Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change pkey parse methods to return s2n_result #4271

Merged
merged 4 commits into from
Nov 1, 2023
Merged

Change pkey parse methods to return s2n_result #4271

merged 4 commits into from
Nov 1, 2023

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Oct 30, 2023
edited
Loading

Resolved issues:

resolves #4270

Description of changes:

This is the change that really matters here:

-    RESULT_ENSURE(s2n_asn1der_to_public_key_and_type(public_key, pkey_type, &asn1_cert) == 0,
-            S2N_ERR_CERT_UNTRUSTED);
+    RESULT_GUARD(s2n_asn1der_to_public_key_and_type(public_key, pkey_type, &asn1_cert));

To make sure that change was safe, I also swapped s2n_asn1der_to_public_key_and_type and its dependencies to return s2n_result instead of int. Then, for symmetry and because it shared many of the same dependencies, I also swapped s2n_asn1der_to_private_key to s2n_result.

This touches a lot of files, but it's an automated, trivial refactor with minimal manual intervention.

Testing:

I added a new test for the issue this resolves: 6cede2c I only test failure on awslc. I could also test for success on openssl-1.1.1, but unless I'm forgetting some trick, specifically checking for openssl-1.1.1 is pretty tricky in our code-- it's basically "1.1.1, and we don't detect that this is a known libcrypto other than openssl". I'm worried about failures with conditional compilation like that. But I have at least manually verified that it passes with openssl-1.1.1.

  • This is probably an issue we need to fix.

Mostly I just changed return values, and any errors related to that should be compile-time.
However, I also swapped some S2N_ERROR_IF to RESULT_ENSURE, which inverts the check. Existing tests still pass, and I doubled checked all those swaps-- they were all pretty simple.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Oct 30, 2023
@lrstewart lrstewart marked this pull request as ready for review October 30, 2023 22:46
lrstewart
lrstewart commented Oct 30, 2023
View reviewed changes
crypto/s2n_pkey.c
Comment on lines 218 to +230
case EVP_PKEY_EC:
ret = s2n_ecdsa_pkey_init(pub_key);
if (ret != 0) {
break;
}
ret = s2n_evp_pkey_to_ecdsa_public_key(&pub_key->key.ecdsa_key, evp_public_key);
RESULT_GUARD(s2n_ecdsa_pkey_init(pub_key));
RESULT_GUARD(s2n_evp_pkey_to_ecdsa_public_key(&pub_key->key.ecdsa_key, evp_public_key));
*pkey_type_out = S2N_PKEY_TYPE_ECDSA;
break;
default:
POSIX_BAIL(S2N_ERR_DECODE_CERTIFICATE);
RESULT_BAIL(S2N_ERR_DECODE_CERTIFICATE);
}

pub_key->pkey = evp_public_key;
/* Reset to avoid DEFER_CLEANUP freeing our key */
evp_public_key = NULL;
ZERO_TO_DISABLE_DEFER_CLEANUP(evp_public_key);

return ret;
return S2N_RESULT_OK;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This pattern of breaking on failure likely predates DEFER_CLEANUP. Without DEFER_CLEANUP, you'd want to break so that you can still set pkey and have the key cleaned up later, just like on success. With DEFER_CLEANUP, this is unnecessary.

crypto/s2n_pkey.c
if (parsed_len != asn1der->size) {
POSIX_BAIL(S2N_ERR_DECODE_PRIVATE_KEY);
}
RESULT_ENSURE(parsed_len == asn1der->size, S2N_ERR_DECODE_PRIVATE_KEY);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the only non-trivial RESULT_ENSURE swap/refactor I did

@lrstewart lrstewart enabled auto-merge (squash) October 31, 2023 19:42
@lrstewart lrstewart merged commit b19de5e into aws:main Nov 1, 2023
23 checks passed
@lrstewart lrstewart deleted the pkey_result branch November 1, 2023 00:04
@BrewTestBot BrewTestBot mentioned this pull request Dec 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@maddeleine maddeleine maddeleine approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Certificate parsing reports S2N_ERR_CERT_UNTRUSTED instead of S2N_ERR_DECODE_CERTIFICATE
3 participants
@lrstewart @goatgoose @maddeleine