To see what does not work load a certificate with this library and dump it. Then do this with openssl x509 -in cert.der -inform der -noout -text and compare the key usage fields!
The parsing algorithm for bit strings was not correct:
The offset wasn't correct at the end of the function (one too low)
Bit strings are encoded in big endian byte order, not little endian.
The most significant bit of the bit string as number (taking into account of the bit string length) has to be the least significant bit of the key usage value (see https://security.stackexchange.com/a/10396)
No. 1 didn't produce following errors because the rest of the outer ASN.1 sequence is skipped after calling this function (asn1_get_bit_string_as_int).
To see what does not work load a certificate with this library and dump it. Then do this with
openssl x509 -in cert.der -inform der -noout -textand compare the key usage fields!The parsing algorithm for bit strings was not correct:
No. 1 didn't produce following errors because the rest of the outer ASN.1 sequence is skipped after calling this function (asn1_get_bit_string_as_int).