On 04/03/2012 11:34 AM, Tamir Khason via RT wrote:
It seemed that we are speaking about different things.
In certificate i pasted, integers used for exponent1, exponent2 and
coefficient encoded with different lengths. In chapter 8.3 of ISO 8825
there is clear statement of how integer values should be encoded. All
need is to take those numbers from "bad" certificate i pasted and
encode it by using different 8825 implementations to see leading zeros
appear. When openssl encode those number leading zeros are missing.
This is what i claim as a bug.
openssl asn1parse and dumpasn1 happily say that there is no error.
Where do you think there are missing zeros?
All encodes number are positive i.e. the encoing have the hi bit 0
none of the encodings has 9 identical bits at the left?
The private exponent starts with 25, thus has hi-bit 0, thus no padding
required in the encoding. You would get 9 bits 0.
<30 82 02 5D>
0 605: SEQUENCE {
<02 01>
4 1: INTEGER 0
<02 81 81>
7 129: INTEGER
: 00 C0 80 E3 DB CD 8E A2 89 0A 04 97 96 2F 21 11
: 39 02 45 B4 7C FB 1B 94 F8 3F ED AC DD 9B 52 BF
: FC A3 8C B0 EC 49 7F B7 B6 92 88 E2 7F 21 39 75
: 6C 90 55 6B EA C3 09 F5 16 30 44 27 F6 72 92 A0
: A0 2B 19 39 8E C6 18 00 D7 71 F8 A9 72 B1 91 77
: 16 AD DC 8C 38 11 F8 0B 73 4B 74 AE 28 3D 89 46
: 05 10 A8 DC 57 B3 9C 60 E1 29 67 F3 6E 4C 5E BB
: 70 03 76 C7 0F 0F 01 6A 8A 88 59 5B E8 37 B6 E6
: 01
<02 03>
139 3: INTEGER 65537
<02 81 80>
144 128: INTEGER
: 25 38 06 56 16 0D 30 D1 AC 15 2D 35 C5 50 F0 62
: 84 54 F3 CB 82 45 57 ED 13 77 21 88 0B 22 D9 A9
: BF F9 50 AF AE 9A 39 EB DB B3 09 8F A8 DD D2 1D
: 36 5E BD A9 BB 21 EE B7 E6 87 16 EE E8 41 FF 3A
: 02 85 57 74 C5 B9 3C 03 8C 6E 88 B8 01 7C C8 E0
: 50 5A 65 EF 2C 26 C7 0B 0F 68 58 37 7F CB DB 4A
: 5D F1 5E 62 31 A6 FD A4 92 DC CF B8 6B CE 7A 12
: 36 73 E8 27 7E 96 74 43 AE 2C FB 81 11 DF 67 BD
<02 41>
275 65: INTEGER
: 00 E9 F5 27 D3 16 F4 E5 86 6F 6D 4F 13 87 C7 37
: 2A A7 E3 7D 3D 80 87 1D 34 E3 D8 57 BC 78 EC 92
: 86 5E A0 11 49 E3 14 AF DC 9D 3A 02 B8 07 BC 6D
: BA DC 81 2F 02 85 19 8C 68 B7 D6 AA E0 56 0B C0
: B7
<02 41>
342 65: INTEGER
: 00 D2 A3 E5 E3 95 27 B7 EB 46 96 A4 CF A7 1E 06
: D8 42 72 B8 07 F6 1D E3 CD 41 60 95 37 8A 99 B0
: 66 34 36 29 F5 8C 9F 39 04 60 30 3B 51 B9 69 B7
: 37 98 A9 B2 68 16 23 DA EF EC 41 C3 79 C2 FD 67
: 07
<02 41>
409 65: INTEGER
: 00 9A 2E 9C 3E 3A E4 CD D6 98 DC 5A BE AE 3E 95
: 96 A0 EA 05 01 61 10 AA 28 CE F7 26 6A E8 EE 4F
: 6A 0A 36 46 EE 80 9E 83 7F 4A 86 8E 80 25 69 02
: 8F A0 FD E9 B3 29 70 3A DE 50 39 42 87 71 6D 71
: 65
<02 40>
476 64: INTEGER
: 00 80 5B 5F BB 4F 28 E4 EA 7A 19 52 55 37 81 14
: AA B3 D3 34 51 A5 A8 91 28 82 AE 58 3F 80 36 27
: 48 20 88 E1 08 C0 A8 46 16 64 86 FF 9E CD 5D 9E
: 48 42 BF 25 F8 47 85 91 E4 A2 13 71 0A C1 C7 A9
<02 41>
542 65: INTEGER
: 00 D0 46 B6 BD 22 92 2A 60 BB 7B C9 42 EB 50 71
: E6 34 AC 33 00 91 2E 5D 44 61 C9 C3 C6 6E 16 55
: 4D 37 77 82 54 06 E5 9F 3B AC 5C 3F 35 0B B4 BD
: 30 14 37 0E F9 43 86 29 DB 0A 14 CF 28 B7 29 4E
: 25
: }
0 warnings, 0 errors.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
