[cryptography] preventing protocol failings

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Jul 7 02:01:35 EDT 2011

Sampo Syreeni <decoy at iki.fi> writes:

>To my mind the difference seemed to be about shallow versus deep parsing. You 
>can't really deep parse anything in BER with implicit tagging, 

You can deep-parse, you just need to apply some basic heuristics (e.g. "if 
it's an octet string and the first byte is a standard tag that's used with 
octet-string holes and the following bytes are a length that's the same as the 
octet-string content then it's an octet string hole, continue drilling down").

>In this sense I would agree: to me parsing an input means parsing it right 
>down to the last bit. If there's anything you have to skip, or munge, or 
>skirt/skip over, that's not parsing proper, but shallow parsing.

Right, and that's quite possible with ASN.1.  As I've already mentioned, run 
dumpasn1 on certs or S/MIME data or whatever and see for yourself.

The problem with the non-ASN.1 approaches is that they're all PER, unless you 
know every detail of what to expect at every point of the encoded data you 
can't even get past the first byte.  In addition you're forced to use 
handcoded parsers for everything, there isn't even scope for something like an 
ASN.1 compiler.  SSH, which freely mixes binary data and comma-delimited ASCII 
text is the worst of the lot, that's just a nightmare to parse safely.


More information about the cryptography mailing list