--mimepart_4d4edfefdc621_1dc2aecd18c256fb
Content-Type: text/plain
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline

Bug #4374: [ext/openssl] ASN1.decode wrong for infinite length values
http://redmine.ruby-lang.org/issues/show/4374

Author: Martin Bosslet
Status: Open, Priority: Normal
Category: ext, Target version: 1.9.3
ruby -v: ruby 1.9.2p136 (2010-12-25 revision 30365) [i686-linux]

Hi all,

ASN.1 decoding behaves incorrectly for DER encodings with infinite lengthalues. Two examples:


require 'openssl'
require 'pp'

eoc = OpenSSL::ASN1::EndOfContent.new
int = OpenSSL::ASN1::Integer.new (1)

inner = OpenSSL::ASN1::Sequence.new([int, eoc])
inner.infinite_length = true

outer = OpenSSL::ASN1::Sequence.new([inner, eoc])
outer.infinite_length = true

asn1 = OpenSSL::ASN1.decode(outer.to_der)

pp asn1

=> #<OpenSSL::ASN1::Sequence:0x9b4bd70
 @infinite_length=true,
 @tag=16,
 @tag_class=:UNIVERSAL,
 @tagging=nil,
 @value=
  [#<OpenSSL::ASN1::Sequence:0x9b4bd84
    @infinite_length=true,
    @tag=16,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value=
     [#<OpenSSL::ASN1::Integer:0x9b4be24
       @infinite_length=false,
       @tag=2,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value=1>,
      #<OpenSSL::ASN1::EndOfContent:0x9b4bde8
       @infinite_length=false,
       @tag=0,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value="">,
      #<OpenSSL::ASN1::EndOfContent:0x9b4bdac
       @infinite_length=false,
       @tag=0,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value="">]>]>

The end of content DER for the outer Sequence is incorrectly stored with the values f the inner sequence. Although after encoding the resulting DER will be correct, the
structure should rather look like this:

#<OpenSSL::ASN1::Sequence:0x9f58ee0
 @infinite_length=true,
 @tag=16,
 @tag_class=:UNIVERSAL,
 @tagging=nil,
 @value=
  [#<OpenSSL::ASN1::Sequence:0x9f58f30
    @infinite_length=true,
    @tag=16,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value=
     [#<OpenSSL::ASN1::Integer:0x9f58f94
       @infinite_length=false,
       @tag=2,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value=1>,
      #<OpenSSL::ASN1::EndOfContent:0x9f58f6c
       @infinite_length=false,
       @tag=0,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value="">]>,
   #<OpenSSL::ASN1::EndOfContent:0x9f58f08
    @infinite_length=false,
    @tag=0,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value="">]>

Another example:

require 'openssl'
require 'pp'

eoc = OpenSSL::ASN1::EndOfContent.new
oct = OpenSSL::ASN1::OctetString.new ("\x01")

inner = OpenSSL::ASN1::Constructive.new([oct, eoc], OpenSSL::ASN1::OCTET_STRING)
inner.infinite_length = true

outer = OpenSSL::ASN1::Constructive.new([inner, eoc], OpenSSL::ASN1::OCTET_STRING)
outer.infinite_length = true

asn1 = OpenSSL::ASN1.decode(outer.to_der)

pp asn1

=> <OpenSSL::ASN1::ASN1Data:0xa0fcdf0
 @infinite_length=true,
 @tag=4,
 @tag_class=:CONTEXT_SPECIFIC,
 @value=
  [#<OpenSSL::ASN1::Constructive:0xa0fce04
    @infinite_length=true,
    @tag=4,
    @tag_class=:UNIVERSAL,
    @tagging=:EXPLICIT,
    @value=
     [#<OpenSSL::ASN1::ASN1Data:0xa0fce2c
       @infinite_length=true,
       @tag=4,
       @tag_class=:CONTEXT_SPECIFIC,
       @value=
        [#<OpenSSL::ASN1::Constructive:0xa0fce40
          @infinite_length=true,
          @tag=4,
          @tag_class=:UNIVERSAL,
          @tagging=:EXPLICIT,
          @value=
           [#<OpenSSL::ASN1::OctetString:0xa0fcee0
             @infinite_length=false,
             @tag=4,
             @tag_class=:UNIVERSAL,
             @tagging=nil,
             @value="\x01">,
            #<OpenSSL::ASN1::EndOfContent:0xa0fceb8
             @infinite_length=false,
             @tag=0,
             @tag_class=:UNIVERSAL,
             @tagging=nil,
             @value="">,
            #<OpenSSL::ASN1::EndOfContent:0xa0fce68
             @infinite_length=false,
             @tag=0,
             @tag_class=:UNIVERSAL,
             @tagging=nil,
             @value="">]>]>]>]>

Here it's worse, because when calling asn1.to_der it will even result in an error:

test.rb:17:in `to_der': invalid constructed encoding (OpenSSL::ASN1::ASN1Error)
	from test.rb:17:in `each'
	from test.rb:17:in `to_der'
	from test.rb:17:in `<main>'

The problem are the defaults for tagging and tag_class in ossl_asn1_initialize that are not ntuitive and are defaults for tagged DER values instead of "normal" values.

The correct structure for the above would look like this:

#<OpenSSL::ASN1::Constructive:0x93ed128
 @infinite_length=true,
 @tag=4,
 @tag_class=:UNIVERSAL,
 @tagging=nil,
 @value=
  [#<OpenSSL::ASN1::Constructive:0x93ed178
    @infinite_length=true,
    @tag=4,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value=
     [#<OpenSSL::ASN1::OctetString:0x93ed1c8
       @infinite_length=false,
       @tag=4,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value="\x01">,
      #<OpenSSL::ASN1::EndOfContent:0x93ed1a0
       @infinite_length=false,
       @tag=0,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value="">]>,
   #<OpenSSL::ASN1::EndOfContent:0x93ed150
    @infinite_length=false,
    @tag=0,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value="">]>

The attached patch fixes the problems and has also "more natural" defaults for
ossl_asn1_initialize.

Regards,
Martin


----------------------------------------
http://redmine.ruby-lang.org

--mimepart_4d4edfefdc621_1dc2aecd18c256fb
Content-Type: text/x-patch; name=fix_asn1.diff
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; filename=fix_asn1.diff

SW5kZXg6IHJ1YnkvZXh0L29wZW5zc2wvb3NzbF9hc24xLmMKPT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PQotLS0gcnVieS9leHQvb3BlbnNzbC9vc3NsX2FzbjEu
YwkoUmV2aXNpb24gMzA4MTApCisrKyBydWJ5L2V4dC9vcGVuc3NsL29zc2xf
YXNuMS5jCShBcmJlaXRza29waWUpCkBAIC03MzQsOCArNzM0LDkgQEAKICAg
ICBhcnkgPSByYl9hcnlfbmV3KCk7CiAgICAgcCA9ICpwcDsKICAgICB3aGls
ZShsZW5ndGggPiAwKXsKIAlwMCA9IHA7CisgICAgICAgaW5maW5pdGUgPSAw
OwogCWogPSBBU04xX2dldF9vYmplY3QoJnAwLCAmbGVuLCAmdGFnLCAmdGMs
IGxlbmd0aCk7CiAJcCA9ICh1bnNpZ25lZCBjaGFyICopcDA7CiAJaWYoaiAm
IDB4ODApIG9zc2xfcmFpc2UoZUFTTjFFcnJvciwgTlVMTCk7CkBAIC04MjYs
NiArODI3LDcgQEAKICAgICAgICAgICAgICAgICAgICAgYXNuMWRhdGEgPSBy
Yl9mdW5jYWxsKGNBU04xRW5kT2ZDb250ZW50LAogICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgcmJfaW50ZXJuKCJuZXciKSwK
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDAp
OworICAgICAgICAgICAgICAgICAgICBvbmNlID0gMTsKICAgICAgICAgICAg
ICAgICB9CiAgICAgICAgICAgICAgICAgZWxzZXsKICAgICAgICAgICAgICAg
ICAgICAgYXNuMWRhdGEgPSByYl9mdW5jYWxsKGtsYXNzLCByYl9pbnRlcm4o
Im5ldyIpLCAxLCB2YWx1ZSk7CkBAIC05MTIsMTIgKzkxNCwxNCBAQAogICAg
IGlmKGFyZ2MgPiAxKXsKIAlpZihOSUxfUCh0YWcpKQogCSAgICBvc3NsX3Jh
aXNlKGVBU04xRXJyb3IsICJtdXN0IHNwZWNpZnkgdGFnIG51bWJlciIpOwot
ICAgICAgICBpZihOSUxfUCh0YWdnaW5nKSkKLQkgICAgdGFnZ2luZyA9IElE
MlNZTShzRVhQTElDSVQpOwotCWlmKCFTWU1CT0xfUCh0YWdnaW5nKSkKLQkg
ICAgb3NzbF9yYWlzZShlQVNOMUVycm9yLCAiaW52YWxpZCB0YWcgZGVmYXVs
dCIpOwotCWlmKE5JTF9QKHRhZ19jbGFzcykpCi0JICAgIHRhZ19jbGFzcyA9
IElEMlNZTShzQ09OVEVYVF9TUEVDSUZJQyk7CisgICAgICAgIGlmKCFOSUxf
UCh0YWdnaW5nKSAmJiAhU1lNQk9MX1AodGFnZ2luZykpCisJICAgIG9zc2xf
cmFpc2UoZUFTTjFFcnJvciwgImludmFsaWQgdGFnZ2luZyBtZXRob2QiKTsK
KwlpZihOSUxfUCh0YWdfY2xhc3MpKSB7CisgICAgICAgICAgICBpZiAoTklM
X1AodGFnZ2luZykpCisgICAgICAgICAgICAgICAgdGFnX2NsYXNzID0gSUQy
U1lNKHNVTklWRVJTQUwpOworICAgICAgICAgICAgZWxzZQorICAgICAgICAg
ICAgICAgIHRhZ19jbGFzcyA9IElEMlNZTShzQ09OVEVYVF9TUEVDSUZJQyk7
CisgICAgICAgIH0KIAlpZighU1lNQk9MX1AodGFnX2NsYXNzKSkKIAkgICAg
b3NzbF9yYWlzZShlQVNOMUVycm9yLCAiaW52YWxpZCB0YWcgY2xhc3MiKTsK
IAlpZihTWU0ySUQodGFnZ2luZykgPT0gc0lNUExJQ0lUICYmIE5VTTJJTlQo
dGFnKSA+IDMxKQpJbmRleDogcnVieS90ZXN0L29wZW5zc2wvdGVzdF9hc24x
LnJiCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHJ1YnkvdGVzdC9vcGVu
c3NsL3Rlc3RfYXNuMS5yYgkoUmV2aXNpb24gMzA4MTApCisrKyBydWJ5L3Rl
c3Qvb3BlbnNzbC90ZXN0X2FzbjEucmIJKEFyYmVpdHNrb3BpZSkKQEAgLTQz
OCw2ICs0MzgsNTEgQEAKICAgICAgIE9wZW5TU0w6OkFTTjEuZGVjb2RlX2Fs
bChyYXcpCiAgICAgZW5kCiAgIGVuZAorCisgIGRlZiB0ZXN0X3JlY3Vyc2l2
ZV9vY3RldF9zdHJpbmdfcGFyc2UKKyAgICB0ZXN0ID0gJXd7IDI0IDgwIDI0
IDgwIDA0IDAxIDAxIDAwIDAwIDI0IDgwIDA0IDAxIDAyIDAwIDAwIDA0IDAx
IDAzIDAwIDAwIH0KKyAgICByYXcgPSBbdGVzdC5qb2luKCcnKV0ucGFjaygn
SConKQorICAgIGFzbjEgPSBPcGVuU1NMOjpBU04xLmRlY29kZShyYXcpCisg
ICAgYXNzZXJ0X2VxdWFsKE9wZW5TU0w6OkFTTjE6OkNvbnN0cnVjdGl2ZSwg
YXNuMS5jbGFzcykKKyAgICBhc3NlcnRfdW5pdmVyc2FsKE9wZW5TU0w6OkFT
TjE6Ok9DVEVUX1NUUklORywgYXNuMSkKKyAgICBhc3NlcnRfZXF1YWwodHJ1
ZSwgYXNuMS5pbmZpbml0ZV9sZW5ndGgpCisgICAgYXNzZXJ0X2VxdWFsKDQs
IGFzbjEudmFsdWUuc2l6ZSkKKyAgICBuZXN0ZWQxID0gYXNuMS52YWx1ZVsw
XQorICAgIGFzc2VydF9lcXVhbChPcGVuU1NMOjpBU04xOjpDb25zdHJ1Y3Rp
dmUsIG5lc3RlZDEuY2xhc3MpCisgICAgYXNzZXJ0X3VuaXZlcnNhbChPcGVu
U1NMOjpBU04xOjpPQ1RFVF9TVFJJTkcsIG5lc3RlZDEpCisgICAgYXNzZXJ0
X2VxdWFsKHRydWUsIG5lc3RlZDEuaW5maW5pdGVfbGVuZ3RoKQorICAgIGFz
c2VydF9lcXVhbCgyLCBuZXN0ZWQxLnZhbHVlLnNpemUpCisgICAgb2N0MSA9
IG5lc3RlZDEudmFsdWVbMF0KKyAgICBhc3NlcnRfdW5pdmVyc2FsKE9wZW5T
U0w6OkFTTjE6Ok9DVEVUX1NUUklORywgb2N0MSkKKyAgICBhc3NlcnRfZXF1
YWwoZmFsc2UsIG9jdDEuaW5maW5pdGVfbGVuZ3RoKQorICAgIGFzc2VydF91
bml2ZXJzYWwoT3BlblNTTDo6QVNOMTo6RU9DLCBuZXN0ZWQxLnZhbHVlWzFd
KQorICAgIGFzc2VydF9lcXVhbChmYWxzZSwgbmVzdGVkMS52YWx1ZVsxXS5p
bmZpbml0ZV9sZW5ndGgpCisgICAgbmVzdGVkMiA9IGFzbjEudmFsdWVbMV0K
KyAgICBhc3NlcnRfZXF1YWwoT3BlblNTTDo6QVNOMTo6Q29uc3RydWN0aXZl
LCBuZXN0ZWQyLmNsYXNzKQorICAgIGFzc2VydF91bml2ZXJzYWwoT3BlblNT
TDo6QVNOMTo6T0NURVRfU1RSSU5HLCBuZXN0ZWQyKQorICAgIGFzc2VydF9l
cXVhbCh0cnVlLCBuZXN0ZWQyLmluZmluaXRlX2xlbmd0aCkKKyAgICBhc3Nl
cnRfZXF1YWwoMiwgbmVzdGVkMi52YWx1ZS5zaXplKQorICAgIG9jdDIgPSBu
ZXN0ZWQyLnZhbHVlWzBdCisgICAgYXNzZXJ0X3VuaXZlcnNhbChPcGVuU1NM
OjpBU04xOjpPQ1RFVF9TVFJJTkcsIG9jdDIpCisgICAgYXNzZXJ0X2VxdWFs
KGZhbHNlLCBvY3QyLmluZmluaXRlX2xlbmd0aCkKKyAgICBhc3NlcnRfdW5p
dmVyc2FsKE9wZW5TU0w6OkFTTjE6OkVPQywgbmVzdGVkMi52YWx1ZVsxXSkK
KyAgICBhc3NlcnRfZXF1YWwoZmFsc2UsIG5lc3RlZDIudmFsdWVbMV0uaW5m
aW5pdGVfbGVuZ3RoKQorICAgIG9jdDMgPSBhc24xLnZhbHVlWzJdCisgICAg
YXNzZXJ0X3VuaXZlcnNhbChPcGVuU1NMOjpBU04xOjpPQ1RFVF9TVFJJTkcs
IG9jdDMpCisgICAgYXNzZXJ0X2VxdWFsKGZhbHNlLCBvY3QzLmluZmluaXRl
X2xlbmd0aCkKKyAgICBhc3NlcnRfdW5pdmVyc2FsKE9wZW5TU0w6OkFTTjE6
OkVPQywgYXNuMS52YWx1ZVszXSkKKyAgICBhc3NlcnRfZXF1YWwoZmFsc2Us
IGFzbjEudmFsdWVbM10uaW5maW5pdGVfbGVuZ3RoKQorICBlbmQKKworICBw
cml2YXRlCiAgIAorICBkZWYgYXNzZXJ0X3VuaXZlcnNhbCh0YWcsIGFzbjEp
CisgICAgYXNzZXJ0X2VxdWFsKHRhZywgYXNuMS50YWcpCisgICAgaWYgYXNu
MS5yZXNwb25kX3RvPyg6dGFnZ2luZykKKyAgICAgIGFzc2VydF9uaWwoYXNu
MS50YWdnaW5nKQorICAgIGVuZAorICAgIGFzc2VydF9lcXVhbCg6VU5JVkVS
U0FMLCBhc24xLnRhZ19jbGFzcykKKyAgZW5kCisgIAogZW5kIGlmIGRlZmlu
ZWQ/KE9wZW5TU0wpCiAK

--mimepart_4d4edfefdc621_1dc2aecd18c256fb--