Skip to content

Negative test case for constructed, definite-length octet string #1931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Negative test case for constructed, definite-length octet string #1931

wants to merge 1 commit into from

Conversation

dwhjames
Copy link
Contributor

@dwhjames dwhjames commented Jul 9, 2025

Ensure octet strings with constructed, definite-length method return an error, rather than an incorrect decoding.

@dwhjames
Copy link
Contributor Author

dwhjames commented Jul 9, 2025

@tarcieri @dishmaker,

This is incomplete, but here’s an attempt at ensuring that constructed, definite-length method encoded octet strings are detected and rejected.

Seeking feedback; I made a few attempts but finally realized what you, @dishmaker, meant by your comment

As the Length struct was updated

I thought it might be fair game to draft a change to the Header struct

@dwhjames dwhjames force-pushed the constructed_definite_octet_string branch from 94e1198 to 78a3118 Compare July 9, 2025 22:37
@tarcieri
Copy link
Member

tarcieri commented Jul 9, 2025

Propagating the original constructed bit through the Header sounds good to me

tarcieri
tarcieri reviewed Jul 9, 2025
View reviewed changes
der/src/header.rs
@@ -13,6 +13,8 @@ pub struct Header {

/// Length of the encoded value
pub length: Length,

constructed: bool,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, not sure how I feel about the mixed visibility here. Maybe make it pub for now and perhaps we could have a followup to make all of the fields private? (I imagine that would be a bit more invasive)

Copy link
Contributor Author

@dwhjames dwhjames Jul 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, definitely ugly.

Revised in 544e397

and perhaps we could have a followup to make all of the fields private? (I imagine that would be a bit more invasive)

I counted 24 occurrences in the der crate; for now I also added accessor methods so that new code has the option to use them in the event that the fields become private.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe just go through with it, if it seems mostly internal to the der crate

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went through with it: 0c5789e

However, tests are failing due to at least
https://github.com/RustCrypto/signatures/blob/1ff759e67a1675d759e901fdb5903a07a1d7caec/ecdsa/src/der.rs#L206-L210

It looks like this change would have to be phased in?

Should I

  1. roll back all the changes for using accessor methods rather than directly accessing struct fields, OR
  2. roll back making the fields private but keep the pattern of using accessor methods rather than direct field access
    ?

tarcieri
tarcieri reviewed Jul 9, 2025
View reviewed changes
@dwhjames dwhjames force-pushed the constructed_definite_octet_string branch from 78a3118 to 544e397 Compare July 9, 2025 23:26
@dwhjames dwhjames marked this pull request as ready for review July 9, 2025 23:32
@dishmaker dishmaker mentioned this pull request Jul 10, 2025
Open
@dwhjames
Negative test case for constructed, definite-length octet string
0c5789e 
Ensure octet strings with constructed, definite-length method
return an error, rather than an incorrect decoding.
@dwhjames dwhjames force-pushed the constructed_definite_octet_string branch from 544e397 to 0c5789e Compare July 11, 2025 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri tarcieri left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dwhjames @tarcieri