Re-evaluate OCTET STRING equality #203
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Assigning you guys too, so we can discuss this here.
Currently, we have two kinds of octet strings, because octet strings are frequently used to encode structures:
Asn1PrimitiveOctetStringis a primitive, containing unstructured dataAsn1EncapsulatingOctetStringis an ASN.1 structure with SEQUENCE semanticsWhen parsing ASN.1 bytes, we try to recursively decode octet strings into structures. If this works, we have an encapsulating variant, if this fails, we have have a primitive octet string. Now it is really not that unusual for a small (<20 bytes) octet string containing supposedly unstructured data, to accidentally contain a valid ASN.1 structure. Another was to reliably trigger this, is to SEC1-encode and decode few hundred P521 private keys. At least one of them is bound to contain an encapsulating octet string and some other foo as private key.
This parsing logic is fine and there is no other way to do it. All ASN.1 parsers inherently have to behave like this. The issue is equality. In #202, I added a conversion function
Asn1EncapsulatingOctetString.toPrimitive(), which will make an encapsulating octet string into a primitive one.The text was updated successfully, but these errors were encountered: