parsing invalid DER

Peter Sylvester peter.sylvester at
Thu Sep 1 20:21:48 UTC 2022

On 01/09/2022 18:15, Matt Caswell wrote:
> On 01/09/2022 13:21, Dave Coombs via openssl-users wrote:
>> So!  Is it possible to work around these, using ASN1_MACRO trickery or
>> what-have-you?  It's pretty clear I should end up with an empty bit-
>> string and integer value 0x42, so is there a way to loosen the parser's
>> pickiness and achieve this?
> Unfortunately, AFAIK, I don't think there is a way to do this.
> Matt Hi,

I would try to patch two routines.

I vaguely remember that openssl's integer decoder was eating a leading 0 octet in a positive  
integer decoding.

   but that seems to be fixed.  code is in routine c2i_ibuf in crypto/asn1/a_int.c

0301xx    look what ossl_c2i_ASN1_BIT_STRING  in a_bitstr.c Don't test for bits when length is 1



More information about the openssl-users mailing list