search

named-data-iot / ndn-lite

A lightweight NDN protocol stack with high-level application support including security bootstrapping, access control, trust management, etc.
https://ndn-lite.named-data.net
GNU Lesser General Public License v3.0
44 stars 16 forks source link

Incorrect ASN.1 integer length calculation #35

Closed yoursunny closed 4 years ago

yoursunny commented 5 years ago

As of 88bbe9b59ec294282b626b6688846f28a94f946e, _probe_raw_integer_asn1_encoded_size computes the length of ASN.1 encoded integer as:

if ((val[0] & 0x80) != 0x00) {
  return val_len + 1;
}
return val_len;

The expression _probe_raw_integer_asn1_encoded_size((uint8_t*)"\x00\x00\x01\x01", 4) evaluates to 3, which implies the ASN.1 encoding of this integer is 00 01 01.

Per X.690-0207 section 8.3.2:

If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet and bit 8 of the second octet: a) shall not all be ones; and b) shall not all be zero.

This rule specifies the ASN.1 encoding of the example to be 01 01, i.e. the function should return 2.