Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asn1: a bunch of bugfixes and test improvements #98

Merged
merged 16 commits into from Jul 25, 2017
Merged

asn1: a bunch of bugfixes and test improvements #98

merged 16 commits into from Jul 25, 2017

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Jan 17, 2017

No description provided.

@rhenium rhenium force-pushed the topic/asn1-overhaul branch 2 times, most recently from a5317e8 to 738b520 Compare January 24, 2017 04:52
@rhenium rhenium force-pushed the topic/asn1-overhaul branch 2 times, most recently from 471caf8 to 12dd5ef Compare April 20, 2017 04:54
@rhenium rhenium force-pushed the topic/asn1-overhaul branch 2 times, most recently from 34e0c07 to bafe23a Compare May 26, 2017 05:29
@rhenium
asn1: infinite length -> indefinite length
570f43e 
Replace all occurrences of 'infinite' with 'inDEfinite'. Accessor
methods OpenSSL::ASN1::ASN1Data#infinite_length and #infinite_length=
are kept as alias for backwards compatibility.
@rhenium
asn1: rearrange tests
ba33960 
Improve test coverage of OpenSSL::ASN1. Add more BER encode/decode
tests, while reducing redundant assertions.
@rhenium
asn1: remove an unnecessary function prototype
8a80e34
@rhenium
asn1: require tag information when instantiating generic type
e696490 
Improve the error message of the exception raised when
OpenSSL::ASN1::Primitive.new or OpenSSL::ASN1::Constructive.new is
called with one argument (which is wrong).
@rhenium
asn1: initialize 'unused_bits' attribute of BitString with 0
7df19c3 
Fix the initial value of 'unused_bits' attribute of
OpenSSL::ASN1::BitString. The attribute must always contain an Integer
in the range 0 to 7.
@rhenium
asn1: check for illegal 'unused_bits' value of BitString
e61502f 
Invalid values such as nil or values not in the range 0 to 7 are
silently coerced into the valid range. This behavior is confusing and
hides user bugs. Raise an exception instead if an illegal value is
specified.
@rhenium
asn1: disallow NULL to be passed to asn1time_to_time()
f61af66 
Let the callers check the validity of the ASN1_TIME.
@rhenium
asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
af895bc 
OpenSSL::ASN1::ObjectId#oid, which returns the dotted representation of
the OID, is silently truncating the result if it overflows the 128-bytes
buffer. Although it normally won't be more than 127-characters, it'd be
better to avoid. This can be done by checking the return value of
OBJ_obj2txt().

Previous releases of LibreSSL (< 2.5.1) have a bug in OBJ_obj2txt() and
it does not work if the resulting string would be larger than the
buffer. A workaround is added to the test. It should be removed when we
deprecate support for LibreSSL 2.4.
@rhenium
asn1: allow constructed encoding with definite length form
400d9ca 
Constructed encoding can use the definite length form as well as the
indefinite length form, regardless of the tag number.
@rhenium
asn1: prohibit indefinite length form for primitive encoding
a2b32a4 
The setter method #indefinite_length= for OpenSSL::ASN1::Primitive is
undef-ed, but we can still set 'indefinite_length' to true illegally
when constructing an object with the raw OpenSSL::ASN1::ASN1Data.

Indefinite length form is not possible in primitive encoding. Raise an
exception in OpenSSL::ASN1::ASN1Data#to_der if specified.
@rhenium
asn1: allow tag number to be >= 32 for universal tag class
22a944f 
There are actually high-tag universal types such as the time-of-day
type.
@rhenium
asn1: use ossl_asn1_tag()
3effe62 
Use ossl_asn1_tag() instead of the combination of ossl_asn1_get_tag()
and NUM2INT().
@rhenium
asn1: clean up OpenSSL::ASN1::Constructive#to_der
3fde14b 
Remove a mysterious behavior in Constructive#to_der: if the 'tagging'
attribute is set to :EXPLICIT and it is not an instance of universal
tag class classes, it "searches" the original tag from the first value
whose encoding is primitive.

	ary = [
	  OpenSSL::ASN1.Sequence([
	      OpenSSL::ASN1.OctetString("abc")
	  ])
	]
	cons = OpenSSL::ASN1::Constructive.new(ary, 1, :EXPLICIT)
	cons.to_der
	#=> "\xA1\x09\x24\x07\x30\x05\x04\x03\x61\x62\x63"
	#               ^
	#               This 4 comes from the OctetString

This is really confusing and nobody seems to be using this behavior.
Let's make it raise error instead.
@rhenium
asn1: harmonize OpenSSL::ASN1::*#to_der
27e4bad 
Extract the common paths for code reduction.
@rhenium
asn1: prevent EOC octets from being in the middle of the content
1d202b0 
Encoding with indefinite length form produces an invalid encoding if the
contents array contains an EOC object in the middle. Raise an exception
in that case.
@rhenium
asn1: do not treat EOC octets as part of content octets
6b67c6d 
We currently treat end-of-contents octets as a BER encoding of a value
whose tag is universal class and the number is zero, and require users
to put one in the end of 'value' array when encoding using indefinite
length form. However, the end-of-contents are just a marker indicating
the end of the contents and not really part of the contents.

Do not require users to put an EOC object in the content when encoding,
and don't produce an EOC object when decoding an encoding that uses
indefinite length form.
@rhenium rhenium merged commit 6b67c6d into ruby:master Jul 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@rhenium