-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid BER decoding of OIDs #4023
Comments
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 18, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
randombit
added a commit
that referenced
this issue
May 21, 2024
The handling for OID encoding did not correctly handle OIDs that begin with 2.x where x >= 40. Fixes #4023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, we've found an issue with Botan's BER decoding of OIDs.
The byte sequence
0x06 0x02 0x79 0x01
should yield the OID2.41.1
. However, Botan decodes it as3.1.1
. Please note that3.1.1
is explicitly forbidden by the standard (see ITU-T X.660 Annex A.2).According to the standard, the first "byte" is encoded by multiplying the first object identifier component by 40 and adding the second object identifier component:
2 * 40 + 41 = 121 (0x79)
(see ITU-T X.690 Section 8.19.4). When decoding this byte, Botan interprets this as3 * 40 + 1
. For arc0
and1
only subidentifiers up to39
are allowed (they couldn't be distinguished otherwise) (see ITU-T X.660 Section 7.6). For arc2
, there's no such limitation.Furthermore, Botan does treat the first byte as a single byte. That is another issuer: The valid OID
2.999.1234
cannot be encoded/decoded by Botan. For this to work, Botan must use the same variable length encoding (bit 8 set to 1) for the first "byte" (see ITU-T X.690 Section 8.19.2).Helpful Links:
The text was updated successfully, but these errors were encountered: