Hello there.
There is a bug in ASN1_BITSTRING length calculation during packing to DER (function i2c_ASN1_BITSTRING). According to ITU-T X.690, DER encoders should remove all trailing 0 bits BEFORE encoding. I.e. the length of the encoded bitstring should be calculated after removing such bits. The original code (given NULL as *pp) calculates bitstring's length before removing the 0 bits and puts that length into ASN.1 length structure -- that is wrong. The bug may be seen when you try to encode a bitstring with 1 or more zero trailing bytes, e.g 0A4D27F000. A patch is fairly simple -- it is attached. Please note, that, according ITU-T X.680 21.7, application designers should therefore ensure that different semantics are not associated with such values which differ only in the number of trailing 0 bits, so be sure to have the original bitstring length handy (unhappily, OpenSSL doesn't have the size constraint to handle this). -- WBR, Eugene B. Rupakov Software engineer, SDL dept. JET Infosystems (www.jet.msk.su) Peace!
mydiffs.patch
Description: Binary data
