Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pki: clean up fuzzer #1594

Merged
merged 1 commit into from
Jul 22, 2023
Merged

pki: clean up fuzzer #1594

merged 1 commit into from
Jul 22, 2023

Conversation

AdamKorcz
Copy link
Contributor

Summary

Removes a check that is not correct.

For example, NewPublicKey in the ssh package parses the input data into the key and the comment:

rekor/pkg/pki/ssh/ssh.go

Lines 82 to 99 in 7359299

func NewPublicKey(r io.Reader) (*PublicKey, error) {
// 64K seems generous as a limit for valid SSH keys
// we use http.MaxBytesReader and pass nil for ResponseWriter to reuse stdlib
// and not reimplement this; There is a proposal for this to be fixed in 1.20
// https://github.com/golang/go/issues/51115
// TODO: switch this to stdlib once golang 1.20 comes out
rawPub, err := io.ReadAll(http.MaxBytesReader(nil, io.NopCloser(r), 65536))
if err != nil {
return nil, err
}
key, comment, _, _, err := ssh.ParseAuthorizedKey(rawPub)
if err != nil {
return nil, err
}
return &PublicKey{key: key, comment: comment}, nil
}

but canonicalizes only the key value:

rekor/pkg/pki/ssh/ssh.go

Lines 102 to 107 in 7359299

func (k PublicKey) CanonicalValue() ([]byte, error) {
if k.key == nil {
return nil, fmt.Errorf("ssh public key has not been initialized")
}
return ssh.MarshalAuthorizedKey(k.key), nil
}

and when then fuzzer then creates another key with the canonical value, the two public keys will differ and the comparison statement:

	if !cmp.Equal(pub1, pub2, cmpOpts...) {
	        t.Fatal("The two public keys should be equal but are not")
	}

... will fail.

Each PKI does something different, so I am removing this check in the fuzzer to let it run without interruption.

Release Note

Documentation

@AdamKorcz
pki: clean up fuzzer
56efb52 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz AdamKorcz requested a review from a team as a code owner July 22, 2023 13:34
@bobcallaway bobcallaway enabled auto-merge (squash) July 22, 2023 13:37
@codecov
Copy link

codecov bot commented Jul 22, 2023
edited
Loading

Codecov Report

Merging #1594 (56efb52) into main (05bdadc) will increase coverage by 18.72%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             main    #1594       +/-   ##
===========================================
+ Coverage   48.37%   67.09%   +18.72%     
===========================================
  Files          83       83               
  Lines        8389     8389               
===========================================
+ Hits         4058     5629     +1571     
+ Misses       3525     2086     -1439     
+ Partials      806      674      -132
Flag Coverage Δ
e2etests 48.37% <ø> (ø)
unittests 47.84% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 45 files with indirect coverage changes

@bobcallaway bobcallaway merged commit c44b8b5 into sigstore:main Jul 22, 2023
14 checks passed
@github-actions github-actions bot added this to the v1.2.2 milestone Jul 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.2.2
Development

Successfully merging this pull request may close these issues.
2 participants
@AdamKorcz @bobcallaway