pyasn1 icon indicating copy to clipboard operation
pyasn1 copied to clipboard
verified publisher icon etingof

Including uninitialized, optional, SetOf?

Open magnuswatn opened this issue 8 years ago • 7 comments

Hi,

After https://github.com/etingof/pyasn1/commit/6fa0e312ea80713983b1a3c1e4529e7452b0e0fe I observe that an uninitialized, and optional, SetOf is being included in the encoded data.

In my case it's a PrivateKeyInfo structure (https://github.com/etingof/pyasn1-modules/blob/master/pyasn1_modules/rfc5208.py#L49) and before the change the attributes was not being included:

    0:d=0  hl=4 l=1213 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim:  INTEGER           :00
    7:d=1  hl=2 l=  13 cons:  SEQUENCE          
    9:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim:   NULL              
   22:d=1  hl=4 l=1191 prim:  OCTET STRING      [HEX DUMP]:308204A3...

But after they are:

    0:d=0  hl=4 l=1215 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim:  INTEGER           :00
    7:d=1  hl=2 l=  13 cons:  SEQUENCE          
    9:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim:   NULL              
   22:d=1  hl=4 l=1191 prim:  OCTET STRING      [HEX DUMP]:308204A...
 1217:d=1  hl=2 l=   0 cons:  cont [ 0 ]

I can get rid of it if I include attributes with an empty attribute, but it seems weird to me that I have to.

Is this how it's supposed to be? Thanks.

magnuswatn avatar Dec 10 '17 21:12 magnuswatn

Any change for a update here?

magnuswatn avatar May 27 '18 20:05 magnuswatn

@etingof Hello, this issue is causing an active breakage for my project. Is there any way this could get attention soon?

ashafer01 avatar May 29 '18 22:05 ashafer01

@magnuswatn do you mind sharing an example for your "include attributes with an empty attribute" workaround?

ashafer01 avatar May 29 '18 23:05 ashafer01

@ashafer01 See https://github.com/magnuswatn/pyjks/commit/3b15250a31079550cf4a73cb43547c33624dc7d6

This also works: https://github.com/magnuswatn/pyjks/commit/76f28c75b95e99b216be15c0043c3101891c983d

magnuswatn avatar May 30 '18 19:05 magnuswatn

Oh,I somehow managed to overlook this issue, sorry for that!

I think the second solution offered by @magnuswatn is the good one:

encoder.encode(private_key_info, ifNotEmpty=True)

Does it solve your issue?

etingof avatar May 31 '18 22:05 etingof

Thanks for getting back! When I tried with ifNotEmpty=True I got a ton of protocol errors from my test servers, looks like a no-go for my use case. I haven't yet tried the empty attribute method.

ashafer01 avatar May 31 '18 22:05 ashafer01

Just to be clear @etingof: You're saying that pyasn1 works as intended here, and the we should use ifNotEmpty=True, to get rid of the extra attributes? Thanks.

magnuswatn avatar Jun 01 '18 07:06 magnuswatn