Re: Verify X.509 certificate, openssl verify returns bad signature

[Peter Sylvester]

Nit: redundant leading 00 (or FF) in an INTEGER is VALID *B*ER
but INVALID *D*ER. And signed things like certs are *D*ER
for exactly this reason, so a reconstructed encoding is
bit for bit identical and hashes and signatures etc. work.
   
BER is already 'distinguished" concerning the content octets of an
INTEGER.
X.690:

8 Basic encoding rules

...

8.3 Encoding of an integer value
8.3.1 The encoding of an integer value shall be primitive. The contents 
octets shall consist of one or more octets.
8.3.2 If the contents octets of an integer value encoding consist of 
more than one octet, then the bits of the first octet
and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.
NOTE – These rules ensure that an integer value is always encoded in the 
smallest possible number of octets.
8.3.3 The contents octets shall be a two's complement binary number 
equal to the integer value, and consisting of
bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second 
octet, followed by bits 8 to 1 of each octet in turn up to
and including the last octet of the contents octets.
NOTE – The value of a two's complement binary number is derived by 
numbering the bits in the contents octets, starting with bit 1 of the 
last octet as bit zero and ending the numbering with bit 8 of the first 
octet. Each bit is assigned a numerical value of 2N,where N is its 
position in the above numbering sequence. The value of the two's 
complement binary number is obtained by summing the numerical values 
assigned to each bit for those bits which are set to one, excluding bit 
8 of the first octet, and then reducing this value by the numerical 
value assigned to bit 8 of the first octet if that bit is set to one.

Chapter 10 and 11 don't say anything about INTEGER.

The length field in definite encoding may have redundant zeros though in BER

DER:
10.1 Length forms
The definite form of length encoding shall be used, encoded in the 
minimum number of octets. [Contrast
with 8.1.3.2 b).]




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
   


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org