<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/llqll">llqll</a> created an issue:
</p>
<div></div>
<p dir="auto">An error occurred when I verified a certificate, and the certificate contains an object identifier(TLV) of <code>"0x06,0x11, 0xfa, 0x80, 0x0, 0x0, 0x0, 0xe, 0x1, 0xe, 0xfa, 0x80,0x0, 0x0, 0x0, 0xe, 0x63, 0x6f"</code>.</p>
<p dir="auto">The error is "error parsing CRTs: ASN1 parser: Error in DER parsing."</p>
<p dir="auto">Through debugging,I found that an error occurred while parsing that object identifier. The reason is the leading octet have the value 0x80. But,in the object identifier value, the leading octet is 0xfa.</p>
<p dir="auto">The basis of this check is <code>x.690 8.19</code> (Encoding of an object identifier value).</p>
<p dir="auto"><a class="no-attachment-icon" href="https://user-content.gitlab-static.net/facd3982335086a9eb82682e55a618050ef0f50b/68747470733a2f2f6769746875622e636f6d2f6c6c716c6c2f696d6167652f7261772f6d61737465722f67322e706e67" target="_blank" rel="nofollow noreferrer noopener" data-canonical-src="https://github.com/llqll/image/raw/master/g2.png"><img src="https://user-content.gitlab-static.net/facd3982335086a9eb82682e55a618050ef0f50b/68747470733a2f2f6769746875622e636f6d2f6c6c716c6c2f696d6167652f7261772f6d61737465722f67322e706e67" alt="image text" data-canonical-src="https://github.com/llqll/image/raw/master/g2.png" style="max-width: 100%; height: auto;"></a></p>
<p dir="auto">After careful debugging, I found that the <code>asn1_get_object_id_der</code> function always checks the second byte instead of the leading byte of object identifier value.</p>
<p dir="auto"><a class="no-attachment-icon" href="https://user-content.gitlab-static.net/78f2cc49a057f8ad8bec7fa043d894d189d87531/68747470733a2f2f6769746875622e636f6d2f6c6c716c6c2f696d6167652f7261772f6d61737465722f67312e706e67" target="_blank" rel="nofollow noreferrer noopener" data-canonical-src="https://github.com/llqll/image/raw/master/g1.png"><img src="https://user-content.gitlab-static.net/78f2cc49a057f8ad8bec7fa043d894d189d87531/68747470733a2f2f6769746875622e636f6d2f6c6c716c6c2f696d6167652f7261772f6d61737465722f67312e706e67" alt="image text" data-canonical-src="https://github.com/llqll/image/raw/master/g1.png" style="max-width: 100%; height: auto;"></a></p>
<p dir="auto">In lib/decoding.c : asn1_get_object_id_der(), the <code>der</code> points to the length of the TLV structure instead of the tag, and <code>der[len_len + k]</code> is the second byte of the object identifier value instead of the leading byte.  Therefore, the function cannot properly check the encoding of the object identifier.</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/886">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/159860c31efabede56cd0b97771e8747/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/886"}}</script>


</p>
</div>
</body>
</html>