Am 5. März 2012 15:14 schrieb Stephen Henson via RT <r...@openssl.org>: >> [steve - Fri Mar 02 03:57:59 2012]: >> >> > [to...@tutus.se - Thu Mar 01 15:44:36 2012]: >> > >> > Hi, >> > >> > In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1 >> > parser that if one has length data such as >> > >> > 84 00 00 00 00 >> > >> > at the end of a block to be parsed, it will give "header too long" error >> > even though the ASN.1 is valid. >> >> The last time I looked that wasn't a valid encoding. The length must be >> expressed in the minimum number of octets possible, that applies to BER >> as well as DER. >> > > Hmm... must have confused it with something else. That *is* legal. >
I'm sorry, but I disagree - this is not a legal encoding, even not at the end of a constructed indefinite length encoding. The first 0x00 cannot belong to a multiple length encoding because section 8.1.3.5 of X.690 states that bit 8 would have to be 1 in that case. So this must be a single octet length. This is why it even would not be valid at the end of an indefinite constructed value. "84 00 00 00" (three zero octets) would be a valid encoding (context-specific tag 0, zero length followed by and END OF CONTENTS), e.g. as in " 30 80 84 00 00 00", but four zeroes can not lead to a valid encoding in this case. In any situation, only an odd number of zeroes could lead to a valid encoding. Best regards, Martin Bosslet ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
