Peter Sylvester wrote:
>
>>
>>
>>
>> The reverse may not be true in real life. One way this comparison might
>> bite you is when the issue issues certificate with encoding violating
>> the DER requirements. For example, the ASN1_INTEGERs with octet
>> encodings "02" and "00 02" contain the same value 2, but these encodings
>> will in fact be different if you compare them with memcmp.
>> The latter ("00 02") is incorrect encoding, violating DER.

> It violates even BER as far as I remember Since X.409 1984 the text says:
>
> The value of the integer shall be encoded in the fewest possible octets
> the first (most significant) 9 bits shall not all be ones or zeros.


X.409 is obsolete.

However, X.690 is indeed says so, you are correct.

--
Lev Walkin
vlm@lionet.info
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org