Commit a0eed48d authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix encoding bug in i2c_ASN1_INTEGER 



Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 3ae91cfb

crypto/asn1/a_int.c

+4 −2
Original line number Diff line number Diff line
@@ -125,6 +125,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) 
    else {

        ret = a->length;

        i = a->data[0];

        if (ret == 1 && i == 0)

            neg = 0;

        if (!neg && (i > 127)) {

            pad = 1;

            pb = 0;
@@ -163,7 +165,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) 
        p += a->length - 1;

        i = a->length;

        /* Copy zeros to destination as long as source is zero */

        while (!*n) {

        while (!*n && i > 1) {

            *(p--) = 0;

            n--;

            i--;
@@ -418,7 +420,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) 
        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);

        goto err;

    }

    if (BN_is_negative(bn))

    if (BN_is_negative(bn) && !BN_is_zero(bn))

        ret->type = V_ASN1_NEG_INTEGER;

    else

        ret->type = V_ASN1_INTEGER;