Skip to content

gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1#100373

Merged
miss-islington merged 2 commits intopython:mainfrom
davidben:der-eof
Mar 24, 2023
Merged

gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1#100373
miss-islington merged 2 commits intopython:mainfrom
davidben:der-eof

Conversation

@davidben
Copy link
Contributor

@davidben davidben commented Dec 20, 2022
edited by miss-islington
Loading

In PEM, we need to parse until error and then suppress PEM_R_NO_START_LINE, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing ASN1_R_HEADER_TOO_LONG doesn't quite work because that error also covers some cases that should be rejected.

Instead, check BIO_eof early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s

@davidben
pythongh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1
863a0a7 
In PEM, we need to parse until error and then suppress
PEM_R_NO_START_LINE, because PEM allows arbitrary leading and trailing
data. DER, however, does not. Parsing until error and suppressing
ASN1_R_HEADER_TOO_LONG doesn't quite work because that error also
covers some cases that should be rejected.

Instead, check BIO_eof early and stop the loop that way.
@bedevere-bot bedevere-bot mentioned this pull request Dec 20, 2022
Closed
@davidben
Copy link
Contributor Author

davidben commented Mar 16, 2023

@tiran This PR look reasonable? Anything missing on my end?

@Yhg1s Yhg1s self-requested a review March 24, 2023 12:36
@Yhg1s
Copy link
Member

Yhg1s commented Mar 24, 2023

I don't think this is a security issue, or at least not serious enough to backport to security-only releases. Do you disagree, @davidben, or is there a security angle I'm missing?

I'm not sure if this should be backported to 3.11/3.10 either. It's a bug, but it doesn't feel important enough to backport and risk breaking users who rely on the old broken behaviour.

@miss-islington
Copy link
Contributor

miss-islington commented Mar 24, 2023

Status check is done, and it's a success ✅.

@miss-islington miss-islington merged commit acfe02f into python:main Mar 24, 2023
@davidben
Copy link
Contributor Author

davidben commented Mar 24, 2023

Do you disagree, @davidben, or is there a security angle I'm missing?

Nah, can't think of any security angle. Just generally improving behavior and reducing dependency on OpenSSL error codes. (Conditioning on OpenSSL error codes can be a bit messy. Sometimes you have to, like the PEM case here, but other times the error codes don't correspond enough to clear, stable conditions to condition on. :-( )

Fidget-Spinner pushed a commit to Fidget-Spinner/cpython that referenced this pull request Mar 27, 2023
@davidben @Fidget-Spinner
pythongh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (pyt…
387cc11 
…honGH-100373)

In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
warsaw pushed a commit to warsaw/cpython that referenced this pull request Apr 11, 2023
@davidben @warsaw
pythongh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (pyt…
ef6ca4e 
…honGH-100373)

In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
@bh1428 bh1428 mentioned this pull request Aug 10, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yhg1s Yhg1s Yhg1s approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@davidben @Yhg1s @miss-islington @bedevere-bot