Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unused bits in asn1 bit string #1610

Closed
moshe-shahar opened this issue May 2, 2018 · 7 comments

Comments

Projects
None yet
7 participants
@moshe-shahar
Copy link

commented May 2, 2018

Description

  • Type: Bug
  • Priority: Minor

mbed TLS build:
Version: 2.8.0 (latest)


Bugs

The unused bits in mbedtls_asn1_write_bitstring are not as expected and should contain also the trailing zeros.
Tested against Python cryptography library

From spec:

Named bit lists are BIT STRINGs where the values have been assigned
names. This specification makes use of named bit lists in the
definitions for the key usage, CRL distribution points, and freshest
CRL certificate extensions, as well as the freshest CRL and issuing
distribution point CRL extensions. When DER encoding a named bit
list, trailing zeros MUST be omitted.
That is, the encoded value
ends with the last named bit that is set to one.

@RonEld

This comment has been minimized.

Copy link
Contributor

commented May 3, 2018

For reference, the The quote is from RFC5280 Appendix B

@RonEld

This comment has been minimized.

Copy link
Contributor

commented May 3, 2018

@moshe-shahar Please specify what is the current behavior, what is the expected behavior and how to reproduce.

@moshe-shahar

This comment has been minimized.

Copy link
Author

commented May 3, 2018

Current behavior is to set the unused bits field in the DER to modulo 8 on bits argument.
Expected behavior is set the unused bits field to include the trailing zeros.
Example for 1000000 bit string with 7 bits len:
Current unused bits is 1.
Expected is 7 (1+6 trailing zeros).

@trianglee

This comment has been minimized.

Copy link

commented Sep 6, 2018

@sbutcher-arm This defect is now biting us - we cannot encode a specific field we need to encode in a CSR. Is there any forecast to when this could be looked at?

@ciarmcom

This comment has been minimized.

Copy link
Member

commented Sep 12, 2018

ARM Internal Ref: IOTSSL-2526

@hanno-arm

This comment has been minimized.

Copy link
Contributor

commented Sep 27, 2018

@moshe-shahar I think we need to distinguish between raw bitstrings, which may include trailing zero bits, and named bit lists, for which such are forbidden in DER. Changing mbedtls_asn1_write_bitstring() to remove trailing bits doesn't seem to be the right approach to me. Instead, I think we should add a new pair of API calls for parsing and writing named bit lists. See #2028 for more details. Apologies if I mixed up things, please let me know if you see the matter differently.

@moshe-shahar

This comment has been minimized.

Copy link
Author

commented Oct 2, 2018

@hanno-arm, I can't comment or suggest what is the correct fix since I'm not sure I'm familiar with all cases this library should support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.