Don't forget the datatype when decoding a PEM file #13329
Conversation
I would write a separate recipe for this, that generates a X9.42 and a DSA PEM file, and capture the output of |
The OSSL_STORE code was forgetting the datatype that we read from the PEM header when decoding the DER. Fixes #13046
Add tests for various deprecated PEM_read_bio_*() functions to ensure they can still read the various files.
There have been instances where OSSL_STORE got confused between DSA and DH params (e.g. see issue #13046) due the DER encoding of DH and DSA params looking identical. Therefore we test that we get the types that we expect.
|
I've rebased this to fix a conflict with master and extended it with additional tests. My first attempt at adding tests was to create a test that called various PEM_read_bio_* functions to check that we got the expected result back. This effectively does the same thing as the reproducer in #13046. To my surprise I found that the tests I had written were passing in master even without my fix applied!! On further investigation I found that issue in #13046 no longer exists. It was "fixed" by commit 35426b2. However the "fix" only addresses the symptoms by changing Therefore I have kept the original tests that I wrote (they would have caught the issue before 35426b2 was applied). I've also added more tests to test OSSL_STORE directly. This PR is now out of WIP. Please take a look. |
|
Fixup pushed to address some missing no-dh and no-dsa guards. |
|
I saw a surprising memleak in the last Travis results... have you tried an ASAN build? (considering the tracebacks I saw, I might have to step in... unless you can quickly see what goes wrong) |
Leak was in the test. Now fixed. |
|
If CIs agree... |
|
Travis failures are unrelated to this PR. |
Confirmed |
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
|
@mattcaswell are you saying that this PR doesnt fix the ossl store issue? If so is there an issue for this? |
I assume you are referring to this comment by me:
What I was trying to say (apparently unsuccessfully) is that there has been a "fix" already applied that meant the reproducer in #13046 no longer works. But that other "fix" did not address the OSSL_STORE bug. This PR does address that bug. |
|
Pushed. Thanks. |
Add tests for various deprecated PEM_read_bio_*() functions to ensure they can still read the various files. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13329)
The OSSL_STORE code was forgetting the datatype that we read from the
PEM header when decoding the DER.
Fixes #13046
WIP because it needs a test.
@levitte - I'm not sure where to put a test for this? Can you give me a hint?