[openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Feb 11 19:46:36 UTC 2016
Testing the previous Github version of OpenSSL-1.1 produced encouraging
results (notice the leading zero, right where it belongs):
$ x=128; DYLD_LIBRARY_PATH=/Users/ur20980/src/openssl-1.1/lib
~/src/openssl-1.1/bin/openssl asn1parse -genstr "INTEGER:$x" -out d.der &&
hexdump -C d.der
0:d=0 hl=2 l= 2 prim: INTEGER :80
00000000 02 02 00 80 |....|
00000004
$ dumpasn1 d.der
0 2: INTEGER 128
0 warnings, 0 errors.
$
P.S. dumpasn1.c doesn’t seem to parse negative integers correctly:
$ x=-128; DYLD_LIBRARY_PATH=/Users/ur20980/src/openssl-1.1/lib
~/src/openssl-1.1/bin/openssl asn1parse -genstr "INTEGER:$x" -out d.der &&
hexdump -C d.der
0:d=0 hl=2 l= 1 prim: INTEGER :-80
00000000 02 01 80 |...|
00000003
$ dumpasn1 d.der
0 1: INTEGER 128
: Error: Integer has a negative value.
0 warnings, 1 error.
$
--
Regards,
Uri Blumenthal
On 2/11/16, 14:29 , "openssl-dev on behalf of Salz, Rich"
<openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:
>If arbitrary leading zero's were allowed in DER, then the encoding
>wouldn't be *distinguished*, i.e., unique.
>
>In BER, almost anything goes :)
>
>--
>openssl-dev mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160211/18a2e310/attachment.bin>
More information about the openssl-dev
mailing list