From d525aa66f28ddc92a7cb8b22e94df9c375a0d15b Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 19 Jul 2016 16:27:09 -0500 Subject: [PATCH] ASN1: adjust ordering of SET OF values --- phpseclib/File/ASN1.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index ed36b3b3..0d0e2fa8 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -885,10 +885,10 @@ class File_ASN1 case FILE_ASN1_TYPE_SET: // Children order is not important, thus process in sequence. case FILE_ASN1_TYPE_SEQUENCE: $tag|= 0x20; // set the constructed bit - $value = ''; // ignore the min and max if (isset($mapping['min']) && isset($mapping['max'])) { + $value = array(); $child = $mapping['children']; foreach ($source as $content) { @@ -896,11 +896,21 @@ class File_ASN1 if ($temp === false) { return false; } - $value.= $temp; + $value[]= $temp; } + /* "The encodings of the component values of a set-of value shall appear in ascending order, the encodings being compared + as octet strings with the shorter components being padded at their trailing end with 0-octets. + NOTE - The padding octets are for comparison purposes only and do not appear in the encodings." + + -- sec 11.6 of http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ + if ($mapping['type'] == FILE_ASN1_TYPE_SET) { + sort($value); + } + $value = implode($value, ''); break; } + $value = ''; foreach ($mapping['children'] as $key => $child) { if (!array_key_exists($key, $source)) { if (!isset($child['optional'])) {