[cryptography] preventing protocol failings

Nico Williams nico at cryptonector.com
Wed Jul 6 01:56:12 EDT 2011

On Wed, Jul 6, 2011 at 12:06 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Nico Williams <nico at cryptonector.com> writes:
>>In other words, in ASN.1 as it's used you have to know the schema and message
>>type in order to do a good job of parsing the message,
> No you don't.  I give as a counterexample dumpasn1, which knows nothing about
> message types or schemas, but parses any (valid) ASN.1 you throw at it.
> (The ASN.1 filter I mentioned earlier is a stripped-down version of dumpasn1.
> Remember that dataset of 400K broken certs that NISCC generated a few years
> ago and that broke quite a number of ASN.1-using apps (and filesystems when
> you untarred it :-)?  It processed all of those without any problems).

Do you have a link for that dataset?  I want to check if the data is
for explicitly or implicitly tagged modules.

Implicit tagging is supposed to replace the type's normal (say,
UNIVERSAL) tag with a CONTEXT tag.  This loses all information about
the type *except* whether it's constructed (as opposed to scalar).
Explicit tagging loses nothing -- it just adds a tag and length prefix
to the value that is already tagged with a UNIVERSAL tag.
Automatically tagged modules only add implicit tags when necessary to
disambiguate.  So whether you can recover enough information about the
types of scalar values (as well as whether constructed ones are
SEQUENCEs or SETs) depends on how the module is tagged.  And, of
course, a dumper can still distinguish individual scalar and
constructed values even when the module is implicitly tagged -- it
just can't tell the types of the scalar values (except, of course,
heuristically).  All of this applies only to BER and friends, but not

Now, the PKIX modules come in implicitly and explicitly tagged forms...

See "ASN.1 Communication Between Heterogeneous Systems", page 213,
which says that "[a] type tagged in implicit mode can be decoded only
if the receiving application 'knows' the abstract syntax, that is, the
decoded has been generated from the same ASN.1 module as the encoded
was".  See also X.680 (various places) and X.690 (for example,
appendix A).


More information about the cryptography mailing list