[gnutls-devel] GnuTLS | Parsing of BIT STRING encoded EdDSA key fails in _gnutls_x509_decode_string (#1749)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Oct 17 10:58:44 CEST 2025
Conor Tull created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1749
I've been investigating the EdDSA key import logic and found an issue with parsing BIT STRING encoded keys.
Commit [70f81c85](https://gitlab.com/gnutls/gnutls/-/commit/70f81c857#f61d05c822a5dd50f9a59201f798412ccde1a955_536_559) claims to add support for this, but it seems to fail in practice (never tested). When gnutls_pubkey_import_ecc_eddsa receives a BIT STRING, it correctly identifies it and calls \_gnutls_x509_decode_string.
However, that helper function fails with ASN1_VALUE_NOT_VALID. I traced this with GDB and the failure is coming from libtasn1 at decoding.c:2136. It seems the ETYPE_IS_STRING macro check in libtasn1 doesn't consider ASN1_ETYPE_BIT_STRING to be a valid string (because of \[this\](because of https://gitlab.com/gnutls/libtasn1/-/blob/master/lib/int.h#L98)) , so it rejects it.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1749
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20251017/19cb8102/attachment.html>
More information about the Gnutls-devel
mailing list