DER canonical encoding for INTEGERs

[mkbanchi]

Trying to decode a simple DER payload [0x02, 0x00] as an INTEGER, I get an ASN.1 INTEGER not canonically encoded as DER error. Obviously [0x02, 0x01, 0x00] works correctly and decode as 0.

I took a look at ITU-T X.690 specification and I was not able to find a section describing this restriction, neither in paragraph 9 (Canonical Encoding Rules), nor in paragraph 10 (Distinguished encoding rules). There are some restrictions on Length form, but it seems there is nothing that doesn't allow to have only one byte for length with value 0x00, as is specified in section 8.1.3.4 (short form) instead.

Now, thinking about DER, i suppose that this could make sense, but i would not be wondered if next code succeded:

assert_eq!(i32::from_der(&[0x02, 0x00]), Ok(0));

[tarcieri]

From X.690:

8.3 Encoding of an integer value 8.3.1 The encoding of an integer value shall be primitive. The contents octets shall consist of one or more octets.

[mkbanchi]

Oh, I missed that :(, thanks.

[tarcieri]

No worries, it's an elephantine specification

[tarcieri]

This error might be better surfaced as Length rather than Noncanonical, since this wouldn't be a valid BER production either

[mkbanchi]

I agree, maybe Length or similar would help to explain the error better. Thanks

[tarcieri]

Changed to Length in #1400