> [daniel-marsch...@viathinksoft.de - Wed Jul 06 20:42:03 2011]: > > > #2 - OpenSSL crashes when ULONG_MAX limit of first subidentifier is reached >
Couldn't actually reproduce a crash but it did produce invalid encoding for this case. > > #3 - OpenSSL allows illegal paddings for first subidentifier > > The DER encoding "06 02 *80* xx" which includes an illegal 0x80 padding > at the first subidentifier can be decoded by OpenSSL, but is illegal as > defined by ITU-T Rec. X.690 8.19.2. > A bug in the check has another consequence: some correct OIDs like 2.65500 are rejected as having an invalid encoding. Anyway #2 and #3 should be fixed now. I'll look into #1. See: http://cvs.openssl.org/chngview?cn=21164 Thanks for the report, Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
