Bug #4374

[ext/openssl] ASN1.decode wrong for infinite length values

Added by MartinBosslet (Martin Bosslet) over 9 years ago. Updated over 9 years ago.

Target version:
ruby -v:
ruby 1.9.2p136 (2010-12-25 revision 30365) [i686-linux]


Hi all,

ASN.1 decoding behaves incorrectly for DER encodings with infinite length values. Two examples:

require 'openssl'
require 'pp'

eoc =
int = (1)

inner =[int, eoc])
inner.infinite_length = true

outer =[inner, eoc])
outer.infinite_length = true

asn1 = OpenSSL::ASN1.decode(outer.to_der)

pp asn1

=> #,

The end of content DER for the outer Sequence is incorrectly stored with the values
of the inner sequence. Although after encoding the resulting DER will be correct, the
structure should rather look like this:


Another example:

require 'openssl'
require 'pp'

eoc =
oct = ("\x01")

inner =[oct, eoc], OpenSSL::ASN1::OCTET_STRING)
inner.infinite_length = true

outer =[inner, eoc], OpenSSL::ASN1::OCTET_STRING)
outer.infinite_length = true

asn1 = OpenSSL::ASN1.decode(outer.to_der)

pp asn1

=> ,

Here it's worse, because when calling asn1.to_der it will even result in an error:

test.rb:17:in to_der': invalid constructed encoding (OpenSSL::ASN1::ASN1Error)
from test.rb:17:in
from test.rb:17:in to_der'
from test.rb:17:in

The problem are the defaults for tagging and tag_class in ossl_asn1_initialize that are not
intuitive and are defaults for tagged DER values instead of "normal" values.

The correct structure for the above would look like this:


The attached patch fixes the problems and has also "more natural" defaults for



fix_asn1.diff (3.62 KB) fix_asn1.diff MartinBosslet (Martin Bosslet), 02/07/2011 02:52 AM

Updated by MartinBosslet (Martin Bosslet) over 9 years ago

I verified that with the current code it's not possible to construct a Constructive
instance without tagging if the tag_class is passed as an explicit parameter.
Tagging will be set to :EXPLICIT if it was passed as nil. That's why

if (infinite && !(tag == V_ASN1_SEQUENCE || tag == V_ASN1_SET)){
asn1data = rb_funcall(cASN1Constructive,

in ossl_asn1_decode0 will always produce a Constructive with :EXPLICIT
tagging, and reencoding a parsed ASN.1 value will fail or produce incorrect
At first I thought changing the defaults in ossl_asn1_initialize would be
more intuitive but not essential to the fix - but now I think it has become

Updated by MartinBosslet (Martin Bosslet) over 9 years ago

  • Assignee set to MartinBosslet (Martin Bosslet)

Updated by Anonymous over 9 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r31700.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

  • ext/openssl/ossl_asn1.c: Fix decoding of infinite length values. Simplified ossl_asn1_decode0 by splitting it into three separate functions. Add tests. [Ruby 1.9 - Bug #4374][ruby-core:35123]

Updated by MartinBosslet (Martin Bosslet) over 9 years ago


I fixed this bug and tried to simplify ossl_asn1_decode0 and
improve its performance.

Here is what I did:

  • removed the "once" parameter

  • added sanity checks that verify that all bytes are actually
    read when parsing is finished

  • tried to reduce complexity by splitting ossl_asn1_decode0
    into three separate methods to make it easier to spot the code that
    handles constructed values and the code that handles primitive

  • ossl_asn1_decode now returns an Array just in the case of
    parsing constructed values, otherwise it returns the plain value
    to reduce overall allocated objects

  • changed the behavior of ossl_asn1_initialize slightly to allow the
    construction of infinite length primitive values in the form of a

  • replaced rb_intern with static symbols to improve performance

  • allocate and initialize ASN1Data (and sub-classes) instances
    in C to improve performance and save additional VM roundtrips

  • initialize those instances additionally with tag and tag_class
    to avoid hash look-ups each time in ossl_asn1_initialize

  • added some tests for edge cases (I'll add more soon)

The performance gain is noticeable - in my tests (certificates,
CMS signatures) the current implementation was roughly twice as
fast as that of 1.9.2p180.

I would be happy about comments and improvements.


Also available in: Atom PDF