> From: owner-openssl-us...@openssl.org On Behalf Of Mike Mohr > Sent: Tuesday, 14 December, 2010 19:14
> How do you mean, an additional 0 byte is prepended? I generated > several DH parameters and exported them to C code ( -C ), some of > which has the MSB set. It looks like BN_bin2bn is used directly on > the raw bytes of the prime without any padding. > > Mike > > On Tue, Dec 14, 2010 at 12:54 PM, Erik Tkal <et...@juniper.net> wrote: > > DER encoding of numeric data should always be network byte > order MSB...LSB. Note that if the high order bit is set then > an additional 0 byte is prepended. In DER encoding of INTEGER is bigendian signed (twos-complement) so +127 is (02 02) 7F, +128 is (02 02) 00 80, -128 is (02 01) 80, +258 is (02 02) 01 02, -258 is (02 02) FF FE, etc. In C code using openssl, the bignums we care about (DH/DSS groups, RSA moduli, etc.) are always positive and bin2bn is unsigned. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
