Reinstate support for constructed strings in crypto/asn1

[samuel40791765]

Issues:

Resolves CryptoAlg-3037

Description of changes:

This is the last step of trying to reinstate support for BER in our OpenSSL ASN1 macro parsers. Proper support for BER consists of two parts, "indefinite length BER" and "implicitly tagged constructed BER strings". The first step of supporting indefinite length BER can be found in eafd940.

This commit is a revert of the prior commit below. All "new logic" in crypto/asn1/tasn_dec.c was taken from this.

• a70edd4

The only smaller new changes are the following:

• The original commit uses an additional free_cont parameter to pass into asn1_ex_c2i. This indicates whether a buffer should be reused or newly allocated. This made things a bit funky and the actual performance upgrade for reusing a buffer seems negligible. Removing the use of free_cont altogether helps isolate the ASN1 code changes to just one static function in crypto/asn1/tasn_dec.c and cleans up logic.

Testing:

• I've reused the BER tests in our CBB parsers here so we're confident that the functionalities 1:1. eafd940 only borrowed the ones that were indefinite length, while this commit takes and tests against constructed string test cases.
• eafd940 documented some test cases that were failing due to no support for constructed strings. I've update the documentation and turned on the tests, as this commit now allows proper support of them.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 75.00000% with 17 lines in your changes missing coverage. Please review.

Project coverage is 78.77%. Comparing base (d1c1d72) to head (989dcbb).

Files with missing lines	Patch %	Lines
crypto/asn1/tasn_dec.c	67.92%	17 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2310   +/-   ##
=======================================
  Coverage   78.77%   78.77%           
=======================================
  Files         620      620           
  Lines      107874   107936   +62     
  Branches    15323    15337   +14     
=======================================
+ Hits        84977    85030   +53     
- Misses      22239    22249   +10     
+ Partials      658      657    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[skmcgrail]

It seems like collect_data is never called with buf == NULL, should this return 0 instead?

[samuel40791765]

Great question, I did some digging around. But judging from the comment in asn1_collect which mentions "If no buffer and not indefinite length constructed just pass over the encoded data", it does seem like there's the possibility of buf being NULL and there being operations that need to be done under that circumstance.

I'll leave it as is for the time being, OpenSSL's ASN1 implementation is also like this today.