On 01/10/2019 16:30, Rafał Arciszewski wrote: > Hi all, > I am trying to use OpenSSL libraries (libssl-dev 1.0.2 or 1.1.1) to encode > integers into DER format.I am using ASN1_generate_nconf but it seems that this > function incorrectly encodes integers. It should encode in two's complement > format and should prepend 0x00 byte if the first byte of encoded integer is > greater then 0x80. But it is not doing that. > > Here is my simple program where I check the length of encoded integer. For > example for int = 128 the length should be 2. But the length is 2 beginning from > int = 256. > > > Am I using correct function or should I use different one? I think you've misunderstood what the function actually does. It enables you to create an ASN1_TYPE object based on an input string. An ASN1_TYPE object does *not* give you the DER encoding of that object. It is an internal representation of ASN1 data. You can convert it to DER using the i2d_ASN1_TYPE function: https://www.openssl.org/docs/man1.1.1/man3/i2d_ASN1_TYPE.html If all you need to do is create a DER encoding of an INTEGER then ASN1_generate_nconf() is probably overkill. Perhaps simpler would be to create an ASN1_INTEGER object like this (untested and error checking omitted): ASN1_INTEGER *myval = ASN1_INTEGER_new(); ASN1_INTEGER_set_uint64(myval, 123456); You can then create the DER encoding of that INTEGER using the i2d_ASN1_INTEGER function (on the same man page as above). Matt
