[openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format

Richard Levitte levitte at openssl.org
Thu Feb 11 20:00:59 UTC 2016 

Let's put this to rest, shall we?

    : ; cat > checkasn1int.sh
    #! /bin/sh
    
    CMD="$@"
    
    for x in "3003 02011F" \
             "3003 020180" \
             "3004 0202001F" \
             "3004 02020080"; do
        echo Trying sequence $x
        echo $x | xxd -r -ps | $CMD
    done
    : ; sh checkasn1int.sh openssl asn1parse -inform d -i
    Trying sequence 3003 02011F
        0:d=0  hl=2 l=   3 cons: SEQUENCE          
        2:d=1  hl=2 l=   1 prim:  INTEGER           :1F
    Trying sequence 3003 020180
        0:d=0  hl=2 l=   3 cons: SEQUENCE          
        2:d=1  hl=2 l=   1 prim:  INTEGER           :-80
    Trying sequence 3004 0202001F
        0:d=0  hl=2 l=   4 cons: SEQUENCE          
        2:d=1  hl=2 l=   2 prim:  INTEGER           :1F
    Trying sequence 3004 02020080
        0:d=0  hl=2 l=   4 cons: SEQUENCE          
        2:d=1  hl=2 l=   2 prim:  INTEGER           :80
    : ; openssl version
    OpenSSL 1.0.2f  28 Jan 2016
    : ; sh checkasn1int.sh util/shlib_wrap.sh apps/openssl asn1parse -inform d -i
    Trying sequence 3003 02011F
        0:d=0  hl=2 l=   3 cons: SEQUENCE          
        2:d=1  hl=2 l=   1 prim:  INTEGER           :1F
    Trying sequence 3003 020180
        0:d=0  hl=2 l=   3 cons: SEQUENCE          
        2:d=1  hl=2 l=   1 prim:  INTEGER           :-80
    Trying sequence 3004 0202001F
        0:d=0  hl=2 l=   4 cons: SEQUENCE          
        2:d=1  hl=2 l=   2 prim:  INTEGER           :BAD INTEGER:[001F]
    Trying sequence 3004 02020080
        0:d=0  hl=2 l=   4 cons: SEQUENCE          
        2:d=1  hl=2 l=   2 prim:  INTEGER           :80
    : ; util/shlib_wrap.sh apps/openssl version
    OpenSSL 1.1.0-pre3-dev  xx XXX xxxx
    : ; 

Cheers,
Richard

In message <D2E24B89.26F4D%uri at ll.mit.edu> on Thu, 11 Feb 2016 19:37:18 +0000, "Blumenthal, Uri - 0553 - MITLL" <uri at ll.mit.edu> said:

uri> On 2/11/16, 14:29 , "openssl-dev on behalf of Salz, Rich"
uri> <openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:
uri> 
uri> >If arbitrary leading zero's were allowed in DER, then the encoding
uri> >wouldn't be *distinguished*, i.e., unique.
uri> 
uri> I am NOT talking about “arbitrary” leading zeros. I explicitly state (and
uri> cite the sources, might add the ASN.1 standard itself, and “ASN.1
uri> Complete” by John Larmouth) that a leading zero *is* necessary and
uri> required for a positive integer when its MSB is one (e.g., 0x80). In other
uri> cases it indeed does not belong.
uri> 
uri> >In BER, almost anything goes :)
uri> 
uri> We are *explicitly* and *exclusively* discussing DER. Anything goes for
uri> Bear. :-)
uri> 
uri> P.S. In the integer value provided by Cristian, indeed the MSB was 0 (the
uri> first “valuable” byte was 0x59), so the leading zero byte did not belong.
uri> But I hope OpenSSL-1.1 would properly process 0x02020080.

More information about the openssl-dev mailing list