It does seems that the encoding of ASN1 is wrong during to_der. Simple test as following

require 'openssl'
i = OpenSSL::ASN1::Integer.new(1,1,:explicit). # result is same if :implicit is used
s = OpenSSL::ASN1::Sequence.new(i)
p s

At this stage, result would be correct:

=> #<OpenSSL::ASN1::Sequence:0x45815ffc @value=[#<OpenSSL::ASN1::Integer:0x35a9782c @value=1, @tag=1, @tagging=:explicit, @infinite_length=false, @tag_class=:CONTEXT_SPECIFIC>], @tag=16, @tagging=nil, @infinite_length=false, @tag_class=:UNIVERSAL>

However after convert to der and decode it back, the result is incorrect

ds = s.to_der
dec = OpenSSL::ASN1.decode(ds)
p dec

Decoding result would be:

=> #<OpenSSL::ASN1::Sequence:0x6b00f608 @value=[#<OpenSSL::ASN1::Integer:0x3e821657 @value=#<OpenSSL::BN:0x615091b8>, @tag=2, @tagging=nil, @infinite_length=false, @tag_class=:UNIVERSAL>], @tag=16, @tagging=nil, @infinite_length=false, @tag_class=:UNIVERSAL>

Note the tag_class should be :CONTEXT_SPECIFIC instead :UNIVERSAL as in result above.

Or I understand the standard wrongly?

Feedback is very much appreciated!

Environment:
jruby 9.1.6.0 (2.3.1) 2016-11-09 0150a76 Java HotSpot(TM) 64-Bit Server VM 25.112-b16 on 1.8.0_112-b16 +jit [darwin-x86_64]

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.