Testing the previous Github version of OpenSSL-1.1 produced encouraging results (notice the leading zero, right where it belongs):
$ x=128; DYLD_LIBRARY_PATH=/Users/ur20980/src/openssl-1.1/lib
~/src/openssl-1.1/bin/openssl asn1parse -genstr "INTEGER:$x" -out d.der &&
hexdump -C d.der
0:d=0 hl=2 l= 2 prim: INTEGER :80
00000000 02 02 00 80 |....|
00000004
$ dumpasn1 d.der
0 2: INTEGER 128
0 warnings, 0 errors.
$
P.S. dumpasn1.c doesn’t seem to parse negative integers correctly:
$ x=-128; DYLD_LIBRARY_PATH=/Users/ur20980/src/openssl-1.1/lib
~/src/openssl-1.1/bin/openssl asn1parse -genstr "INTEGER:$x" -out d.der &&
hexdump -C d.der
0:d=0 hl=2 l= 1 prim: INTEGER :-80
00000000 02 01 80 |...|
00000003
$ dumpasn1 d.der
0 1: INTEGER 128
: Error: Integer has a negative value.
0 warnings, 1 error.
$
--
Regards,
Uri Blumenthal
On 2/11/16, 14:29 , "openssl-dev on behalf of Salz, Rich"
<openssl-dev-boun...@openssl.org on behalf of rs...@akamai.com> wrote:
>If arbitrary leading zero's were allowed in DER, then the encoding
>wouldn't be *distinguished*, i.e., unique.
>
>In BER, almost anything goes :)
>
>--
>openssl-dev mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
