Closed IngelaAndin closed 1 year ago
@bjorng now the PR fails too, as I finished up the other things I was doing with the implementation.
@IngelaAndin This is not a bug in the ASN.1 compiler. Decoding fails because the actual size of the string exceeds the max number of characters allowed by the constraint in the ASN.1 spec. If I remove the upper limit for the number of characters:
diff --git a/lib/public_key/asn1/PKIX1Implicit88.asn1 b/lib/public_key/asn1/PKIX1Implicit88.asn1
index ced270baf6..6570ecdc8b 100644
--- a/lib/public_key/asn1/PKIX1Implicit88.asn1
+++ b/lib/public_key/asn1/PKIX1Implicit88.asn1
@@ -107,7 +107,7 @@ NoticeReference ::= SEQUENCE {
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
- visibleString VisibleString (SIZE (1..200)),
+ visibleString VisibleString (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
decoding succeeds, returning the following term:
{'UserNotice',asn1_NOVALUE,
{visibleString,"q6: Section 4.2.1.5 of RFC 3280 states the maximum size of explicitText is 200 characters, but warns that some non-conforming CAs exceed this limit. Thus RFC 3280 states that certificate users SHOULD gracefully handle explicitText with more than 200 characters. This explicitText is over 200 characters long"}}
Oh, thanks for finding this out. I really hate all these pragmatic workarounds. I guess I have to make some kind of workaround for this with an alternative spec that allows a little more and if it still fails return some kind default notice saying it was too long.
Describe the bug When implementing support for certificate policies in our public_key application I enabled more tests from http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html and one of them includes a entity of ASN-1 type 'UserNotice' which fails to decode.
To Reproduce
Expected behavior I expect to get something like this: (this is another UserNotice from the same test suite)
{'UserNotice',asn1_NOVALUE, {visibleString,"q8: This is the user notice from qualifier 8 associated with anyPolicy. This user notice should be displayed when NIST-test-policy-2 is in the user-constrained-policy-set"}
Affected versions
I am running this on the maint branch.
Additional context
For OTP team members: This is related to #7579, but as it is under development the latest version is not yet pushed to github
if you want the failing test case please use my internal branch with same name, however the interesting part for you should be the code showed above.