From f0a27f557060f3ee5b59ccc89c5c659043e370eb Mon Sep 17 00:00:00 2001 From: Dmitriy Zhuravlev Date: Wed, 9 Mar 2016 19:22:09 +0200 Subject: [PATCH] Fix defects reported by SVACE in ckm unittests Change-Id: I68d86ed516dad5492d8b0028d28f460612b8775e Signed-off-by: Dmitriy Zhuravlev Reviewed-on: https://gerrit.iotivity.org/gerrit/5437 Reviewed-by: Randeep Singh (cherry picked from commit 755ef54828f4e7744b121219b4c259293e748665) Reviewed-on: https://gerrit.iotivity.org/gerrit/5677 Tested-by: Randeep Singh --- .../provisioning/ck_manager/unittest/pki_test.cpp | 185 +++++++++++++-------- 1 file changed, 113 insertions(+), 72 deletions(-) diff --git a/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp b/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp index e2dc42d..a2ceb10 100644 --- a/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp +++ b/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp @@ -19,7 +19,7 @@ ******************************************************************/ - +#include #include #include #include @@ -173,7 +173,7 @@ TEST(X509Certificate, RandomDecode) for (unsigned int i = 0; i < RUNS; i++) { - code.len = rand() % MAX_LEN; + code.len = (size_t)((size_t)rand() % MAX_LEN); code.data = (uint8_t *)malloc(code.len * sizeof(uint8_t)); EXPECT_NE(code.data, (uint8_t *)NULL); @@ -285,7 +285,7 @@ TEST_F(PKITest, TimeValidity) ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey)); certDer.len = sizeof(derData); - ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate((uint8_t *)"160101000000Z", 0, &certDer)); + ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate((uint8_t *)"170101000000Z", 0, &certDer)); ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey)); } ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo()); @@ -368,44 +368,48 @@ TEST(X509Certificate, testParsePublicKey) //test checking of certificate generated by OpenSSL TEST(OpenSSLCompatibility, verifyOpenSslCertSign) { + struct stat st; + uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0}; + uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0}; ByteArray crtDer = BYTE_ARRAY_INITIALIZER; + ByteArray pubKey = BYTE_ARRAY_INITIALIZER; CertificateX509 certificate; - FILE *fileCert = fopen("01.der", "rb"); - ASSERT_TRUE(fileCert != NULL); + crtDer.data = crtData; + crtDer.len = sizeof(crtData); + pubKey.data = pubKeyData; + pubKey.len = sizeof(pubKeyData); - //get the length - fseek(fileCert, 0, SEEK_END); - crtDer.len = ftell(fileCert); - fseek(fileCert, 0, SEEK_SET); - //allocate memory - crtDer.data = (uint8_t*)malloc(crtDer.len+1); + //open file + int fileCert = open("01.der", O_RDONLY); + ASSERT_TRUE(fileCert != -1); + //get status + ASSERT_TRUE(fstat(fileCert, &st) == 0); //read the content - EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, fileCert)); - fclose(fileCert); - - ByteArray pubKey = BYTE_ARRAY_INITIALIZER; - FILE * fileKey = fopen("capub.der", "rb"); - ASSERT_TRUE(fileKey != NULL); - fseek(fileKey, 0, SEEK_END); - pubKey.len = ftell(fileKey); - fseek(fileKey, 0, SEEK_SET); - //openssl generates a public key that is longer than 64 bytes - //with additional 27 bytes prepending the actual key - if(pubKey.len > PUBLIC_KEY_SIZE){ - fseek(fileKey, (pubKey.len - PUBLIC_KEY_SIZE), SEEK_SET); - pubKey.len = PUBLIC_KEY_SIZE; + int res = read(fileCert, crtDer.data, crtDer.len); + ASSERT_NE(-1, res); + EXPECT_EQ(st.st_size, res); + close(fileCert); + + //open file + int fileKey = open("capub.der", O_RDONLY); + ASSERT_TRUE(fileKey != -1); + //get status + ASSERT_TRUE(fstat(fileKey, &st) == 0); + + if(st.st_size > PUBLIC_KEY_SIZE) + { + ASSERT_NE(-1, lseek(fileKey, (st.st_size - PUBLIC_KEY_SIZE), SEEK_SET)); } - pubKey.data = (uint8_t*)malloc(pubKey.len+1); + //read the content - EXPECT_EQ(READ_WRITE_BLOCK_N, fread(pubKey.data, pubKey.len, READ_WRITE_BLOCK_N, fileKey)); - fclose(fileKey); + res = read(fileKey, pubKey.data, pubKey.len); + ASSERT_NE(-1, res); + EXPECT_EQ(PUBLIC_KEY_SIZE, res); + close(fileKey); EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &certificate)); EXPECT_EQ(PKI_SUCCESS, CheckCertificate(crtDer, pubKey)); - - free(crtDer.data); - free(pubKey.data); } //test parsing of certificate chain generated by OpenSSL @@ -441,30 +445,37 @@ TEST(CertificateChain, LoadCertificateChain) //test checking CA certificate generated by OpenSSL TEST(OpenSSLCompatibility, testOpenSSLCertificate) { + struct stat st; ByteArray crtDer = BYTE_ARRAY_INITIALIZER; - FILE *fileCert = fopen("cacert.der", "rb"); - ASSERT_TRUE(fileCert != NULL); + uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0}; + + crtDer.data = crtData; + crtDer.len = sizeof(crtData); + + //open file + int fd = open("cacert.der", O_RDONLY); + ASSERT_TRUE(fd != -1); + //get status + ASSERT_TRUE(fstat(fd, &st) == 0); - //get the length - fseek(fileCert, 0, SEEK_END); - crtDer.len = ftell(fileCert); - fseek(fileCert, 0, SEEK_SET); - //allocate memory - crtDer.data = (uint8_t*)malloc(crtDer.len+1); //read the content - EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, fileCert)); + int res = read(fd, crtDer.data, crtDer.len); + ASSERT_NE(-1, res); + ASSERT_EQ(st.st_size, res); + close(fd); + + crtDer.len = st.st_size; - fclose(fileCert); #ifdef X509_DEBUG printf("Length of cert: %lu\n", crtDer.len); #endif EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &PKITest::g_certificate)); - free(crtDer.data); } //test signatures checking of certificate chain generated by OpenSSL TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain) { + struct stat st; ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},}; CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},}; ByteArray msg = BYTE_ARRAY_INITIALIZER; @@ -475,13 +486,15 @@ TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain) ASSERT_TRUE(fileChain != NULL); //get the length - fseek(fileChain, 0, SEEK_END); - msg.len = ftell(fileChain); - fseek(fileChain, 0, SEEK_SET); + ASSERT_NE(-1, fseek(fileChain, 0, SEEK_END)); + int len = ftell(fileChain); + ASSERT_NE(-1, len); + msg.len = (size_t) len; + ASSERT_NE(-1, fseek(fileChain, 0, SEEK_SET)); //allocate memory msg.data = (uint8_t*)malloc(msg.len+1); //read the content - EXPECT_EQ(READ_WRITE_BLOCK_N, fread(msg.data, msg.len, READ_WRITE_BLOCK_N, fileChain)); + ASSERT_EQ(READ_WRITE_BLOCK_N, fread(msg.data, msg.len, READ_WRITE_BLOCK_N, fileChain)); fclose (fileChain); @@ -495,27 +508,31 @@ TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain) EXPECT_EQ(PKI_SUCCESS, ParseCertificateChain(crtChainDer, crtChain, chainLength)); ByteArray caPubKey = BYTE_ARRAY_INITIALIZER; + uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0}; + + caPubKey.data = pubKeyData; + caPubKey.len = sizeof(pubKeyData); - const char* caPubKeyPath = {"capub.der"}; - FILE *fileCaPubKey = fopen(caPubKeyPath, "rb"); - ASSERT_TRUE(fileCaPubKey != NULL); + //open file + int fileKey = open("capub.der", O_RDONLY); + ASSERT_TRUE(fileKey != -1); + //get status + ASSERT_TRUE(fstat(fileKey, &st) == 0); - fseek(fileCaPubKey, 0, SEEK_END); - caPubKey.len = ftell(fileCaPubKey); - fseek(fileCaPubKey, 0, SEEK_SET); - if(caPubKey.len > PUBLIC_KEY_SIZE){ - fseek(fileCaPubKey, (caPubKey.len - PUBLIC_KEY_SIZE), SEEK_SET); - caPubKey.len = PUBLIC_KEY_SIZE; + if(st.st_size > PUBLIC_KEY_SIZE) + { + ASSERT_NE(-1, lseek(fileKey, (st.st_size - PUBLIC_KEY_SIZE), SEEK_SET)); } - caPubKey.data = (uint8_t*)malloc(caPubKey.len+1); + //read the content - EXPECT_EQ(READ_WRITE_BLOCK_N, fread(caPubKey.data, caPubKey.len, READ_WRITE_BLOCK_N, fileCaPubKey)); - fclose(fileCaPubKey); + int res = read(fileKey, caPubKey.data, caPubKey.len); + ASSERT_NE(-1, res); + EXPECT_EQ(PUBLIC_KEY_SIZE, res); + close(fileKey); EXPECT_EQ(PKI_SUCCESS, CheckCertificateChain(crtChain, chainLength, caPubKey)); free(msg.data - 3); - free(caPubKey.data); } //testing correctness of decoding certificate length from ASN.1 structure @@ -578,7 +595,7 @@ TEST(SNStore, MemoryOverflow) TEST_F(PKITest, CAInitAndSerialNum) { ASSERT_EQ(PKI_SUCCESS, InitCKMInfo()); - long serialNum = rand() % (MAX_LEN - 1) + 1; + long serialNum = (long)((long)rand() % (MAX_LEN - 1) + 1); ASSERT_EQ(PKI_SUCCESS, InitCKMInfo()); //all the serials should start from ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(serialNum)); @@ -592,7 +609,7 @@ TEST_F(PKITest, CAInitAndSerialNum) TEST_F(PKITest, testCAName) { ByteArray caName = BYTE_ARRAY_INITIALIZER; - caName.len = ((size_t)rand() % (ISSUER_MAX_NAME_SIZE - 1) + 1); + caName.len = (size_t)((size_t)rand() % (ISSUER_MAX_NAME_SIZE - 1) + 1); caName.data = (uint8_t*)malloc(caName.len); size_t i; for(i = 0; i < caName.len; i++){ @@ -768,6 +785,7 @@ TEST_F(PKITest, testRevocateCertificate) //checck correctness of saving root certificate to binary file TEST_F(PKITest, StoreCKMInfo) { + struct stat st; ASSERT_EQ(PKI_SUCCESS, InitCKMInfo()); uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0}; uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0}; @@ -818,18 +836,22 @@ TEST_F(PKITest, StoreCKMInfo) // Check Certificate file CertificateX509 certificate; ByteArray crtDer = BYTE_ARRAY_INITIALIZER; - FILE *filePtr = fopen(CA_STORAGE_CRT_FILE , "rb"); - ASSERT_TRUE(filePtr != NULL); + uint8_t crtDerData[ISSUER_MAX_CERT_SIZE] = {0}; - //get the length - fseek(filePtr, 0, SEEK_END); - crtDer.len = ftell(filePtr); - fseek(filePtr, 0, SEEK_SET); - //allocate memory - crtDer.data = (uint8_t*)malloc(crtDer.len+1); + crtDer.data = crtDerData; + crtDer.len = sizeof(crtDerData); + + //open file + int fd = open(CA_STORAGE_CRT_FILE, O_RDONLY); + ASSERT_TRUE(fd != -1); + //get status + ASSERT_TRUE(fstat(fd, &st) == 0); //read the content - EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, filePtr)); - fclose(filePtr); + int res = read(fd, crtDer.data, crtDer.len); + ASSERT_NE(-1, res); + EXPECT_EQ(st.st_size > ISSUER_MAX_CERT_SIZE ? ISSUER_MAX_CERT_SIZE : st.st_size, res); + close(fd); + ByteArray crtCheck; crtCheck.data = crtDer.data + 3; //now file contains length of certificate crtCheck.len = crtDer.len - 3; @@ -852,7 +874,6 @@ TEST_F(PKITest, StoreCKMInfo) EXPECT_EQ(PKI_SUCCESS, CloseCKMInfo()); free(crlDer.data); free(code.data); - free(crtDer.data); } //check correctness of root certificate generation @@ -948,6 +969,7 @@ TEST_F(PKITest, CRLSetGet) { OicSecCrl_t *defaultCrl = NULL; defaultCrl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t)); + ASSERT_NE(defaultCrl, (OicSecCrl_t *) NULL); defaultCrl->CrlId = CRL_DEFAULT_CRL_ID; defaultCrl->CrlData.data = (uint8_t *)CRL_DEFAULT_CRL_DATA; defaultCrl->CrlData.len = strlen(CRL_DEFAULT_CRL_DATA); @@ -963,6 +985,25 @@ TEST_F(PKITest, CRLSetGet) int main(int argc, char **argv) { + int urandom; + unsigned int seed = 0; + + urandom = open ("/dev/urandom", O_RDONLY); + if(urandom) + { + fprintf(stderr, "Cannot open /dev/urandom\n"); + } + else + { + if(read(urandom, &seed, sizeof(seed)) != sizeof(seed)) + { + fprintf(stderr, "Error read from /dev/urandom\n"); + } + close(urandom); + } + + srand(seed); + ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); } -- 2.7.4