Comments (7)
Today I discovered exactly the problem reported here.
I am not certain the proposed fix is correct. Looking at BER length encoding seems to me that the indefinite length encoding has the only length octet 0x80, but tag can be encoded on more octets, so the length octet can be on offset 1 or more... So the condition self._header[-1] == b'\x80'
is basicaly correct, but must be completed by test, that preceding octet is not higher length octet...
from asn1crypto.
Can you provide an example of an encoded ASN.1 value that exposes this bug?
From my understanding the header can’t end in 0x80
for the DER encoding. See the high bit is set, but then the length is set to 0 since all seven lower bits are 0. This switches to indefinite length mode, which is used when streaming a value where the encoder doesn’t know the total length. As a result the decoder has to look for indefinite chunks. This by definition isn’t DER encoding since there can only be one canonical DER encoding. Instead this implied a BER encoding.
This is why I’d like an example so I can see what is actually going on.
from asn1crypto.
I mentioned the example in bug #195 already. See my last comments there. The certificate in the attached zip file... The highest bit you mentioned - this is about the short form (length up to 127). There can be a number of length octets in header for a length over 127. The last octet can be 0x80 quite easily.
from asn1crypto.
Posting an example on a different issue isn’t as helpful as posting it on the issue about the bug.
My recollection is fuzzy, but I thought the high bit was not set on any of the length bits? Or are you saying it is only not set on a single-byte-encoded length?
from asn1crypto.
Yeah, so that was most likely the source of the bug in the implementation. https://luca.ntop.org/Teaching/Appunti/asn1.html Confirms the high bit only matters on the first byte.
from asn1crypto.
For example I have the problem in this structure.
cms.zip
The second item have this header:
SEQUENCE (5 elem) - 30 82 0A 80
And last byte is 80, but this byte is last byte of length - 0x0A 0x80 of sequence.
from asn1crypto.
I am afraid that test can't be easily written in only one if statement. Identification/tag can occupy more than the first octet of the header. So self._header[1] is not necessarily the first length octet...
from asn1crypto.
Related Issues (20)
- CMS.py Contains TWO Conflicting Definitions of RecipientKeyIdentifier HOT 6
- Exception in ValidationContext.validate_usage() during OCSP response parsing HOT 5
- ERROR: No matching distribution found for ans1crypto HOT 1
- How to parse certificate_policies_value HOT 4
- PublicKeyAlgorithm does not encode None parameters as ASN1 Null element for RSA Keys HOT 3
- CI Test throw error due to expired certificate HOT 1
- Error parsing Microsoft Root Agency Certificate HOT 2
- What is the difference between x509.Certificate.contents and x509.Certificate.dump() HOT 2
- Calling dump on a SignedData object took 30 seconds HOT 12
- How to add support for custom OIDs in the x509 module HOT 1
- Issue report: x509.Name fails to process the TCG OIDs (2.23.133.2.*) HOT 8
- Crash with UTF8String in Subject (akash provider certificates) HOT 2
- OCSP response extension parsing fails HOT 1
- ValueError: Hash algorithm not known for rsassa_pkcs1v15 HOT 3
- Error parsing valid EncryptedContentInfo HOT 6
- Support Python 3.12 HOT 1
- NameTypeAndValue of type "unique_indentifier" cannot be prepared
- Please make a new release HOT 2
- pem.unarmor very poor performance
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asn1crypto.