245429 - ASN1 encoder asserts on CMMF templates

Assignee

Description

•

21 years ago

When the ASN.1 encoder is called to encode a simple (?) CMMF message containing one or more certs, the encoder asserts. Going past the first assertion causes an essentially identical assertion to occur shortly thereafter. Turning off the assertions causes the encoder to output a message with invalid SEQUENCE lengths. The template in question is CMMFCertRepContentTemplate. The function that attempts to encode with it is CMMF_EncodeCertRepContent. Here are some of the relevant templates from file nss/lib/crmf/asn1cmn.c: const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = { { SEC_ASN1_SEQUENCE_OF| SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_SignedCertificateTemplate)} }; const SEC_ASN1Template CMMFCertRepContentTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)}, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(CMMFCertRepContent, caPubs), CMMFSequenceOfCertsTemplate }, { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response), CMMFCertResponseTemplate}, { 0 } }; The first assertion occurs in function sec_asn1e_contents_length. It is trying to compute the length of the first component in the last SEQUENCE above, namely the constructed, optional, context-specific 1. It has fetched the kind of the subtemplate, and is now asserting: /* Having any of these bits is not expected here... */ PORT_Assert ((underlying_kind & (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_INLINE | SEC_ASN1_POINTER | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_SAVE | SEC_ASN1_SKIP)) == 0); Later it asserts in function sec_asn1e_init_state_based_on_template, in a very similar code path. /* * This is an implicit, non-universal (meaning, application-private * or context-specific) field. This results in a "magic" tag but * encoding based on the underlying type. We pushed a new state * that is based on the subtemplate (the underlying type), but * now we will sort of alias it to give it some of our properties * (tag, optional status, etc.). */ under_kind = state->theTemplate->kind; if ((under_kind & SEC_ASN1_MAY_STREAM) && !ignore_stream) { may_stream = PR_TRUE; } under_kind &= ~SEC_ASN1_MAY_STREAM; } else { under_kind = encode_kind; } /* * Sanity check that there are no unwanted bits marked in under_kind. * These bits were either removed above (after we recorded them) or * they simply should not be found (signalling a bad/broken template). * XXX is this the right set of bits to test here? (i.e. need to add * or remove any?) */ PORT_Assert ((under_kind & (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_SKIP | SEC_ASN1_INNER | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_INLINE | SEC_ASN1_POINTER)) == 0); The encoder clearly doesn't expect that an implicit, non-pointer, context-specific template will point to a subtemplate that has any of those flags in them. In this case, we have an implicit constructed context-specific template pointing to a subtemplate that has the XTRN (a.k.a "DYNAMIC") flag. Is that wrong? invalid? (and if so, why?) Is some flag missing (such as EXPLICIT) that ought to be present in the outer constructed context-specific template? Does there need to be another level of indirection here? Taking a step back from the ASN.1 encoder issue itself, it seems to me that this code is trying to go about this the wrong way. Given that the cert(s) to be sent out are already fully encoded, the templates should probably be sending a sequence of ANY, rather than a sequence of SEC_SignedCertificateTemplate. The CMMF code shouldn't be re-encoding the certs from their components (as it is now trying to do), but rather should be sending out the already encoded certs. So, that will need to be fixed, and the fix may ultimately moot the question of why this particular set of templates doesn't work. But I want to know why this combination of templates fails, and whether these templates are invalid, or whether this is a bug in the encoder. If the encoder is buggy, I think it needs to be fixed, whether the CMMF library is fixed or not. We need a document that specifies what combinations of flags in a template are not allowed, and what combinations of templates and subtemplates are not allowed, and WHY (e.g. would violate ASN.1, or just an implementation limitation). The existing document on our templates, at http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn1.html is very helpful, but stops short of documenting the disallowed and/or required combinations. Julien, any light you can shed on this subject would be appreciated. One more thought. In XXXXXXXXXX there is a comment that asks: /* XXX Should we recurse here? */ I think the answer is yes. Doing so eliminates the first assertion, but not the second, and improves the lengths in the encoded output, but still does not make them correct (they end up being about double the correct values).

patch part 1 - global rename some variables 21 years ago Nelson Bolyard (seldom reads bugmail) 6.28 KB, patch	wtc : superreview+	Details \| Diff \| Splinter Review
Patch part 2 - split big function into two 21 years ago Nelson Bolyard (seldom reads bugmail) 11.55 KB, patch	wtc : review+	Details \| Diff \| Splinter Review
patch part 3 - misc fixes. 21 years ago Nelson Bolyard (seldom reads bugmail) 2.92 KB, patch	wtc : review+	Details \| Diff \| Splinter Review
Patch part 4 - handle dynamic subtemplates 21 years ago Nelson Bolyard (seldom reads bugmail) 6.21 KB, patch	rrelyea : review+	Details \| Diff \| Splinter Review
patch part 5 - handle streaming, separate no-header cases 21 years ago Nelson Bolyard (seldom reads bugmail) 12.52 KB, patch		Details \| Diff \| Splinter Review