Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Indefinite length encoding supported on input?

See original GitHub issue

v0.21.1

Encountered a p12 file using indefinite length encoding in auth_safe. The Content-Info OctetString is not aggregated correctly from the substrings. The reconstructed OctetString is too large and the native value contains the ASN.1 headers of the substrings instead of only content.

Test case

Input string in hex = ‘2480040d8dfff0980736af936e423acfcc04159277f7f0e479ffc7dc33b2d03d7b1a186d4472aa490000’

dummy.zip

$ openssl asn1parse -inform DER -in dummy.da2 0:d=0 hl=2 l=inf cons: OCTET STRING
2:d=1 hl=2 l= 13 prim: OCTET STRING [HEX DUMP]:8DFFF0980736AF936E423ACFCC 17:d=1 hl=2 l= 21 prim: OCTET STRING [HEX DUMP]:9277F7F0E479FFC7DC33B2D03D7B1A186D4472AA49 40:d=1 hl=2 l= 0 prim: EOC

Expected behaviour: an OctetString whose native value is a byte string of length 34

>>> data = binascii.unhexlify('2480040d8dfff0980736af936e423acfcc04159277f7f0e479ffc7dc33b2d03d7b1a186d4472aa490000')
>>> x = core.OctetString.load(data)
>>> len(x.native)
34
>>> binascii.hexlify(x.native)
b'8dfff0980736af936e423acfcc9277f7f0e479ffc7dc33b2d03d7b1a186d4472aa49'

Observed behaviour:

>>> data = binascii.unhexlify('2480040d8dfff0980736af936e423acfcc04159277f7f0e479ffc7dc33b2d03d7b1a186d4472aa490000')
>>> x = core.OctetString.load(data)
>>> len(x.native)
38
>>> binascii.hexlify(x.native)
b'040d8dfff0980736af936e423acfcc04159277f7f0e479ffc7dc33b2d03d7b1a186d4472aa49'

## note ASN.1 headers 040d and 0415 are in the native value

Issue Analytics

State:
Created 7 years ago
Comments:15 (11 by maintainers)

Top GitHub Comments

2reactions

wbondcommented, Mar 2, 2017

This should be resolved by f577cfff05e37b4baf4820973400730868155477 and 04c7ea7657e57f54604b68e2ca497781819c7fc7

1reaction

wbondcommented, Mar 11, 2017

I believe this is all set now.

Top Results From Across the Web

A Layman's Guide to a Subset of ASN.1, BER, and DER

This view allows one to encode a value whose length is not known in advance (e.g., an octet string value input from a...

How to enforce definite length encoding with CMS in NSS?

I am trying to get NSS's CMS encoder to encode with DER, but the folks as mozilla have apparently only worried about BER...

A Warm Welcome to ASN.1 and DER - Let's Encrypt

Indefinite length To do this, you encode the length as a single byte with the value 80, and encode the value as a...

The difference between BER.DEFINITE-LENGTH and ... - IBM

With definite length encoding, the length of the content is known at the beginning of the encoding; With indefinite length, the length is ......

Using Coding Services - OSS Nokalva

The PDU class defines public static PDU decode(input, coder) methods for ... The TOED runtime BER encoder currently supports only definite-length encoding.