PaweM-3 Krawczyk <[EMAIL PROTECTED]> writes:
>My question is if this is a bug in MS software (it shouldn't be generating
>such certs), or OpenSSL is getting this wrong as a signed number?
AFAIK it's bugs in both. MS have always got the sign bit wrong in their
encoding, but it's not that much of a problem because all the vendors know this
(or just expect it from MS without even bothering to check :-) so they treat
ints as unsigned (actually there's nowhere in any cert-relevant code which uses
signed ints, I expect most implementations always treat them as unsigned). From
the OpenSSL side, it looks like it's doing something with the sign bit, so the
integer gets transformed into a completely different value. This may be due to
recent changes, ISTR that SSLeay always assumed the numbers were unsigned.
As for the size in bits, that's normal, you don't always get exactly what you
asked for (check your PGP keyring for examples).
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
