Skip to content

PKey::EC.new failing with java.lang.StringIndexOutOfBoundsException: String index out of range: 0 #318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kares opened this issue Oct 16, 2024 · 2 comments
Closed

PKey::EC.new failing with java.lang.StringIndexOutOfBoundsException: String index out of range: 0 #318

kares opened this issue Oct 16, 2024 · 2 comments

Comments

@kares
Copy link
Member

kares commented Oct 16, 2024
edited
Loading

OpenSSL::PKey::EC.new(...) decoding some (public key) DER could fail curve name detection, sample script:

    def do_test_from_sequence_with_packed_point(curve, jwk_x, jwk_y)
      group = OpenSSL::PKey::EC::Group.new(curve)

      x_octets = ::Base64.urlsafe_decode64(jwk_x)
      y_octets = ::Base64.urlsafe_decode64(jwk_y)

      point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2))
      sequence = OpenSSL::ASN1::Sequence([
                                OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
                                OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
       ])

       OpenSSL::PKey::EC.new(sequence.to_der)
     end
     
    jwk_x = "mAObq2aOmjkZwS5ruLmZITbXKTepItbnyrMm1VWGeeg"
    jwk_y = "EtQDulK7N-v_0mdbFQe-bNCyc-ey1sPRa1l--_7vAiA"
    do_test_from_sequence_with_packed_point('prime256v1', jwk_x, jwk_y)

leads to:

Java::JavaLang::StringIndexOutOfBoundsException: String index out of range: 0
java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
java.base/java.lang.String.charAt(String.java:1517)
org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.getOID(Unknown Source)
org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.getNamedCurveOid(Unknown Source)
org.jruby.ext.openssl.PKeyEC.getCurveOID(PKeyEC.java:191)
org.jruby.ext.openssl.PKeyEC.isCurveName(PKeyEC.java:195)
org.jruby.ext.openssl.PKeyEC.initialize(PKeyEC.java:276)
org.jruby.ext.openssl.PKeyEC$INVOKER$i$0$0$initialize.call(PKeyEC$INVOKER$i$0$0$initialize.gen)
org.jruby.dist/org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:224)
org.jruby.dist/org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:257)
org.jruby.dist/org.jruby.RubyClass.newInstance(RubyClass.java:922)
org.jruby.dist/org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)

when the DER encoding has a space char at the end of the string, due: https://github.com/bcgit/bc-java/blob/1.78.1/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java#L325
@kares
Copy link
Member Author

kares commented Oct 16, 2024

upstream issue: bcgit/bc-java#1869

kares added a commit that referenced this issue Oct 16, 2024
@kares
[fix] avoid PKey::EC.new failing with specific DER (#318)
5df5237
kares added a commit that referenced this issue Oct 30, 2024
@kares
[fix] avoid PKey::EC.new failing with specific DER (#318)
1dce0ed
kares added a commit that referenced this issue Oct 31, 2024
@kares
[fix] avoid PKey::EC.new failing with specific DER (#318)
8cbe28c
@kares kares closed this as completed Oct 31, 2024
@headius
Copy link
Member

headius commented Oct 31, 2024

Nice find!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@headius @kares