Re: parsing invalid DER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 01, 2022 at 08:21:21AM -0400, Dave Coombs via openssl-users wrote:

> These are the 2 invalid encodings I have seen:
> 
> First, a bit-string used for flags, encoded as (hex) 030108.  That is,
> the number of unused bits is set to 8, and no other content, presumably
> indicating no flags are set.  DER would have this be 030100 instead. 
> My d2i is resulting in ASN1_R_INVALID_BIT_STRING_BITS_LEFT in
> c2i_ASN1_BIT_STRING().

This is likely not even valid BER, so you'll need a custom decoder to
deal with this.

> Second, a positive integer with leading 00 padding which is not
> necessary, encoded as 80020042.  (It has an implicit [0] tag.)  DER
> would have this be 800142.  My d2i is resulting in
> ASN1_R_ILLEGAL_PADDING in c2i_ibuf().

This is at least BER, so a BER decoder should be able to handle it.

But the "d2i*" routines expect DER, so the above breakage is not
d2i-compatible.

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux