10-19, 13:50–13:55 (Europe/Luxembourg), Salle Europe
Edition of DER encoded ASN.1 structures is a pretty tedious work when done manually.
Solutions to this problem exist. For instance, der-ascii [0] is a tool written in Go that helps with back and forth conversions from/to DER structures to/from a textual representation using a custom defined language.
I present a somehow short Perl script [1] that leverages the OpenSSL configuration language along with the ASN1_generate_nconf(3) function in order to achieve the same goal with almost no dependencies apart from Perl and OpenSSL.
This tool can be used to ease the exploitation of CVE-2022-0778 [2] & [3].
[0] https://github.com/google/der-ascii
[1] https://github.com/wllm-rbnt/asn1template
[2] https://www.openssl.org/news/secadv/20220315.txt
[3] https://github.com/drago-96/CVE-2022-0778#using-asn1-templates
https://github.com/wllm-rbnt/asn1template/blob/main/README.md
William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working with free and opensource software on a daily basis for more than 25 years. Recently, he presented his ASN.1 templating tool at Pass The SALT 2023 in Lille. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoy tinkering with open and, not so open, hardware.