Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for PEM_write_bio_PrivateKey_traditional #1845

Merged
merged 3 commits into from
Sep 18, 2024
Merged

add support for PEM_write_bio_PrivateKey_traditional #1845

merged 3 commits into from
Sep 18, 2024

Conversation

samuel40791765
Copy link
Contributor

Issues:

Resolves CryptoAlg-2546

Description of changes:

The main difference between PEM_write_bio_PrivateKey_traditional and the modern PEM_write_bio_PrivateKey is that PEM_write_bio_PrivateKey writes a PKCS#8 encoding, while the traditional one writes with DER encoding.
OpenSSL's PEM_write_bio_PrivateKey_traditional calls into i2d_PrivateKey which calls into another additional old_priv_encode EVP_PKEY_ASN1_METHOD hook. We also need to make the call into i2d_PrivateKey, but luckily for us BoringSSL removed the hook and let the call point to the corresponding i2d_RSA/DSA/ECPrivateKey methods instead. We can built on this directly to reimplement PEM_write_bio_PrivateKey_traditional.

PEM_read_bio_PrivateKey already has logic to parse the "traditional form" of these PEM files. I've also added tests to verify.

Call-outs:

N/A

Testing:

Tests for each type writable/readable. A single test for DH, which shouldn't be writable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@samuel40791765 samuel40791765 requested a review from a team as a code owner September 11, 2024 00:19
@codecov-commenter
Copy link

codecov-commenter commented Sep 11, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.34%. Comparing base (c664abe) to head (ba048f1).
Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1845      +/-   ##
==========================================
- Coverage   78.56%   78.34%   -0.22%     
==========================================
  Files         583      584       +1     
  Lines       98807    99236     +429     
  Branches    14161    14188      +27     
==========================================
+ Hits        77623    77743     +120     
- Misses      20558    20864     +306     
- Partials      626      629       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

WillChilds-Klein
WillChilds-Klein reviewed Sep 13, 2024
View reviewed changes
include/openssl/pem.h Show resolved Hide resolved
include/openssl/pem.h Show resolved Hide resolved
crypto/pem/pem_pkey.c Outdated Show resolved Hide resolved
WillChilds-Klein
WillChilds-Klein previously approved these changes Sep 17, 2024
View reviewed changes
crypto/pem/pem_pkey.c Outdated
return 0;
}
char pem_str[80];
BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor nit

Suggested change
BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
BIO_snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", x->ameth->pem_str);

and how was 80 selected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No particular reason, this was taken from OpenSSL. They probably just chose a size large enough to fit the string with "pem_str" and PRIVATE KEY.

@samuel40791765 @WillChilds-Klein
Update crypto/pem/pem_pkey.c
ba048f1 
Co-authored-by: Will Childs-Klein <willck93@gmail.com>
@samuel40791765 samuel40791765 enabled auto-merge (squash) September 18, 2024 17:24
@samuel40791765 samuel40791765 merged commit 265e3aa into aws:main Sep 18, 2024
109 of 110 checks passed
@samuel40791765 samuel40791765 deleted the pem-write-traditonal branch September 18, 2024 18:39
@smittals2 smittals2 mentioned this pull request Sep 19, 2024
Merged
smittals2 added a commit that referenced this pull request Sep 19, 2024
@smittals2
preparing for v1.35.1 release (#1867)
c187579 
## What's Changed
* More tweaks for Ruby integration by @samuel40791765 in
#1852
* Implementation of EVP_PKEY_CTX_ctrl_str for various key types by
@justsmth in #1850
* Add MLKEM768 Hybrid Groups to libssl by @alexw91 in
#1849
* add support for PEM_write_bio_PrivateKey_traditional by
@samuel40791765 in #1845
* Update s2n-bignum subtree by @torben-hansen in
#1861
* Add asserts in testing to fix Coverity alert by @smittals2 in
#1864
* Disable CRYPTO_is_AVX512IFMA_capable by @justsmth in
#1858


**Full Changelog**:
v1.35.0...v1.35.1

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smittals2 smittals2 smittals2 approved these changes

@WillChilds-Klein WillChilds-Klein WillChilds-Klein approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@samuel40791765 @codecov-commenter @WillChilds-Klein @smittals2