Hi, In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1 parser that if one has length data such as
84 00 00 00 00 at the end of a block to be parsed, it will give "header too long" error even though the ASN.1 is valid. This is because the supplied max value to asn1_get_length() in crypto/asn1/asn1_lib.c is used incorrectly. It seems to me that the attached diff (against 1.0.1-beta1) is the correct fix. -Tomas
--- asn1_lib.c.orig 2012-01-17 15:37:43.000000000 +0100 +++ asn1_lib.c 2012-01-17 15:33:53.000000000 +0100 @@ -172,12 +172,11 @@ { if (i > sizeof(long)) return 0; - if (max-- == 0) return(0); while (i-- > 0) { + if (max-- == 0) return(0); ret<<=8L; ret|= *(p++); - if (max-- == 0) return(0); } } else