Hello all:
While playing around with a project over the holidays, I ran into the following:
If you have an Optional Implicitly tagged GENERAL_NAMES, followed by
another optional implicitly tagged item, and you don't actually fill
in the GENERAL_NAMES structure (since it is optional), OpenSSL will
fail to properly DER encode the structure.
Here is a simple test case that demonstrates:
#include <assert.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
typedef struct foo {
ASN1_OBJECT *obj;
GENERAL_NAMES *names;
ASN1_OCTET_STRING *nonce;
} FOO;
DECLARE_ASN1_FUNCTIONS(FOO)
#define d2i_FOO_bio(bp,p) ASN1_d2i_bio_of(FOO, FOO_new, d2i_FOO, bp, p)
#define i2d_FOO_bio(bp,p) ASN1_i2d_bio_of(FOO, i2d_FOO, bp, p)
ASN1_SEQUENCE(FOO) = {
ASN1_SIMPLE(FOO, obj, ASN1_OBJECT),
ASN1_IMP_OPT(FOO, names, GENERAL_NAMES, 0),
ASN1_IMP_OPT(FOO, nonce, ASN1_OCTET_STRING, 1),
} ASN1_SEQUENCE_END(FOO)
IMPLEMENT_ASN1_FUNCTIONS(FOO)
int main()
{
FOO *f = FOO_new();
f->obj = OBJ_txt2obj("1.2.3.4", 1);
// comment out these two lines and the assertion won't blow up.
f->nonce = ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(f->nonce, "123456", 7);
BIO *tmp = BIO_new(BIO_s_mem());
i2d_FOO_bio(tmp, f);
FOO *dup = d2i_FOO_bio(tmp, NULL);
BIO_free_all(tmp);
assert(dup);
return 0;
}
Thanks for taking a look at this. If you need any more information
please let me know.
Patrick.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
