From 0528d3382549ed25e0166f99eda1267af13a790f Mon Sep 17 00:00:00 2001 From: winnie-hu Date: Mon, 12 Sep 2022 17:22:17 +0800 Subject: [PATCH 1/2] fix x509 cert return basic constraints bug Signed-off-by: winnie-hu --- common/inc/config.h | 3 +++ frameworks/certificate/x509_certificate.c | 12 ++++++------ .../certificate/src/x509_certificate_openssl.c | 3 --- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/common/inc/config.h b/common/inc/config.h index b325be3..5ca803c 100644 --- a/common/inc/config.h +++ b/common/inc/config.h @@ -20,5 +20,8 @@ #define HCF_MAX_ALGO_NAME_LEN 128 // input algoName parameter max length limit, include \0 #define LOG_PRINT_MAX_LEN 1024 // log max length limit #define HCF_MAX_BUFFER_LEN 8192 +#define INVALID_VERSION (-1) +#define INVALID_SERIAL_NUMBER (-1) +#define INVALID_CONSTRAINTS_LEN (-1) #endif diff --git a/frameworks/certificate/x509_certificate.c b/frameworks/certificate/x509_certificate.c index 3499662..9bf31b4 100644 --- a/frameworks/certificate/x509_certificate.c +++ b/frameworks/certificate/x509_certificate.c @@ -134,11 +134,11 @@ long GetVersion(HcfX509Certificate *self) { if (self == NULL) { LOGE("Invalid input parameter."); - return -1; + return INVALID_VERSION; } if (!IsClassMatch((HcfObjectBase *)self, GetX509CertificateClass())) { LOGE("Class is not match."); - return -1; + return INVALID_VERSION; } return ((HcfX509CertificateImpl *)self)->spiObj->engineGetVersion( ((HcfX509CertificateImpl *)self)->spiObj); @@ -148,11 +148,11 @@ long GetSerialNumber(HcfX509Certificate *self) { if (self == NULL) { LOGE("Invalid input parameter."); - return -1; + return INVALID_SERIAL_NUMBER; } if (!IsClassMatch((HcfObjectBase *)self, GetX509CertificateClass())) { LOGE("Class is not match."); - return -1; + return INVALID_SERIAL_NUMBER; } return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSerialNumber( ((HcfX509CertificateImpl *)self)->spiObj); @@ -302,11 +302,11 @@ static int32_t GetBasicConstraints(HcfX509Certificate *self) { if (self == NULL) { LOGE("Invalid input parameter."); - return HCF_INVALID_PARAMS; + return INVALID_CONSTRAINTS_LEN; } if (!IsClassMatch((HcfObjectBase *)self, GetX509CertificateClass())) { LOGE("Class is not match."); - return HCF_INVALID_PARAMS; + return INVALID_CONSTRAINTS_LEN; } return ((HcfX509CertificateImpl *)self)->spiObj->engineGetBasicConstraints( ((HcfX509CertificateImpl *)self)->spiObj); diff --git a/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c b/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c index d628bb6..c519430 100644 --- a/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c +++ b/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c @@ -31,9 +31,6 @@ #include "openssl_class.h" #include "openssl_common.h" -#define INVALID_VERSION (-1) -#define INVALID_SERIAL_NUMBER (-1) -#define INVALID_CONSTRAINTS_LEN (-1) #define X509_CERT_PUBLIC_KEY_OPENSSL_CLASS "X509CertPublicKeyOpensslClass" #define OID_STR_MAX_LEN 128 #define CHAR_TO_BIT_LEN 8 -- Gitee From bff8164ec164bde55193b50caac2bb4a669bd775 Mon Sep 17 00:00:00 2001 From: winnie-hu Date: Mon, 12 Sep 2022 17:22:17 +0800 Subject: [PATCH 2/2] wqfix x509 cert return basic constraints bug Signed-off-by: winnie-hu --- common/inc/config.h | 3 +++ frameworks/certificate/x509_certificate.c | 12 ++++++------ .../certificate/src/x509_certificate_openssl.c | 3 --- test/unittest/BUILD.gn | 10 +++++----- .../src/crypto_x509_certificate_test.cpp | 16 ++++++++++++++++ 5 files changed, 30 insertions(+), 14 deletions(-) diff --git a/common/inc/config.h b/common/inc/config.h index b325be3..5ca803c 100644 --- a/common/inc/config.h +++ b/common/inc/config.h @@ -20,5 +20,8 @@ #define HCF_MAX_ALGO_NAME_LEN 128 // input algoName parameter max length limit, include \0 #define LOG_PRINT_MAX_LEN 1024 // log max length limit #define HCF_MAX_BUFFER_LEN 8192 +#define INVALID_VERSION (-1) +#define INVALID_SERIAL_NUMBER (-1) +#define INVALID_CONSTRAINTS_LEN (-1) #endif diff --git a/frameworks/certificate/x509_certificate.c b/frameworks/certificate/x509_certificate.c index 3499662..9bf31b4 100644 --- a/frameworks/certificate/x509_certificate.c +++ b/frameworks/certificate/x509_certificate.c @@ -134,11 +134,11 @@ long GetVersion(HcfX509Certificate *self) { if (self == NULL) { LOGE("Invalid input parameter."); - return -1; + return INVALID_VERSION; } if (!IsClassMatch((HcfObjectBase *)self, GetX509CertificateClass())) { LOGE("Class is not match."); - return -1; + return INVALID_VERSION; } return ((HcfX509CertificateImpl *)self)->spiObj->engineGetVersion( ((HcfX509CertificateImpl *)self)->spiObj); @@ -148,11 +148,11 @@ long GetSerialNumber(HcfX509Certificate *self) { if (self == NULL) { LOGE("Invalid input parameter."); - return -1; + return INVALID_SERIAL_NUMBER; } if (!IsClassMatch((HcfObjectBase *)self, GetX509CertificateClass())) { LOGE("Class is not match."); - return -1; + return INVALID_SERIAL_NUMBER; } return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSerialNumber( ((HcfX509CertificateImpl *)self)->spiObj); @@ -302,11 +302,11 @@ static int32_t GetBasicConstraints(HcfX509Certificate *self) { if (self == NULL) { LOGE("Invalid input parameter."); - return HCF_INVALID_PARAMS; + return INVALID_CONSTRAINTS_LEN; } if (!IsClassMatch((HcfObjectBase *)self, GetX509CertificateClass())) { LOGE("Class is not match."); - return HCF_INVALID_PARAMS; + return INVALID_CONSTRAINTS_LEN; } return ((HcfX509CertificateImpl *)self)->spiObj->engineGetBasicConstraints( ((HcfX509CertificateImpl *)self)->spiObj); diff --git a/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c b/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c index d628bb6..c519430 100644 --- a/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c +++ b/plugin/openssl_plugin/certificate/src/x509_certificate_openssl.c @@ -31,9 +31,6 @@ #include "openssl_class.h" #include "openssl_common.h" -#define INVALID_VERSION (-1) -#define INVALID_SERIAL_NUMBER (-1) -#define INVALID_CONSTRAINTS_LEN (-1) #define X509_CERT_PUBLIC_KEY_OPENSSL_CLASS "X509CertPublicKeyOpensslClass" #define OID_STR_MAX_LEN 128 #define CHAR_TO_BIT_LEN 8 diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index b6940d7..ed6247e 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -33,14 +33,14 @@ ohos_unittest("crypto_framework_test") { "src/crypto_ecc_key_agreement_test.cpp", "src/crypto_ecc_sign_test.cpp", "src/crypto_ecc_verify_test.cpp", - #"src/crypto_rsa_cipher_test.cpp", - # "src/crypto_rsa_asy_key_generator_test.cpp", - # "src/crypto_rsa_sign_test.cpp", - # "src/crypto_rsa_verify_test.cpp", + "src/crypto_rsa_cipher_test.cpp", + "src/crypto_rsa_asy_key_generator_test.cpp", + "src/crypto_rsa_sign_test.cpp", + "src/crypto_rsa_verify_test.cpp", "src/crypto_x509_certificate_test.cpp", "src/crypto_aes_cipher_test.cpp", "src/crypto_3des_cipher_test.cpp", - "src/crypto_mac_test.cpp", + #"src/crypto_mac_test.cpp", "src/crypto_md_test.cpp", "src/crypto_rand_test.cpp", "src/x509_cert_chain_validator_test.cpp", diff --git a/test/unittest/src/crypto_x509_certificate_test.cpp b/test/unittest/src/crypto_x509_certificate_test.cpp index 453be95..701b7f2 100644 --- a/test/unittest/src/crypto_x509_certificate_test.cpp +++ b/test/unittest/src/crypto_x509_certificate_test.cpp @@ -957,6 +957,22 @@ HWTEST_F(X509CertTest, GetBasicConstraints002, TestSize.Level0) OH_HCF_ObjDestroy(x509Cert); } +/* invalid input. */ +HWTEST_F(X509CertTest, GetBasicConstraints002, TestSize.Level0) +{ + HcfX509Certificate *x509Cert = nullptr; + HcfEncodingBlob inStream = { 0 }; + inStream.data = (uint8_t *)g_testSelfSignedCaCert; + inStream.encodingFormat = HCF_FORMAT_PEM; + inStream.len = strlen(g_testSelfSignedCaCert) + 1; + HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert); + EXPECT_EQ(ret, HCF_SUCCESS); + EXPECT_NE(x509Cert, nullptr); + int32_t pathLen = x509Cert->getBasicConstraints(nullptr); + EXPECT_EQ(pathLen, -1); + OH_HCF_ObjDestroy(x509Cert); +} + HWTEST_F(X509CertTest, GetSubjectAltNames001, TestSize.Level0) { HcfArray outName = { 0 }; -- Gitee