Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct tagging in cms.AttCertIssuer #220

Merged
merged 2 commits into from Jan 27, 2022
Merged

Correct tagging in cms.AttCertIssuer #220

merged 2 commits into from Jan 27, 2022

Conversation

MatthiasValvekens
Copy link
Contributor

@MatthiasValvekens MatthiasValvekens commented Dec 22, 2021
edited

Another tagging issue with X.509 attribute certificates (compare #218 and #219). This one is a bit more fundamental, since it affects all V2 attribute certificates.

While doing some interoperability testing with other tooling that handles X.509 attribute certificates (BouncyCastle, as it happens), I discovered that neither library was able to parse the other's ACs.

After doing some digging, I found that the definition of AttCertIssuer in asn1crypto has a typo: since the ASN.1 module uses implicit tags (see e.g. RFC 5755), the v2_form alternative needs to be tagged implicitly, not explicitly.

Side note: the rule mandating that all choice types be tagged explicitly only applies to the case where the tag's "argument" is a choice type, not to tagging within a choice type.

I've fixed the issue and added a regression test (using a pathological AC without any attributes).

MatthiasValvekens added a commit to MatthiasValvekens/certvalidator that referenced this pull request Dec 22, 2021
@MatthiasValvekens
Work around V2Form tagging issue in asn1crypto
ca3cf24 
See wbond/asn1crypto#220.
@MatthiasValvekens
Correct tagging in cms.AttCertIssuer
f8214f9 
V2Form needs to be tagged implicitly, not explicitly.
MatthiasValvekens added a commit to MatthiasValvekens/certomancer that referenced this pull request Dec 22, 2021
@MatthiasValvekens
Patch cms.AttCertIssuer in asn1crypto
e4d7cb3 
See wbond/asn1crypto#220.
@MatthiasValvekens
Copy link
Contributor Author

The test failure (and ensuing cancellation) are due to a network timeout in the certvalidator cross-module test, apparently. I'd rerun the CI, but it looks like I don't have access to the "Rerun all jobs" button in GH actions on this repository.

@wbond wbond merged commit 6250ee4 into wbond:master Jan 27, 2022
@MatthiasValvekens MatthiasValvekens deleted the bugfix/attcertissuer-tagging-fix branch January 27, 2022 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MatthiasValvekens @wbond