Hello, I hope it is OK when I submit 3 small bug reports in 1 request.
I am using OpenSSL 0.9.8o 01 Jun 2010 (latest stable for Debian Squeeze)
#1 (a) - OpenSSL displays ("-noout -text") root-arcs wrong
OpenSSL displays the following OIDs as:
0.0 = itu-t
1.0 = iso
2.0 = joint-iso-itu-t
This is wrong, as this description is only counting for the ROOT-arc
("0", "1", "2", which have no DER encoding) and not the root-arc,
followed by the 2nd arc "0".
Correct would be:
0.0 = {itu-t(0) recommendation(0)}
1.0 = {iso(1) standard(0)}
2.0 = {joint-iso-itu-t(2) presentation(0)}
#1 (b) - Example OID
Maybe it would be good to give the OID 2.999 the name "example".
More information at http://www.oid-info.com/get/2.999/ .
#2 - OpenSSL crashes when ULONG_MAX limit of first subidentifier is reached
While OpenSSL can handle unlimited arc sizes for higher arcs (e.g.
2.999.[value]), the size of the first two arcs is limited to the
respective ULONG_MAX (2^32-1 resp. 2^64-1). E.g. for x86 builds the
highest possible OID to encode is 2.2147483567 . If this value is
increased, Linux shows an non-informative error message and Windows
reports an AppCrash! I would recommend also to use the combination
between ULONG and BigNum like it is done for the higher arcs. Then
OpenSSL would also do not produce AppCrash's at Windows in that specific
case.
#3 - OpenSSL allows illegal paddings for first subidentifier
The DER encoding "06 02 *80* xx" which includes an illegal 0x80 padding
at the first subidentifier can be decoded by OpenSSL, but is illegal as
defined by ITU-T Rec. X.690 8.19.2.
Note: For higher subidentifiers, e.g. the second, OpenSSL successfully
marks the OIDs as invalid (e.g. "06 03 01 *80* xx")
Best regards
Daniel Marschall
smime.p7s
Description: S/MIME cryptographic signature
