After experimenting a little more, I found that in a_int.c
the pointer p is one byte short :
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
/* Complement and increment next octet */
*(p--) = ((*(n--)) ^ 0xff) + 1;
i--;
/* Complement any octets left */
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
p++; <---------------------------------------------- Needed
p += a->length;
}
*pp=p;
return(r);
}
Steve Lihn wrote:
> Is anybody aware that i2d_ASN1_STRING is buggy when a negative number is assigned?
> I decared a sequence of two ASN1 integers and i2s function overlapped one byte to
>the first integer.
>
> int i2d_MMDH_VALUE(MMDH_VALUE *a, unsigned char **pp)
> {
> unsigned char *p1;
> p1 = *pp;
>
> M_ASN1_I2D_vars(a);
>
> M_ASN1_I2D_len(a->f1, i2d_ASN1_INTEGER);
> M_ASN1_I2D_len(a->f2, i2d_ASN1_INTEGER);
> M_ASN1_I2D_len(a->currency, i2d_ASN1_IA5STRING);
>
> M_ASN1_I2D_seq_total();
> M_ASN1_I2D_put(a->f1, i2d_ASN1_INTEGER);
> print_cert ( p1, p-p1+1 );
> M_ASN1_I2D_put(a->f2, i2d_ASN1_INTEGER);
> print_cert ( p1, p-p1+1 );
> M_ASN1_I2D_put(a->currency, i2d_ASN1_IA5STRING);
>
> print_cert ( p1, p-p1+1 );
>
> M_ASN1_I2D_finish();
> }
>
> ( f1, f2, currency) = { -128, -2, "USD" } returns somthing like
> DER output =
> 30 [0] 0B [ ] 02 [ ] 01 [ ] 80 [ ]
> DER output =
> 30 [0] 0B [ ] 02 [ ] 01 [ ] 02 [ ] 01 [ ] FE [ ]
> DER output =
> 30 [0] 0B [ ] 02 [ ] 01 [ ] 02 [ ] 01 [ ] 16 [ ] 03 [ ]
> 55 [U] 53 [S] 44 [D] 40 [@]
> DER output =
> 30 [0] 0B [ ] 02 [ ] 01 [ ] 02 [ ] 01 [ ] 16 [ ] 03 [ ]
> 55 [U] 53 [S] 44 [D] 40 [@] 8E [ ]
>
> Notice that two bytes are left out at the end!
> --Steve
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]