Add PKCS7-internal BIO_f_md #1886
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1886 +/- ##
==========================================
+ Coverage 78.71% 78.75% +0.04%
==========================================
Files 587 590 +3
Lines 101218 101404 +186
Branches 14361 14380 +19
==========================================
+ Hits 79669 79856 +187
+ Misses 20913 20911 -2
- Partials 636 637 +1 ☔ View full report in Codecov by Sentry. |
WillChilds-Klein
force-pushed
the
pkcs7-bio-md
branch
from
36c0ed7
to
9b7deca
Compare
WillChilds-Klein
changed the title
WillChilds-Klein
force-pushed
the
pkcs7-bio-md
branch
from
80f21e6
to
df434b2
Compare
WillChilds-Klein
changed the title
WillChilds-Klein
force-pushed
the
pkcs7-bio-md
branch
from
bc6f15f
to
1b1e2f6
Compare
crypto/pkcs7/bio/md.c
Outdated
| #include "../crypto/bio/internal.h" | ||
| #include "../internal.h" | ||
|
|
||
| // BIO_put and BIO_get both add to the digest, BIO_gets returns the digest |
There was a problem hiding this comment.
Was this a leaked note? It doesn't seem like BIO_f_md has a puts method or am I overlooking something
There was a problem hiding this comment.
hm, should be "md_write and md_read both contribute to the digest, md_gets returns digest contents"
WillChilds-Klein
force-pushed
the
pkcs7-bio-md
branch
from
1b1e2f6
to
8828fbd
Compare
crypto/pkcs7/bio/md.c
Outdated
| static const BIO_METHOD methods_md = { | ||
| BIO_TYPE_MD, "message digest", md_write, md_read, /*puts*/ NULL, | ||
| md_gets, md_ctrl, md_new, md_free, /*callback_ctrl*/ NULL, | ||
| }; |
There was a problem hiding this comment.
NP: This would be easier to read if each field was on a separate line.
There was a problem hiding this comment.
I agree, but this was clang-format's doing. I've been using it for formatting stuff in the pkcs7/ module. If there's some set of flags/options that we prefer to use I'm happy to specify them.
There was a problem hiding this comment.
NP: In other places, we have a comment next to each value indicating the field name it corresponds to:
static const BIO_METHOD methods_md = {
BIO_TYPE_MD, // type
"message digest", // name
md_write, // bwrite
md_read, // bread
NULL, // bputs
md_gets, // bgets
md_ctrl, // ctrl
md_new, // create
md_free, // destroy
NULL, // callback_ctrl
};
crypto/pkcs7/bio/md.c
Outdated
| ret = BIO_read(next, out, outl); | ||
| if (BIO_get_init(b)) { |
There was a problem hiding this comment.
This seems to support the use-case of leaving this BIO uninitialized while still reading data from next. In this case, data is returned that has not been digested. Is this use-case tested as well?
There was a problem hiding this comment.
hm, good point. this use-case does appear to be supported as far back as OpenSSL 1.1.1. I didn't consider this, I can add a test case.
I do wonder -- should we support this? For compatibility, I'm leaning towards "yes" but it seems like a sharp edge that could cause subtle issues with digest calculation (see also response below)...
OpenSSL's own documentation indicates that the caller should re-initialize after DigestFinal (although it doesn't say anything about initial initialization):
After the digest has been retrieved from a digest BIO it must be reinitialized by calling BIO_reset(), or BIO_set_md() before any more data is passed through it.
There was a problem hiding this comment.
Per discussion here, we now require the BIO to be initialized before it can do any IO.
There was a problem hiding this comment.
hm, at any rate, it looks like IO on uninitialized BIO's is prevented higher in the call stack in bio.c.
| BIO_clear_retry_flags(b); | ||
| BIO_copy_next_retry(b); |
There was a problem hiding this comment.
If b was not initialized, should we still be calling BIO_clear_retry_flags and BIO_copy_next_retry?
There was a problem hiding this comment.
I think the answer to this is "yes". It would be needed to support its use prior to (or without) initialization.
There was a problem hiding this comment.
this is addressed by requiring b to be initialized before it can do any IO.
crypto/pkcs7/bio/md.c
Outdated
| if (EVP_DigestUpdate(ctx, (unsigned char *)out, ret) <= 0) { | ||
| return -1; |
There was a problem hiding this comment.
If this ever returns an error, should we somehow mark this BIO and being not OK for subsequent use? In this case, next has provided new data that can not be reprocessed on any subsequent call.
There was a problem hiding this comment.
OpenSSL doesn't do this, but i agree philosophically that we should fail loudly and not silently corrupt the digest.
EVP_DigestUpdate 's documentation stipulates an interface contract of "It returns one". Looking at the implementation, the only case where it can break that contract is if an update function pointer isn't configured on ctx. I believe we can trust that to always be populated as long as ctx has been initialized by EVP_DigestInit_ex.
So, in other words, it looks like EVP_DigestUpdate can only fail if ctx hasn't been initialized. This makes me consider... should we fail b's reads/writes before next's IO if b hasn't been initialized? this would address your concern here and make it harder to misuse the BIO_f_md.
WillChilds-Klein
force-pushed
the
pkcs7-bio-md
branch
from
8828fbd
to
7a3f7bc
Compare
crypto/pkcs7/bio/md.c
Outdated
| static const BIO_METHOD methods_md = { | ||
| BIO_TYPE_MD, "message digest", md_write, md_read, /*puts*/ NULL, | ||
| md_gets, md_ctrl, md_new, md_free, /*callback_ctrl*/ NULL, | ||
| }; |
There was a problem hiding this comment.
NP: In other places, we have a comment next to each value indicating the field name it corresponds to:
static const BIO_METHOD methods_md = {
BIO_TYPE_MD, // type
"message digest", // name
md_write, // bwrite
md_read, // bread
NULL, // bputs
md_gets, // bgets
md_ctrl, // ctrl
md_new, // create
md_free, // destroy
NULL, // callback_ctrl
};
crypto/pkcs7/bio/md.c
Outdated
| if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, ret)) { | ||
| BIO_clear_retry_flags(b); | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
NP: Since this is a non-recoverable error, shouldn't the return value be negative? The BIO_write documentation seems to say that.
// returns the value from calling the |callback_ex|, otherwise |BIO_write|
// returns the number of bytes written, or a negative number on error.
I see OpenSSL returns 0 for this, so compatibility might dictate we do the same. (I'm also bothered that the we're unable to inform the caller about the actual number of bytes written to next b/c we can't return a value indicating success. But that's just the nature of this API.)
There was a problem hiding this comment.
As discussed elswhere, EVP_DigestUpdate can only fail if ctx is uninitialized here, but greed that we should return -1 and be consistent with md_read above.
WillChilds-Klein
force-pushed
the
pkcs7-bio-md
branch
from
81637c1
to
9910dc5
Compare
| #define BIO_get_md_ctx(b, mdcp) BIO_ctrl(b, BIO_C_GET_MD_CTX, 0, mdcp) | ||
|
|
||
| // BIO_set_md set's |b|'s EVP_MD* to |md| | ||
| #define BIO_set_md(b, md) BIO_ctrl(b, BIO_C_SET_MD, 0, md) |
There was a problem hiding this comment.
Nit: Not really a priority since it's an internal header, but doing a direct function call instead of macros might be better. Similar to what
Lines 503 to 505 in 8d9809e
Macros allow for potential type mismatches when passing parameters.
There was a problem hiding this comment.
hm, that's a good point. i'll adjust this in my next PR.
WillChilds-Klein
dismissed stale reviews from samuel40791765 and justsmth
via
a1f145e
Issues:
Addresses CryptoAlg-2494
Description of changes:
This change introduces a new filter BIO,
BIO_f_mdfor use in PR 1816.Call-outs:
Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.