Help! I think there's a bug in (believe it or not) d2i_ASN1_INTEGER
which shows up with negative integers.
I have a negative integer followed by a sequence that is
encoded as follows:
02 10 a6 74 5d c9 a0 00 9f 96 11 d3 22 7d 51 8c
4a 28 (end of integer) 30 62 ...
When d2i_ASN1_INTEGER returns, the pp pointer is pointing at the
last byte of the integer (28) instead of the first byte of the
sequence (30). This happens because the loop code to copy the
bytes from the ASN.1 buffer into the ASN1 integer ends with the
pointer set back to the last byte of the length (10 in my example)
due to the post-decrement, but instead of adding len+1 to move
back over that last byte plus the entire contents length, only
len is added.
If I'm right, it's an easy diff...
Cheers,
Brien
--------
*** openssl-0.9.3a/crypto/asn1/a_int.c.orig Fri May 14 14:21:14 1999
--- openssl-0.9.3a/crypto/asn1/a_int.c Sun Jun 20 19:43:12 1999
***************
*** 226,232 ****
*(to--) = (*(p--) ^ 0xff) + 1;
i--;
for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
! p += len;
}
} else {
ret->type=V_ASN1_INTEGER;
--- 226,232 ----
*(to--) = (*(p--) ^ 0xff) + 1;
i--;
for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
! p += len + 1;
}
} else {
ret->type=V_ASN1_INTEGER;
--
"When I think back on all the crap I learned in high school..."
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
