Open kares opened 18 hours ago
OpenSSL::PKey::EC.new(...) decoding some (public key) DER could fail curve name detection, sample script:
OpenSSL::PKey::EC.new(...)
def do_test_from_sequence_with_packed_point(curve, jwk_x, jwk_y) group = OpenSSL::PKey::EC::Group.new(curve) x_octets = ::Base64.urlsafe_decode64(jwk_x) y_octets = ::Base64.urlsafe_decode64(jwk_y) point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2)) sequence = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]), OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed)) ]) OpenSSL::PKey::EC.new(sequence.to_der) end jwk_x = "mAObq2aOmjkZwS5ruLmZITbXKTepItbnyrMm1VWGeeg" jwk_y = "EtQDulK7N-v_0mdbFQe-bNCyc-ey1sPRa1l--_7vAiA" do_test_from_sequence_with_packed_point('prime256v1', jwk_x, jwk_y)
leads to:
Java::JavaLang::StringIndexOutOfBoundsException: String index out of range: 0 java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48) java.base/java.lang.String.charAt(String.java:1517) org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.getOID(Unknown Source) org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.getNamedCurveOid(Unknown Source) org.jruby.ext.openssl.PKeyEC.getCurveOID(PKeyEC.java:191) org.jruby.ext.openssl.PKeyEC.isCurveName(PKeyEC.java:195) org.jruby.ext.openssl.PKeyEC.initialize(PKeyEC.java:276) org.jruby.ext.openssl.PKeyEC$INVOKER$i$0$0$initialize.call(PKeyEC$INVOKER$i$0$0$initialize.gen) org.jruby.dist/org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:224) org.jruby.dist/org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:257) org.jruby.dist/org.jruby.RubyClass.newInstance(RubyClass.java:922) org.jruby.dist/org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)
when the DER encoding has a space char at the end of the string, due: https://github.com/bcgit/bc-java/blob/1.78.1/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java#L325
upstream issue: https://github.com/bcgit/bc-java/issues/1869
OpenSSL::PKey::EC.new(...)
decoding some (public key) DER could fail curve name detection, sample script:leads to:
when the DER encoding has a space char at the end of the string, due: https://github.com/bcgit/bc-java/blob/1.78.1/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java#L325