> [[email protected] - Wed Jun 02 22:12:07 2010]: > > I'm currently working on ECDSA, and use OpenSSL for tests. I also use > BouncyCastle to verify the validity of PKCS10 request. > I have been able to generate a PKCS10 with a HSM that BouncyCastle > rejects but OpenSSL verifies. At first I thought it was BouncyCastle > that was mistaken, but after talking with David Hook from BouncyCastle, > it seems that there might be a problem with the INTEGER Structure from > ASN.1 in the ecdsa-sig-value from OpenSSL. > In fact the PKCS10 request generated have the s integer first bit to 1, > which should mean that it is negative. BouncyCastle interprets it as > negative which is why it does not verify the validity of the request, > whereas OpenSSL interprets as an unsigned integer and therefore verifies > the signature. According to David Hook the ASN.1 Structure INTEGER is > signed, therefore the problem is maybe in OpenSSL. > I have tested the file with OpenSSL 0.9.8h and OpenSSL 1.0.0, both > verify the enclosed file. >
OpenSSL's behaviour is expected: it is a bug workaround for some broken software that encodes an INTEGER incorrectly. OpenSSL should never *produce* such a broken encoding but it will tolerate it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
