Empty body is not necessarily an error #33

New Issue

2024-08-21T06:22:00-07:00

henris42 commented

2024-08-21 06:22:00 -07:00

(Migrated from github.com)

When decoding PKCS#7, you might see elements with empty body, like empty SET in this:

0 525: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 510: [0] {
19 506: SEQUENCE {
23 1: INTEGER 1
26 0: SET {}
28 11: SEQUENCE {
30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }

This is valid PKCS#7, produced by EJBCA. OpenSSL accepts this fine.

However simple_asn1 fails this with EmptyBuffer. This means PKCS#7 is unparseable.

Empty bodies should be supported somehow to enable p7 parsing.

I forked the code and made SET return empty vector if its empty, but more generic solution should be created. One possibility might be an crate option that would make empty containers return empty vector? Thoughts?

When decoding PKCS#7, you might see elements with empty body, like empty SET in this: 0 525: SEQUENCE { 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 15 510: [0] { 19 506: SEQUENCE { 23 1: INTEGER 1 26 0: SET {} 28 11: SEQUENCE { 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) : } This is valid PKCS#7, produced by EJBCA. OpenSSL accepts this fine. However simple_asn1 fails this with EmptyBuffer. This means PKCS#7 is unparseable. Empty bodies should be supported somehow to enable p7 parsing. I forked the code and made SET return empty vector if its empty, but more generic solution should be created. One possibility might be an crate option that would make empty containers return empty vector? Thoughts?

👍 1

strideynet commented

2025-04-09 03:45:52 -07:00

(Migrated from github.com)

This also impacts the parsing of X509 certificates with an empty Subject Name sequence.

👍 1

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: acw/simple_asn1#33