* INTEGER tag + length */
+};
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+/* LONG case ************************************************************* */
+
+typedef struct {
+    long test_long;
+} ASN1_LONG_DATA;
+
+ASN1_SEQUENCE(ASN1_LONG_DATA) = {
+    ASN1_EMBED(ASN1_LONG_DATA, test_long, LONG),
+} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
+
+static int test_long(void)
+{
+    const unsigned char *p = t_invalid_zero;
+    ASN1_LONG_DATA *dectst =
+        d2i_ASN1_LONG_DATA(NULL, &p, sizeof(t_invalid_zero));
+
+    if (dectst == NULL)
+        return 0;                /* Fail */
+
+    ASN1_LONG_DATA_free(dectst);
+    return 1;
+}
+#endif
+
+/* INT32 case ************************************************************* */
+
+typedef struct {
+    int32_t test_int32;
+} ASN1_INT32_DATA;
+
+ASN1_SEQUENCE(ASN1_INT32_DATA) = {
+    ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
+} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
+
+static int test_int32(void)
+{
+    const unsigned char *p = t_invalid_zero;
+    ASN1_INT32_DATA *dectst =
+        d2i_ASN1_INT32_DATA(NULL, &p, sizeof(t_invalid_zero));
+
+    if (dectst == NULL)
+        return 0;                /* Fail */
+
+    ASN1_INT32_DATA_free(dectst);
+    return 1;
+}
+
+/* UINT32 case ************************************************************* */
+
+typedef struct {
+    uint32_t test_uint32;
+} ASN1_UINT32_DATA;
+
+ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
+    ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
+} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
+
+static int test_uint32(void)
+{
+    const unsigned char *p = t_invalid_zero;
+    ASN1_UINT32_DATA *dectst =
+        d2i_ASN1_UINT32_DATA(NULL, &p, sizeof(t_invalid_zero));
+
+    if (dectst == NULL)
+        return 0;                /* Fail */
+
+    ASN1_UINT32_DATA_free(dectst);
+    return 1;
+}
+
+/* INT64 case ************************************************************* */
+
+typedef struct {
+    int64_t test_int64;
+} ASN1_INT64_DATA;
+
+ASN1_SEQUENCE(ASN1_INT64_DATA) = {
+    ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
+} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
+
+static int test_int64(void)
+{
+    const unsigned char *p = t_invalid_zero;
+    ASN1_INT64_DATA *dectst =
+        d2i_ASN1_INT64_DATA(NULL, &p, sizeof(t_invalid_zero));
+
+    if (dectst == NULL)
+        return 0;                /* Fail */
+
+    ASN1_INT64_DATA_free(dectst);
+    return 1;
+}
+
+/* UINT64 case ************************************************************* */
+
+typedef struct {
+    uint64_t test_uint64;
+} ASN1_UINT64_DATA;
+
+ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
+    ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
+} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
+
+static int test_uint64(void)
+{
+    const unsigned char *p = t_invalid_zero;
+    ASN1_UINT64_DATA *dectst =
+        d2i_ASN1_UINT64_DATA(NULL, &p, sizeof(t_invalid_zero));
+
+    if (dectst == NULL)
+        return 0;                /* Fail */
+
+    ASN1_UINT64_DATA_free(dectst);
+    return 1;
+}
+
+int setup_tests(void)
+{
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ADD_TEST(test_long);
+#endif
+    ADD_TEST(test_int32);
+    ADD_TEST(test_uint32);
+    ADD_TEST(test_int64);
+    ADD_TEST(test_uint64);
+    return 1;
+}
diff --git a/test/build.info b/test/build.info
index 2c02ecc040..08657c8011 100644
--- a/test/build.info
+++ b/test/build.info
@@ -44,7 +44,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           bio_callback_test \
           bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
           pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \
-          asn1_encode_test asn1_string_table_test \
+          asn1_encode_test asn1_decode_test asn1_string_table_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
           recordlentest drbgtest sslbuffertest \
           recordlentest drbgtest drbg_cavs_test sslbuffertest \
@@ -410,6 +410,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[asn1_encode_test]=../include
   DEPEND[asn1_encode_test]=../libcrypto libtestutil.a
 
+  SOURCE[asn1_decode_test]=asn1_decode_test.c
+  INCLUDE[asn1_decode_test]=../include
+  DEPEND[asn1_decode_test]=../libcrypto libtestutil.a
+
   SOURCE[asn1_string_table_test]=asn1_string_table_test.c
   INCLUDE[asn1_string_table_test]=../include
   DEPEND[asn1_string_table_test]=../libcrypto libtestutil.a
diff --git a/test/recipes/04-test_asn1_decode.t b/test/recipes/04-test_asn1_decode.t
new file mode 100644
index 0000000000..d2c4563266
--- /dev/null
+++ b/test/recipes/04-test_asn1_decode.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_asn1_decode", "asn1_decode_test");
-- 
2.25.1