parsing invalid DER

Viktor Dukhovni openssl-users at
Thu Sep 1 20:50:03 UTC 2022

On Thu, Sep 01, 2022 at 08:21:21AM -0400, Dave Coombs via openssl-users wrote:

> These are the 2 invalid encodings I have seen:
> First, a bit-string used for flags, encoded as (hex) 030108.  That is,
> the number of unused bits is set to 8, and no other content, presumably
> indicating no flags are set.  DER would have this be 030100 instead. 
> My d2i is resulting in ASN1_R_INVALID_BIT_STRING_BITS_LEFT in
> c2i_ASN1_BIT_STRING().

This is likely not even valid BER, so you'll need a custom decoder to
deal with this.

> Second, a positive integer with leading 00 padding which is not
> necessary, encoded as 80020042.  (It has an implicit [0] tag.)  DER
> would have this be 800142.  My d2i is resulting in
> ASN1_R_ILLEGAL_PADDING in c2i_ibuf().

This is at least BER, so a BER decoder should be able to handle it.

But the "d2i*" routines expect DER, so the above breakage is not


More information about the openssl-users mailing list