8000 Reinstate support for constructed strings in crypto/asn1 by samuel40791765 · Pull Request #2310 · aws/aws-lc · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Reinstate support for constructed strings in crypto/asn1 #2310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 17, 2025
Merged

Reinstate support for constructed strings in crypto/asn1 #2310

merged 2 commits into from
Apr 17, 2025

Conversation

samuel40791765
Copy link
Contributor
@samuel40791765 samuel40791765 commented Apr 3, 2025
edited
Loading

Issues:

Resolves CryptoAlg-3037

Description of changes:

This is the last step of trying to reinstate support for BER in our OpenSSL ASN1 macro parsers. Proper support for BER consists of two parts, "indefinite length BER" and "implicitly tagged constructed BER strings". The first step of supporting indefinite length BER can be found in eafd940.

This commit is a revert of the prior commit below. All "new logic" in crypto/asn1/tasn_dec.c was taken from this.

The only smaller new changes are the following:

  • The original commit uses an additional free_cont parameter to pass into asn1_ex_c2i. This indicates whether a buffer should be reused or newly allocated. This made things a bit funky and the actual performance upgrade for reusing a buffer seems negligible. Removing the use of free_cont altogether helps isolate the ASN1 code changes to just one static function in crypto/asn1/tasn_dec.c and cleans up logic.

Testing:

  • I've reused the BER tests in our CBB parsers here so we're confident that the functionalities 1:1. eafd940 only borrowed the ones that were indefinite length, while this commit takes and tests against constructed string test cases.
  • eafd940 documented some test cases that were failing due to no support for constructed strings. I've update the documentation and turned on the tests, as this commit now allows proper support of them.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@codecov-commenter
Copy link
codecov-commenter commented Apr 3, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 75.00000% with 17 lines in your changes missing coverage. Please review.

Project coverage is 78.77%. Comparing base (d1c1d72) to head (989dcbb).

Files with missing lines Patch % Lines
crypto/asn1/tasn_dec.c 67.92% 17 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2310   +/-   ##
=======================================
  Coverage   78.77%   78.77%           
=======================================
  Files         620      620           
  Lines      107874   107936   +62     
  Branches    15323    15337   +14     
=======================================
+ Hits        84977    85030   +53     
- Misses      22239    22249   +10     
+ Partials      658      657    -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@samuel40791765 samuel40791765 changed the title Revert constructed Reinstate support for constructed strings in crypto/asn1 Apr 10, 2025
@samuel40791765 samuel40791765 marked this pull request as ready for review April 10, 2025 23:06
@samuel40791765 samuel40791765 requested a review from a team as a code owner April 10, 2025 23:06
justsmth
justsmth previously approved these changes Apr 11, 2025
View reviewed changes
WillChilds-Klein
WillChilds-Klein previously approved these changes Apr 14, 2025
View reviewed changes
skmcgrail
skmcgrail approved these changes Apr 17, 2025
View reviewed changes
crypto/asn1/tasn_dec.c

static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) {
int len;
if (buf) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like collect_data is never called with buf == NULL, should this return 0 instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great question, I did some digging around. But judging from the comment in asn1_collect which mentions "If no buffer and not indefinite length constructed just pass over the encoded data", it does seem like there's the possibility of buf being NULL and there being operations that need to be done under that circumstance.

I'll leave it as is for the time being, OpenSSL's ASN1 implementation is also like this today.

@samuel40791765 samuel40791765 merged commit 417e1b6 into aws:main Apr 17, 2025
106 of 114 checks passed
@samuel40791765 samuel40791765 deleted the revert-constructed branch April 17, 2025 18:14
@justsmth justsmth mentioned this pull request Apr 23, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skmcgrail skmcgrail skmcgrail approved these changes

@WillChilds-Klein WillChilds-Klein WillChilds-Klein approved these changes

@justsmth justsmth justsmth left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@samuel40791765 @codecov-commenter @skmcgrail @WillChilds-Klein @justsmth
0