ASN.1 tests without x509 #75
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
enhancement
gilles-peskine-arm
force-pushed
the
asn1-tests-without-x509
branch
from
9710b2d to
83ef814
Compare
gilles-peskine-arm
force-pushed
the
asn1-tests-without-x509
branch
from
83ef814 to
b802a69
Compare
gilles-peskine-arm
added
the
needs: review
Patater
added
the
needs: work
|
Needs rebase to resolve conflicts |
Allow test code to declare a "step number". Report the current step number when a test fails.
Document preconditions on parameters, values changed through pointers, and error codes. This commit leaves some issues regarding integers (especially negative integers) open, because we don't have a policy decision on how to handle them yet.
Add self-contained ASN.1 parsing tests, so that ASN.1 parsing is not solely tested through X.509 and TLS. The tests cover every function and almost complete line coverage in asn1parse.c. A few test cases containing negative and edge case INTEGER values are deliberately deactivated because the historical library behavior is at odds with official specifications, but changing the behavior might break interoperability. Other than that, these tests revealed a couple of minor bugs which will be fixed in subsequent commits.
Allow any number of leading zeros, not just based on sizeof(int).
Fix improper rejection of bitstrings with length less than 2.
Omit negative integers and MPIs that would result in values that look like negative INTEGERs, since the library doesn't respect the specifications there, but fixing it has a serious risk of breaking interoperability when ASN.1 is used in X.509 and other cryptography-related applications.
mbedtls_asn1_write_int had an undocumented restriction to values that fit in a single octet. Fix this. Negative integers are still not supported.
The documentation never said it explicitly, but the ASN.1 library doesn't support negative integers. Say it explicitly. Also fix a copypasta error.
Use the test-many-sizes framework for string writes as well (previously, it was only used for booleans and integers). This way, more edge cases are tested with less test code. This commit removes buffer overwrite checks. Instead of these checks, run the test suite under a memory sanitizer (which we do in our CI).
Document how mbedtls_asn1_store_named_data allocates val.p in the new or modified entry. Change the behavior to be more regular, always setting the new length to val_len. This does not affect the previous documented behavior since this aspect was not documented. This does not affect current usage in Mbed TLS's X.509 module where calls with the same OID always use the same size for the associated value.
The new macro ASSERT_ALLOC_WEAK does not fail the test case if the memory allocation fails. This is useful for tests that allocate a large amount of memory, but that aren't useful on platforms where allocating such a large amount is not possible. Ideally this macro should mark the test as skipped. We don't yet have a facility for that but we're working on it. Once we have a skip functionality, this macro should be changed to use it.
gilles-peskine-arm
force-pushed
the
asn1-tests-without-x509
branch
from
3c435fb to
f34f2db
Compare
gilles-peskine-arm
removed
the
needs: work
MBEDTLS_ERR_ASN1_INVALID_DATA is documented as "not used", but it has been used since the PolarSSL days.
gilles-peskine-arm
force-pushed
the
asn1-tests-without-x509
branch
from
f34f2db to
aac3853
Compare
k-stachowiak
suggested changes
Sep 20, 2019
include/mbedtls/asn1.h
Outdated
| * after the length, i.e. the first byte of the content. | ||
| * On error, the value of \c *p is undefined. | ||
| * \param end End of data. | ||
| * \param len On successful completion, \c *len contains the lengtth |
There was a problem hiding this comment.
This typo is still present and should be fixed.
There was a problem hiding this comment.
Oh, I hadn't spotted it was present twice. I amended the typo-fixing commit to also fix this one.
| * \param p On entry, \c *p points to the start of the ASN.1 element. | ||
| * On successful completion, \c *p points to the first byte | ||
| * after the length, i.e. the first byte of the content. | ||
| * On error, the value of \c *p is undefined. |
There was a problem hiding this comment.
I wonder if we can at least guarantee *p to remain in the <begin, end> range. If so, the API user can e.g. dump <*p, end> for debugging purposes.
There was a problem hiding this comment.
We can, but how useful is that? *p may be beyond the location of the error. I don't want to guarantee anything about where *p is in relation to the error. And “location of the error” may not be meaningful anyway.
For debugging purposes, looking around *p may be helpful, but then you can see in your debugger that *p points somewhere inside the buffer. For logging, I don't think this is useful. So I'd rather keep it simple and flexible: it's undefined (for example, one day we may want to set *p = NULL to avoid accidentally using some misparsed data).
include/mbedtls/asn1.h
Outdated
| size_t *len ); | ||
| int mbedtls_asn1_get_bitstring_null( unsigned char **p, | ||
| const unsigned char *end, | ||
| size_t *len ); | ||
|
|
||
| /** | ||
| * \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>" | ||
| * Updated the pointer to immediately behind the full sequence tag. |
There was a problem hiding this comment.
Preexisting: Shouldn't this be "Updates to the ..."? Also, there's no period at the end of the previous line.
| free_named_data_list:0 | ||
|
|
||
| Free named data list (2) | ||
| free_named_data_list:0 |
There was a problem hiding this comment.
All the three free_named_data_list() are given an argument 0
There was a problem hiding this comment.
Free named data list (1) .......................................... Segmentation fault (core dumped)
Having the intended test data revealed a bug in the test code.
k-stachowiak
previously approved these changes
Sep 23, 2019
Fix copypasta in test data and fix a switcho in test code.
gilles-peskine-arm
force-pushed
the
asn1-tests-without-x509
branch
from
e304fa6 to
88f136f
Compare
gilles-peskine-arm
removed
the
needs: preceding PR
|
Mbed-TLS/mbedtls#2488 has been merged, so this PR is safe to merge. |
k-stachowiak
approved these changes
Oct 4, 2019
|
CI failure is only TLS's check generated files test. The generated files will be fixed when TLS updates to the new version of the Crypto submodule. |
gilles-peskine-arm
added a commit
to Mbed-TLS/mbedtls
that referenced
this pull request
Oct 8, 2019
Update crypto submodule: * ARMmbed/mbed-crypto#277: Improve speed of PBKDF2 by caching the digest state of the passphras * ARMmbed/mbed-crypto#269: Add PSA API versioning * ARMmbed/mbed-crypto#278: Fix on target test issues * ARMmbed/mbed-crypto#286: Fix defgroup syntax for API version section * ARMmbed/mbed-crypto#75: ASN.1 tests without x509
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbed-crypto
that referenced
this pull request
Oct 13, 2019
Get started on writing a change log file for Mbed Crypto. I went through pull requests merged since the tag mbedcrypto-2.0.0 and up to ARMmbed#75, i.e. commit 9ab7c07.
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbed-crypto
that referenced
this pull request
Nov 15, 2019
* ARMmbed#277: Improve speed of PBKDF2 by caching the digest state of the passphrase * ARMmbed#269: Add PSA API versioning * ARMmbed#278: Fix on target test issues * ARMmbed#286: Fix defgroup syntax for API version section * ARMmbed#75: ASN.1 tests without x509
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add ASN.1 unit tests. Cover all functions from the asn1 parse and write modules. Fix #76.
Fix a couple of minor bugs and improve the documentation.
This PR breaks mbedtls because two test cases in
test_suite_x509_parsemake assumptions about bugs in the ASN.1 module which this PR fixes. This PR must land in mbedtls only once Mbed-TLS/mbedtls#2488 is merged there.Once this PR is merged, a commented-out test case that Mbed-TLS/mbedtls#2488 adds to
test_suite_x509_parse.datacan be uncommented.Backports: