[openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Feb 11 19:37:18 UTC 2016
On 2/11/16, 14:29 , "openssl-dev on behalf of Salz, Rich"
<openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:
>If arbitrary leading zero's were allowed in DER, then the encoding
>wouldn't be *distinguished*, i.e., unique.
I am NOT talking about “arbitrary” leading zeros. I explicitly state (and
cite the sources, might add the ASN.1 standard itself, and “ASN.1
Complete” by John Larmouth) that a leading zero *is* necessary and
required for a positive integer when its MSB is one (e.g., 0x80). In other
cases it indeed does not belong.
>In BER, almost anything goes :)
We are *explicitly* and *exclusively* discussing DER. Anything goes for
Bear. :-)
P.S. In the integer value provided by Cristian, indeed the MSB was 0 (the
first “valuable” byte was 0x59), so the leading zero byte did not belong.
But I hope OpenSSL-1.1 would properly process 0x02020080.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160211/61544c28/attachment.bin>
More information about the openssl-dev
mailing list