On 3 Apr 2012, at 2:34 AM, Tamir Khason via RT wrote:
> It seemed that we are speaking about different things.
> In certificate i pasted, integers used for exponent1, exponent2 and
> coefficient encoded with different lengths.
Yes. This is OK. In fact, it is required by DER (ISO 8825, etc).
> In chapter 8.3 of ISO 8825
> there is clear statement of how integer values should be encoded. All
> need is to take those numbers from "bad" certificate i pasted and
> encode it by using different 8825 implementations to see leading zeros
> appear. When openssl encode those number leading zeros are missing.
> This is what i claim as a bug.
If two implementations DER-encode the same integer into different byte
sequences, then there is definitely a bug, since the purpose of DER is to be
unique (there should be only one possible DER encoding of a value). However, I
do not see an example of this.
The good/bad example you posted is confusing because they are different keys,
with different coefficients, so I am not sure what you think is wrong with the
"bad" example. Could you please post a "bad" example generated by OpenSSL, and
explain what you think the correct encoding of it is?
Here is how the shorter exponent is encoded in the private key you put on
pastebin:
02 # universal, primitive, INTEGER
40 # Length = 0x40 bytes
00 80 5b 5f bb .... 0a c1 c7 a9 # value of integer
This is the only valid way to DER-encode this integer. If the "00" at the
beginning of value were removed, it would change the meaning (the integer would
be negative). If another "00" were added, it would be valid BER (I think?), but
not valid DER. Paragraph 8.3.2 in the text posted by Peter Sylvester is the
rule. A simpler way to think about it is "it is invalid to use any unnecessary
00 bytes".
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
