Hi!
I'm not sure whether all topics touched describe bugs or not. At least
these are things which seem unnatural to me. Thank you in advance for your
attention and patience.
Sven Heiberg
-------------------------------------------------------------
1. Problem with i2d_ASN1_OBJECT
My code:
ASN1_OBJECT *obj = OBJ_nid2obj(NID_sha1);
unsigned char *asn = 0;
int length_before = i2d_ASN1_OBJECT(obj, 0);
asn = new unsigned char[length_before];
unsigned char *res = asn;
int length_after = i2d_ASN1_OBJECT(obj, &asn);
Problem is that length_before and length_after differ by 2. This does not
seem to be normal behaviour and causes trouble when i'm using length_after
to save DER encoded ASN1_OBJECT.
--------------------------------------------------------------
2. Problem with ASN1_INTEGER_to_BN
In OpenSSL there is following code:
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
{
BIGNUM *ret;
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
return(ret);
}
I wonder what will happen if I write my code like this:
BIGNUM *mybig = NULL;
mybig = ASN1_INTEGER_to_BN(some_previously_defined_int, mybig);
In my opinion everything will be fine up to the point where BN_bin2bn
fails. Now if (BN_bin2bn returns NULL) AND (some_previously_defined_int
happens to be negative) then SIGSEGV is on the fly. Am I right?
Also note that ASN1_INTEGER_to_BN and BN_to_ASN1_INTEGER do not check
whether their first argument is NULL or not. Is this intended behaviour?
--------------------------------------------------------------
3. Problem with i2d_PKCS and d2i_PKCS
If i read rfc2630 and rfc2315 then i notice that one can define other
contentTypes for CMS data instead of data, signed-data, enveloped-data ...
which are defined in rfc2630. Now i defined my own OID and tried to use it
with PKCS. It doesn't work 'cause if PKCS doesn't recognize the OID used
the attatched data will not be saved. Why is it not possible to do
following:
if OpenSSL recognizes the data type encapsulated in PKCS then the data
will be interpreted. If OpenSSL doesn't recognize the data type it is
handled so as if it was arbitrary der-encoded byte array there? (This
means it's also saved and loaded during i2d and d2i functions).
---------------------------------------------------------------
My testlog:
OpenSSL self-test report:
OpenSSL version: 0.9.5a
Last change: Make sure _lrotl and _lrotr are only used with MSVC....
OS (uname): Linux ondatra.tartu-labor 2.2.14-6.1.1 #2 T apr 25 19:06:55 EET 2000
i686 unknown
OS (config): i686-whatever-linux2
Target (default): linux-elf
Target: linux-elf
Compiler: gcc version 2.95.3 19991030 (prerelease)
Test passed.
Sven Heiberg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
