tests: fix negative private key sync test.#8264
Merged
lizan merged 3 commits intoenvoyproxy:masterfrom Sep 18, 2019
Merged
Conversation
If crypto error is set, just leave the hash to zeroes instead of trying to modify the hash. Hash modification might just cause ASN object structure changes. Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Turns out having a zero hash array causes the signing to fail, leading to testing a different case than intended. Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
lizan
reviewed
Sep 17, 2019
| // the bits. | ||
| if (ops->test_options_.crypto_error_) { | ||
| for (size_t i = 0; i < in_len; i++) { | ||
| in2.data()[i] ^= in2.data()[i]; |
Member
There was a problem hiding this comment.
no need .data() (in2[i] should just work), and this is just clearing in2 to zero? x^x is always 0...
Member
Author
There was a problem hiding this comment.
No, XOR was supposed to be NOT -- I was trying to flip the bits in the token but managed to think it wrong. :-) I'll make a fix.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
lizan
approved these changes
Sep 17, 2019
danzh2010
pushed a commit
to danzh2010/envoy
that referenced
this pull request
Sep 24, 2019
Description: Fix a test flake. If crypto error option is set in the signing test, just leave the digest to zeroes instead of trying to modify it. The digest modification might just cause ASN object structure changes. BoringSSL source appears to have a similar test where the ASN structure is parsed before modification: https://github.com/google/boringssl/blob/a7d9ac2af4684747c4524cbeba9737b04dce3e3e/crypto/fipsmodule/ecdsa/ecdsa_test.cc#L143 Risk Level: low Testing: `bazel test //test/extensions/transport_sockets/tls:ssl_socket_test --runs_per_test=1000` Docs Changes: N/A Release Notes: N/A Fixes: envoyproxy#8255 Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
danzh2010
pushed a commit
to danzh2010/envoy
that referenced
this pull request
Oct 4, 2019
Description: Fix a test flake. If crypto error option is set in the signing test, just leave the digest to zeroes instead of trying to modify it. The digest modification might just cause ASN object structure changes. BoringSSL source appears to have a similar test where the ASN structure is parsed before modification: https://github.com/google/boringssl/blob/a7d9ac2af4684747c4524cbeba9737b04dce3e3e/crypto/fipsmodule/ecdsa/ecdsa_test.cc#L143 Risk Level: low Testing: `bazel test //test/extensions/transport_sockets/tls:ssl_socket_test --runs_per_test=1000` Docs Changes: N/A Release Notes: N/A Fixes: envoyproxy#8255 Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
danzh2010
pushed a commit
to danzh2010/envoy
that referenced
this pull request
Oct 4, 2019
Description: Fix a test flake. If crypto error option is set in the signing test, just leave the digest to zeroes instead of trying to modify it. The digest modification might just cause ASN object structure changes. BoringSSL source appears to have a similar test where the ASN structure is parsed before modification: https://github.com/google/boringssl/blob/a7d9ac2af4684747c4524cbeba9737b04dce3e3e/crypto/fipsmodule/ecdsa/ecdsa_test.cc#L143 Risk Level: low Testing: `bazel test //test/extensions/transport_sockets/tls:ssl_socket_test --runs_per_test=1000` Docs Changes: N/A Release Notes: N/A Fixes: envoyproxy#8255 Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Fix a test flake.
If crypto error option is set in the signing test, just leave the digest to zeroes instead of trying to modify it. The digest modification might just cause ASN object structure changes.
BoringSSL source appears to have a similar test where the ASN structure is parsed before modification:
https://github.com/google/boringssl/blob/a7d9ac2af4684747c4524cbeba9737b04dce3e3e/crypto/fipsmodule/ecdsa/ecdsa_test.cc#L143
Risk Level: low
Testing:
bazel test //test/extensions/transport_sockets/tls:ssl_socket_test --runs_per_test=1000Docs Changes: N/A
Release Notes: N/A
Fixes: #8255