Skip to content

PKey::EC.new failing with java.lang.StringIndexOutOfBoundsException: String index out of range: 0 #318

New issue
New issue
Closed
Closed
PKey::EC.new failing with java.lang.StringIndexOutOfBoundsException: String index out of range: 0#318
@kares

Description

@kares
kares
opened on Oct 16, 2024

OpenSSL::PKey::EC.new(...) decoding some (public key) DER could fail curve name detection, sample script:

    def do_test_from_sequence_with_packed_point(curve, jwk_x, jwk_y)
      group = OpenSSL::PKey::EC::Group.new(curve)

      x_octets = ::Base64.urlsafe_decode64(jwk_x)
      y_octets = ::Base64.urlsafe_decode64(jwk_y)

      point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new([0x04, x_octets, y_octets].pack('Ca*a*'), 2))
      sequence = OpenSSL::ASN1::Sequence([
                                OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
                                OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
       ])

       OpenSSL::PKey::EC.new(sequence.to_der)
     end
     
    jwk_x = "mAObq2aOmjkZwS5ruLmZITbXKTepItbnyrMm1VWGeeg"
    jwk_y = "EtQDulK7N-v_0mdbFQe-bNCyc-ey1sPRa1l--_7vAiA"
    do_test_from_sequence_with_packed_point('prime256v1', jwk_x, jwk_y)

leads to:

Java::JavaLang::StringIndexOutOfBoundsException: String index out of range: 0
java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
java.base/java.lang.String.charAt(String.java:1517)
org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.getOID(Unknown Source)
org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.getNamedCurveOid(Unknown Source)
org.jruby.ext.openssl.PKeyEC.getCurveOID(PKeyEC.java:191)
org.jruby.ext.openssl.PKeyEC.isCurveName(PKeyEC.java:195)
org.jruby.ext.openssl.PKeyEC.initialize(PKeyEC.java:276)
org.jruby.ext.openssl.PKeyEC$INVOKER$i$0$0$initialize.call(PKeyEC$INVOKER$i$0$0$initialize.gen)
org.jruby.dist/org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:224)
org.jruby.dist/org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:257)
org.jruby.dist/org.jruby.RubyClass.newInstance(RubyClass.java:922)
org.jruby.dist/org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)

when the DER encoding has a space char at the end of the string, due: https://github.com/bcgit/bc-java/blob/1.78.1/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java#L325

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions