Am 24.03.2015 um 19:42 schrieb Douglas E Engert:
>
> On 3/24/2015 6:10 AM, Annie Yousar wrote:
>> Dear all,
>> this should not have happened:
>
> The private key may have leading zero bytes, and the size of the
> BIGNUM is used
> for the length of the octetstring rather then the field_len.
> The length of the BIGNUM does not include any leading zeros.
>
Exactly.
> Try the attached diff.
The diff solves the issue.
One remark: Please remove the line
/* to get old behavior, set buf_len = bn_len */
from the diff. There is no need to keep it. OpenSSL handles gently the leading
zero bytes in the encoded private key.
Your diff changes the ASN.1 encoding only and no bits on the wire. So the old
buggy behavior is obsolete.
Kind regards,
Ann.
>>
>> $ for i in `seq 1 1000` ; do if [ "x`openssl ecparam -genkey -name
>> prime256v1 -noout > key.pem; ls -l key.pem | sed '/ 227 /d'`" != " x" ];
>> then echo; cat key.pem;else echo -n "."; fi; done
>> ....................................................................................
>>
>> -----BEGIN EC PRIVATE KEY-----
>> MHYCAQEEH9gjg1X/Gn9X/2VTustsXS/OuWV9LU4ivfp5oewxbACgCgYIKoZIzj0D
>> AQehRANCAARlO6sLkCzJl7khaT8Nj6z3WpcDnMALQ4nI8Toc4/oYHtgUopeSMEj8
>> fgHw9Ym3/2GgClzweJXYLuTYRB7oR/MY
>> -----END EC PRIVATE KEY-----
>> ............................................................................
>>
>> ...
>>
The correct encoded key from above is:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIADYI4NV/xp/V/9lU7rLbF0vzrllfS1OIr36eaHsMWwAoAoGCCqGSM49
AwEHoUQDQgAEZTurC5AsyZe5IWk/DY+s91qXA5zAC0OJyPE6HOP6GB7YFKKXkjBI
/H4B8PWJt/9hoApc8HiV2C7k2EQe6EfzGA==
-----END EC PRIVATE KEY-----
Thanks again.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
