New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

An encoding tag problem of mbedtls_x509write_crt_der #1860

Closed
raprepo opened this Issue Jul 13, 2018 · 3 comments

Comments

Projects
None yet
5 participants
@raprepo

raprepo commented Jul 13, 2018

Description

  • Type: Bug
  • Priority: Major

Bug

When the subject_name or issuer_name contains non-ASCII printable characters (such as Chinese, Japanese, Russian, etc.), the certificate content output by mbedtls_x509write_crt_der will have some problems.

This problem can be replay with cert_write program.
Just set subject_name=CN=Cert,O=中文汉字,C=UK

When the program runs successfully, the certificate can be generated, but when you view the contents of the certificate, you can find that the contents of the subject and/or issuer are not correct.

After debugging, I found the problem appeared here.

mbedtls_x509write_crt_der()
-> mbedtls_x509_write_names()
-> x509_write_name()
-> mbedtls_asn1_write_printable_string():
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_PRINTABLE_STRING ) );

When I replace MBEDTLS_ASN1_PRINTABLE_STRING with MBEDTLS_ASN1_UTF8_STRING, there is no problem.

This seems to be due to the use of the wrong TAG, which causes the system cannot decode the certificate content properly.

@RonEld

This comment has been minimized.

Contributor

RonEld commented Jul 15, 2018

@raprepo Thank you for reporting this issue!
I believe this is a duplicate of #468
Please confirm

@ciarmcom

This comment has been minimized.

Member

ciarmcom commented Sep 12, 2018

ARM Internal Ref: IOTSSL-2521

@hanno-arm

This comment has been minimized.

Contributor

hanno-arm commented Nov 8, 2018

Fixed through PR #1641.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment