Clean up & improve PK write test functions #7449
Conversation
Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
added
enhancement
needs-review
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
|
Actually, I think we want to backport this to 2.28 - we're trying to keep testing aligned when possible, in order to facilitate backports for future bug fixes, which generally come with their regression test. |
mpg
added
the
needs-backports
tests/data_files/Makefile
Outdated
| @@ -999,6 +999,57 @@ ec_bp512_pub.comp.pem: ec_bp512_pub.pem | |||
| $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed | |||
| all_final += ec_bp512_pub.comp.pem | |||
|
|
|||
| ################################################################ | |||
| #### Convert PEM keys in DER format | |||
There was a problem hiding this comment.
| #### Convert PEM keys in DER format | |
| #### Convert PEM keys to DER format |
Let's not. There could be some mix-up in the parsing code that breaks DER parsing when PEM is enabled. The cost is negligible. |
AndrzejKurek
removed
the
needs-backports
|
Tests are failing on Windows. Interestingly enough, what's failing is the PEM tests, which were already present, not the DER tests which have just been added. I didn't investigate, but this smells CR+LF vs LF issues - we changed the way files are read I think, so this probably had an impact somehow? |
gilles-peskine-arm
added
needs-work
needs-ci
|
|
||
| TEST_ASSERT(ilen == pem_len); | ||
| TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0); | ||
| ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); |
There was a problem hiding this comment.
As Manuel suspects, this fails with PEM files on Windows because of its handling of text files. mbedtls_pk_write_key_pem writes to the buffer, without going through the I/O layer, so newlines in start_buf are a \n character. mbedtls_pk_load_file loads files in binary mode (it has no choice since it must support DER), so newlines in check_buf are \n on non-Windows but \r\n on Windows (because Git treats PEM files as text, so it converts \n to \r\n upon checkout).
This wasn't a problem with the old code because it called fopen in text mode to read check_buf, so the I/O layer converted \r\n in the file to \n in memory. But of course that would have corrupted DER files.
I guess the solution is to remove CR characters from check_buf if the format is PEM. Or keep calling fopen directly, but choose text vs binary mode depending on whether the data is DER or PEM.
There was a problem hiding this comment.
Thanks a lot for your help! It really saved me a lot of time since I was not aware of this difference and I didn't have a Windows machine at hand.
There was a problem hiding this comment.
We got hit by this on another PR not so long ago. While I understand why git it doing it, I still find it always surprising that what we check out (on Windows) is not byte-for-byte identical to what we commited (on Linux), at least with the default settings. Thanks Gilles for the reminder!
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
Signed-off-by: Valerio Setti <[email protected]>
mpg
added
approved
Reduce memory footprint for pkwrite's tests.
Resolves #7446
Gatekeeper checklist