Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL::ASN1 der translation inconsistent #119

Closed
HoneyryderChuck opened this issue Dec 20, 2016 · 5 comments · May be fixed by #265
Closed

OpenSSL::ASN1 der translation inconsistent #119

HoneyryderChuck opened this issue Dec 20, 2016 · 5 comments · May be fixed by #265
Assignees
@kares
Labels
asn.1

Comments

@HoneyryderChuck
Copy link
Contributor

HoneyryderChuck commented Dec 20, 2016
edited by headius

#to_der doesn't seem to be inconsistent encoding context-specific ASN1 data. This is a gist which hopefully demonstrate the issue:

require "openssl"                                           
int = OpenSSL::ASN1::Integer.new(1)                                   
data = OpenSSL::ASN1::ASN1Data.new([int], 1, :CONTEXT_SPECIFIC)       
puts "original asn:"                                                  
puts data.inspect                                                     
der = data.to_der                                                    
puts "der is: #{der.unpack("H*")}"                           
asn = OpenSSL::ASN1.decode der
puts "asn:"                                                           
puts asn.inspect

Here is the output against jruby 9.1.6.0 (latest stable as of now):

original asn:
#<OpenSSL::ASN1::ASN1Data:0x7cc55834 @tag=1, @tag_class=:CONTEXT_SPECIFIC, @value=[#OpenSSL::ASN1::Integer:0x37a54f5e @tag=2, @tag_class=:UNIVERSAL, @tagging=nil, @value=1, infinite_length=false>]>
der is: ["810101"]
asn:
#<OpenSSL::ASN1::ASN1Data:0x434a314e @tag=1, @tag_class=:CONTEXT_SPECIFIC, @value=[#OpenSSL::ASN1::OctetString:0x4811fb9e @tag=4, @tag_class=:UNIVERSAL, @tagging=nil, value="\x01", @infinite_length=false>]>

which shows that the original asn can't be encoded and decoded into the same structure.

Here's the output with MRI 2.1:

original asn:                                                                                                         
#<OpenSSL::ASN1::ASN1Data:0x007fb5b8e8dcb0 @tag=1, @value=[#OpenSSL::ASN1::Integer:0x007fb5b8e8dd00 @tag=2, @value=1, @tagging=nil, @tag_class=:UNIVERSAL, @infinite_length=false>], @tag_class=:CONTEXT_SPECIFIC, infinite_length=false> 
der is: ["a103020101"]                                                                                                
asn:                                                                                                                  
#<OpenSSL::ASN1::ASN1Data:0x007fb5b8e8d288 @tag=1, @value=[#OpenSSL::ASN1::Integer:0x007fb5b8e8d2b0 @tag=2, @value=#<OpenSSL::BN:0x007fb5b8e8d2d8>, @tagging=nil, @tag_class=:UNIVERSAL, @infinite_length=false>], tag_class=:CONTEXT_SPECIFIC, @infinite_length=false>

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@HoneyryderChuck HoneyryderChuck mentioned this issue Dec 21, 2016
Open
@HoneyryderChuck
Copy link
Contributor Author

ping

@kares
Copy link
Member

kares commented Feb 20, 2017

hey! sorry for the inconvenience. its a long-term (known) issue. JOSSL does not handle ASN.1 the same and there are edge cases where it simply might need internal refactoring - with lots of 💛. unfortunately, as this is a infrastructure piece, its rare to find contributions accomplishing such a big task. sorry for the inconvenience. if you can please look at it in detail if it relates to any of the already reported ASN.1 issues.

@HoneyryderChuck
Copy link
Contributor Author

sorry for the inconvenience. its a long-term (known) issue.

didn't know that. Do you have such long-term issues/incompatibilities with stock MRI described somewhere, like jruby?

if you can please look at it in detail if it relates to any of the already reported ASN.1 issues.

The ASN.1 issues I found relate to decoding, not encoding. My script shows you 2 different outputs for encoding an ASN.1 element, depending of which ruby you use:

int = OpenSSL::ASN1::Integer.new(1)
data = OpenSSL::ASN1::ASN1Data.new([int], 1, :CONTEXT_SPECIFIC)
der = data.to_der
puts der.unpack("H*").first
# MRI: "a103020101", which is right
# JRuby: "810101"

one could start by creating a test for this specific case and then slowly take care of things. I don't know much about setting a development environment for jruby-openssl, so I don't know of how much help could I be. I just thought that ASN.1 support would be more mature, as TLS certificates are encoded in this stone-age encoding protocol (I guess I like it as much you do).

@HoneyryderChuck
Copy link
Contributor Author

Just for context, I use this for a client SNMP library (which encodes packets in ASN.1). We're mostly using MRI, for now.

@HoneyryderChuck HoneyryderChuck mentioned this issue Mar 28, 2017
Merged
@HoneyryderChuck HoneyryderChuck mentioned this issue Apr 12, 2023
Open
@kares kares added the asn.1 label Apr 11, 2024
@kares kares self-assigned this Apr 27, 2024
kares added a commit that referenced this issue May 5, 2024
@kares
[fix] ASN1Data encoding with Array primitive value (#119)
46e5f87
@kares
Copy link
Member

kares commented May 5, 2024

this part should be resolved (>= 0.15.0) with 46e5f87

@kares kares closed this as completed May 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kares kares

Labels
asn.1
Projects
None yet
Milestone
No milestone
2 participants
@kares @HoneyryderChuck