asn1: allow constructed encoding with definite length form

Constructed encoding can use the definite length form as well as the
indefinite length form, regardless of the tag number.

Author: rhenium

ext/openssl/ossl_asn1.c

@@ -833,23 +833,10 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
 
     if (tc == sym_UNIVERSAL) {
 	VALUE args[4];
-	int not_sequence_or_set;
-
-	not_sequence_or_set = tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET;
-
-	if (not_sequence_or_set) {
-	    if (indefinite) {
-		asn1data = rb_obj_alloc(cASN1Constructive);
-	    }
-	    else {
-		ossl_raise(eASN1Error, "invalid non-indefinite tag");
-		return Qnil;
-	    }
-	}
-	else {
-	    VALUE klass = *ossl_asn1_info[tag].klass;
-	    asn1data = rb_obj_alloc(klass);
-	}
+	if (tag == V_ASN1_SEQUENCE || tag == V_ASN1_SET)
+	    asn1data = rb_obj_alloc(*ossl_asn1_info[tag].klass);
+	else
+	    asn1data = rb_obj_alloc(cASN1Constructive);
 	args[0] = ary;
 	args[1] = INT2NUM(tag);
 	args[2] = Qnil;
@@ -1224,9 +1211,9 @@ ossl_asn1cons_to_der(VALUE self)
 	}
     }
     else {
-	if (rb_obj_class(self) == cASN1Constructive)
-	    ossl_raise(eASN1Error, "Constructive shall only be used with indefinite length");
 	tag = ossl_asn1_default_tag(self);
+	if (tag == -1) /* neither SEQUENCE nor SET */
+	    tag = ossl_asn1_tag(self);
     }
     explicit = ossl_asn1_is_explicit(self);
     value = join_der(ossl_asn1_get_value(self));

test/test_asn1.rb

@@ -436,6 +436,10 @@ def test_basic_primitive
 
   def test_basic_constructed
     octet_string = OpenSSL::ASN1::OctetString.new(B(%w{ AB CD }))
+    encode_test B(%w{ 20 00 }), OpenSSL::ASN1::Constructive.new([], 0)
+    encode_test B(%w{ 21 00 }), OpenSSL::ASN1::Constructive.new([], 1, nil, :UNIVERSAL)
+    encode_test B(%w{ A1 00 }), OpenSSL::ASN1::Constructive.new([], 1, nil, :CONTEXT_SPECIFIC)
+    encode_test B(%w{ 21 04 04 02 AB CD }), OpenSSL::ASN1::Constructive.new([octet_string], 1)
     obj = OpenSSL::ASN1::Constructive.new([
       octet_string,
       OpenSSL::ASN1::EndOfContent.new
@@ -444,14 +448,6 @@ def test_basic_constructed
     encode_decode_test B(%w{ 21 80 04 02 AB CD 00 00 }), obj
   end
 
-  def test_cons_without_inf_length_forbidden
-    assert_raise(OpenSSL::ASN1::ASN1Error) do
-      val = OpenSSL::ASN1::OctetString.new('a')
-      cons = OpenSSL::ASN1::Constructive.new([val], OpenSSL::ASN1::OCTET_STRING, nil, :UNIVERSAL)
-      cons.to_der
-    end
-  end
-
   def test_prim_explicit_tagging
     oct_str = OpenSSL::ASN1::OctetString.new("a", 0, :EXPLICIT)
     encode_test B(%w{ A0 03 04 01 61 }), oct_str
@@ -517,15 +513,16 @@ def test_octet_string_indefinite_length_explicit_tagging
     assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der)
   end
 
-  def test_octet_string_indefinite_length_implicit_tagging
+  def test_octet_string_constructed_tagging
+    octets = [ OpenSSL::ASN1::OctetString.new('aaa') ]
+    cons = OpenSSL::ASN1::Constructive.new(octets, 0, :IMPLICIT)
+    encode_test B(%w{ A0 05 04 03 61 61 61 }), cons
+
     octets = [ OpenSSL::ASN1::OctetString.new('aaa'),
                OpenSSL::ASN1::EndOfContent.new() ]
     cons = OpenSSL::ASN1::Constructive.new(octets, 0, :IMPLICIT)
     cons.indefinite_length = true
-    expected = %w{ A0 80 04 03 61 61 61 00 00 }
-    raw = [expected.join('')].pack('H*')
-    assert_equal(raw, cons.to_der)
-    assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der)
+    encode_test B(%w{ A0 80 04 03 61 61 61 00 00 }), cons
   end
 
   def test_recursive_octet_string_indefinite_length