On Thu, Sep 01, 2022 at 08:21:21AM -0400, Dave Coombs via openssl-users wrote: > These are the 2 invalid encodings I have seen: > > First, a bit-string used for flags, encoded as (hex) 030108. That is, > the number of unused bits is set to 8, and no other content, presumably > indicating no flags are set. DER would have this be 030100 instead. > My d2i is resulting in ASN1_R_INVALID_BIT_STRING_BITS_LEFT in > c2i_ASN1_BIT_STRING(). This is likely not even valid BER, so you'll need a custom decoder to deal with this. > Second, a positive integer with leading 00 padding which is not > necessary, encoded as 80020042. (It has an implicit  tag.) DER > would have this be 800142. My d2i is resulting in > ASN1_R_ILLEGAL_PADDING in c2i_ibuf(). This is at least BER, so a BER decoder should be able to handle it. But the "d2i*" routines expect DER, so the above breakage is not d2i-compatible. -- Viktor.