Incorrect ASN.1 integer length calculation

Question

Incorrect ASN.1 integer length calculation

Closed this issue 4 years ago · 0 comments

As of 88bbe9b, _probe_raw_integer_asn1_encoded_size computes the length of ASN.1 encoded integer as:

if ((val[0] & 0x80) != 0x00) {
  return val_len + 1;
}
return val_len;

The expression _probe_raw_integer_asn1_encoded_size((uint8_t*)"\x00\x00\x01\x01", 4) evaluates to 3, which implies the ASN.1 encoding of this integer is 00 01 01.

Per X.690-0207 section 8.3.2:

If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.

This rule specifies the ASN.1 encoding of the example to be 01 01, i.e. the function should return 2.