From: Martin Bosslet Date: 2011-02-07T02:52:52+09:00 Subject: [ruby-core:35123] [Ruby 1.9-Bug#4374][Open] [ext/openssl] ASN1.decode wrong for infinite length values --mimepart_4d4edfefdc621_1dc2aecd18c256fb Content-Type: text/plain Content-Transfer-Encoding: Quoted-printable Content-Disposition: inline Bug #4374: [ext/openssl] ASN1.decode wrong for infinite length values http://redmine.ruby-lang.org/issues/show/4374 Author: Martin Bosslet Status: Open, Priority: Normal Category: ext, Target version: 1.9.3 ruby -v: ruby 1.9.2p136 (2010-12-25 revision 30365) [i686-linux] Hi all, ASN.1 decoding behaves incorrectly for DER encodings with infinite length= values. Two examples: require 'openssl' require 'pp' eoc =3D OpenSSL::ASN1::EndOfContent.new int =3D OpenSSL::ASN1::Integer.new (1) inner =3D OpenSSL::ASN1::Sequence.new([int, eoc]) inner.infinite_length =3D true outer =3D OpenSSL::ASN1::Sequence.new([inner, eoc]) outer.infinite_length =3D true asn1 =3D OpenSSL::ASN1.decode(outer.to_der) pp asn1 =3D> #, #, #]>]> The end of content DER for the outer Sequence is incorrectly stored with = the values = of the inner sequence. Although after encoding the resulting DER will be = correct, the structure should rather look like this: #, #]>, #]> Another example: require 'openssl' require 'pp' eoc =3D OpenSSL::ASN1::EndOfContent.new oct =3D OpenSSL::ASN1::OctetString.new ("\x01") inner =3D OpenSSL::ASN1::Constructive.new([oct, eoc], OpenSSL::ASN1::OCTE= T_STRING) inner.infinite_length =3D true outer =3D OpenSSL::ASN1::Constructive.new([inner, eoc], OpenSSL::ASN1::OC= TET_STRING) outer.infinite_length =3D true asn1 =3D OpenSSL::ASN1.decode(outer.to_der) pp asn1 =3D> , #, #]>]>]>]> Here it's worse, because when calling asn1.to_der it will even result in = an error: test.rb:17:in `to_der': invalid constructed encoding (OpenSSL::ASN1::ASN1= Error) from test.rb:17:in `each' from test.rb:17:in `to_der' from test.rb:17:in `
' The problem are the defaults for tagging and tag_class in ossl_asn1_initi= alize that are not = intuitive and are defaults for tagged DER values instead of "normal" valu= es. The correct structure for the above would look like this: #, #]>, #]> The attached patch fixes the problems and has also "more natural" default= s for ossl_asn1_initialize. Regards, Martin ---------------------------------------- http://redmine.ruby-lang.org --mimepart_4d4edfefdc621_1dc2aecd18c256fb Content-Type: text/x-patch; name=fix_asn1.diff Content-Transfer-Encoding: Base64 Content-Disposition: attachment; filename=fix_asn1.diff SW5kZXg6IHJ1YnkvZXh0L29wZW5zc2wvb3NzbF9hc24xLmMKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gcnVieS9leHQvb3BlbnNzbC9vc3NsX2FzbjEu YwkoUmV2aXNpb24gMzA4MTApCisrKyBydWJ5L2V4dC9vcGVuc3NsL29zc2xf YXNuMS5jCShBcmJlaXRza29waWUpCkBAIC03MzQsOCArNzM0LDkgQEAKICAg ICBhcnkgPSByYl9hcnlfbmV3KCk7CiAgICAgcCA9ICpwcDsKICAgICB3aGls ZShsZW5ndGggPiAwKXsKIAlwMCA9IHA7CisgICAgICAgaW5maW5pdGUgPSAw OwogCWogPSBBU04xX2dldF9vYmplY3QoJnAwLCAmbGVuLCAmdGFnLCAmdGMs IGxlbmd0aCk7CiAJcCA9ICh1bnNpZ25lZCBjaGFyICopcDA7CiAJaWYoaiAm IDB4ODApIG9zc2xfcmFpc2UoZUFTTjFFcnJvciwgTlVMTCk7CkBAIC04MjYs NiArODI3LDcgQEAKICAgICAgICAgICAgICAgICAgICAgYXNuMWRhdGEgPSBy Yl9mdW5jYWxsKGNBU04xRW5kT2ZDb250ZW50LAogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgcmJfaW50ZXJuKCJuZXciKSwK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDAp OworICAgICAgICAgICAgICAgICAgICBvbmNlID0gMTsKICAgICAgICAgICAg ICAgICB9CiAgICAgICAgICAgICAgICAgZWxzZXsKICAgICAgICAgICAgICAg ICAgICAgYXNuMWRhdGEgPSByYl9mdW5jYWxsKGtsYXNzLCByYl9pbnRlcm4o Im5ldyIpLCAxLCB2YWx1ZSk7CkBAIC05MTIsMTIgKzkxNCwxNCBAQAogICAg IGlmKGFyZ2MgPiAxKXsKIAlpZihOSUxfUCh0YWcpKQogCSAgICBvc3NsX3Jh aXNlKGVBU04xRXJyb3IsICJtdXN0IHNwZWNpZnkgdGFnIG51bWJlciIpOwot ICAgICAgICBpZihOSUxfUCh0YWdnaW5nKSkKLQkgICAgdGFnZ2luZyA9IElE MlNZTShzRVhQTElDSVQpOwotCWlmKCFTWU1CT0xfUCh0YWdnaW5nKSkKLQkg ICAgb3NzbF9yYWlzZShlQVNOMUVycm9yLCAiaW52YWxpZCB0YWcgZGVmYXVs dCIpOwotCWlmKE5JTF9QKHRhZ19jbGFzcykpCi0JICAgIHRhZ19jbGFzcyA9 IElEMlNZTShzQ09OVEVYVF9TUEVDSUZJQyk7CisgICAgICAgIGlmKCFOSUxf UCh0YWdnaW5nKSAmJiAhU1lNQk9MX1AodGFnZ2luZykpCisJICAgIG9zc2xf cmFpc2UoZUFTTjFFcnJvciwgImludmFsaWQgdGFnZ2luZyBtZXRob2QiKTsK KwlpZihOSUxfUCh0YWdfY2xhc3MpKSB7CisgICAgICAgICAgICBpZiAoTklM X1AodGFnZ2luZykpCisgICAgICAgICAgICAgICAgdGFnX2NsYXNzID0gSUQy U1lNKHNVTklWRVJTQUwpOworICAgICAgICAgICAgZWxzZQorICAgICAgICAg ICAgICAgIHRhZ19jbGFzcyA9IElEMlNZTShzQ09OVEVYVF9TUEVDSUZJQyk7 CisgICAgICAgIH0KIAlpZighU1lNQk9MX1AodGFnX2NsYXNzKSkKIAkgICAg b3NzbF9yYWlzZShlQVNOMUVycm9yLCAiaW52YWxpZCB0YWcgY2xhc3MiKTsK IAlpZihTWU0ySUQodGFnZ2luZykgPT0gc0lNUExJQ0lUICYmIE5VTTJJTlQo dGFnKSA+IDMxKQpJbmRleDogcnVieS90ZXN0L29wZW5zc2wvdGVzdF9hc24x LnJiCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHJ1YnkvdGVzdC9vcGVu c3NsL3Rlc3RfYXNuMS5yYgkoUmV2aXNpb24gMzA4MTApCisrKyBydWJ5L3Rl c3Qvb3BlbnNzbC90ZXN0X2FzbjEucmIJKEFyYmVpdHNrb3BpZSkKQEAgLTQz OCw2ICs0MzgsNTEgQEAKICAgICAgIE9wZW5TU0w6OkFTTjEuZGVjb2RlX2Fs bChyYXcpCiAgICAgZW5kCiAgIGVuZAorCisgIGRlZiB0ZXN0X3JlY3Vyc2l2 ZV9vY3RldF9zdHJpbmdfcGFyc2UKKyAgICB0ZXN0ID0gJXd7IDI0IDgwIDI0 IDgwIDA0IDAxIDAxIDAwIDAwIDI0IDgwIDA0IDAxIDAyIDAwIDAwIDA0IDAx IDAzIDAwIDAwIH0KKyAgICByYXcgPSBbdGVzdC5qb2luKCcnKV0ucGFjaygn SConKQorICAgIGFzbjEgPSBPcGVuU1NMOjpBU04xLmRlY29kZShyYXcpCisg ICAgYXNzZXJ0X2VxdWFsKE9wZW5TU0w6OkFTTjE6OkNvbnN0cnVjdGl2ZSwg YXNuMS5jbGFzcykKKyAgICBhc3NlcnRfdW5pdmVyc2FsKE9wZW5TU0w6OkFT TjE6Ok9DVEVUX1NUUklORywgYXNuMSkKKyAgICBhc3NlcnRfZXF1YWwodHJ1 ZSwgYXNuMS5pbmZpbml0ZV9sZW5ndGgpCisgICAgYXNzZXJ0X2VxdWFsKDQs IGFzbjEudmFsdWUuc2l6ZSkKKyAgICBuZXN0ZWQxID0gYXNuMS52YWx1ZVsw XQorICAgIGFzc2VydF9lcXVhbChPcGVuU1NMOjpBU04xOjpDb25zdHJ1Y3Rp dmUsIG5lc3RlZDEuY2xhc3MpCisgICAgYXNzZXJ0X3VuaXZlcnNhbChPcGVu U1NMOjpBU04xOjpPQ1RFVF9TVFJJTkcsIG5lc3RlZDEpCisgICAgYXNzZXJ0 X2VxdWFsKHRydWUsIG5lc3RlZDEuaW5maW5pdGVfbGVuZ3RoKQorICAgIGFz c2VydF9lcXVhbCgyLCBuZXN0ZWQxLnZhbHVlLnNpemUpCisgICAgb2N0MSA9 IG5lc3RlZDEudmFsdWVbMF0KKyAgICBhc3NlcnRfdW5pdmVyc2FsKE9wZW5T U0w6OkFTTjE6Ok9DVEVUX1NUUklORywgb2N0MSkKKyAgICBhc3NlcnRfZXF1 YWwoZmFsc2UsIG9jdDEuaW5maW5pdGVfbGVuZ3RoKQorICAgIGFzc2VydF91 bml2ZXJzYWwoT3BlblNTTDo6QVNOMTo6RU9DLCBuZXN0ZWQxLnZhbHVlWzFd KQorICAgIGFzc2VydF9lcXVhbChmYWxzZSwgbmVzdGVkMS52YWx1ZVsxXS5p bmZpbml0ZV9sZW5ndGgpCisgICAgbmVzdGVkMiA9IGFzbjEudmFsdWVbMV0K KyAgICBhc3NlcnRfZXF1YWwoT3BlblNTTDo6QVNOMTo6Q29uc3RydWN0aXZl LCBuZXN0ZWQyLmNsYXNzKQorICAgIGFzc2VydF91bml2ZXJzYWwoT3BlblNT TDo6QVNOMTo6T0NURVRfU1RSSU5HLCBuZXN0ZWQyKQorICAgIGFzc2VydF9l cXVhbCh0cnVlLCBuZXN0ZWQyLmluZmluaXRlX2xlbmd0aCkKKyAgICBhc3Nl cnRfZXF1YWwoMiwgbmVzdGVkMi52YWx1ZS5zaXplKQorICAgIG9jdDIgPSBu ZXN0ZWQyLnZhbHVlWzBdCisgICAgYXNzZXJ0X3VuaXZlcnNhbChPcGVuU1NM OjpBU04xOjpPQ1RFVF9TVFJJTkcsIG9jdDIpCisgICAgYXNzZXJ0X2VxdWFs KGZhbHNlLCBvY3QyLmluZmluaXRlX2xlbmd0aCkKKyAgICBhc3NlcnRfdW5p dmVyc2FsKE9wZW5TU0w6OkFTTjE6OkVPQywgbmVzdGVkMi52YWx1ZVsxXSkK KyAgICBhc3NlcnRfZXF1YWwoZmFsc2UsIG5lc3RlZDIudmFsdWVbMV0uaW5m aW5pdGVfbGVuZ3RoKQorICAgIG9jdDMgPSBhc24xLnZhbHVlWzJdCisgICAg YXNzZXJ0X3VuaXZlcnNhbChPcGVuU1NMOjpBU04xOjpPQ1RFVF9TVFJJTkcs IG9jdDMpCisgICAgYXNzZXJ0X2VxdWFsKGZhbHNlLCBvY3QzLmluZmluaXRl X2xlbmd0aCkKKyAgICBhc3NlcnRfdW5pdmVyc2FsKE9wZW5TU0w6OkFTTjE6 OkVPQywgYXNuMS52YWx1ZVszXSkKKyAgICBhc3NlcnRfZXF1YWwoZmFsc2Us IGFzbjEudmFsdWVbM10uaW5maW5pdGVfbGVuZ3RoKQorICBlbmQKKworICBw cml2YXRlCiAgIAorICBkZWYgYXNzZXJ0X3VuaXZlcnNhbCh0YWcsIGFzbjEp CisgICAgYXNzZXJ0X2VxdWFsKHRhZywgYXNuMS50YWcpCisgICAgaWYgYXNu MS5yZXNwb25kX3RvPyg6dGFnZ2luZykKKyAgICAgIGFzc2VydF9uaWwoYXNu MS50YWdnaW5nKQorICAgIGVuZAorICAgIGFzc2VydF9lcXVhbCg6VU5JVkVS U0FMLCBhc24xLnRhZ19jbGFzcykKKyAgZW5kCisgIAogZW5kIGlmIGRlZmlu ZWQ/KE9wZW5TU0wpCiAK --mimepart_4d4edfefdc621_1dc2aecd18c256fb--