Sorry, my last message had a wrong subject:
It seems to me that the ASN1 decoder of integers is not signaling encoding errors and tries to silently repair parts of them. There are three cases: A integer with length 0 is silently converted to a 0. If the encoded value has a leading 0 octet, this is simply removed without validation that the first bit of the following octet is 1. Similar with negative fields, a leadind FF gets removed with testing whether the next bit is 0. I think that the decoder should signal asn1 coding errors instead of silently repairing them maybe with an option STRICT_ASN1 I can provide a fix if the developpers think that it takes more than 5 minutes for one of them do change. peter ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
