On Thu, Jul 24, 2014, Jeffrey Walton wrote: > I've got a negative number in a BIGNUM: > > BN_hex2bn(&a, "00afd72b...bd3ae65d"); > BN_dec2bn(&n, "-1"); > ... > > BN_mul(r, a, n, ctx); > > I then convert it to an ASN1 INTEGER, and then fetch the ASN1 integer: > > ASN1_INTEGER* x = BN_to_ASN1_INTEGER(r, NULL); > > const unsigned char* ptr = x->data; > long len = x->length; > int tag = 0, cls = 0; > > ASN1_get_object(&ptr, &len, &tag, &cls, len); >
This is not "fetching the ASN1 integer" it is fetching its internal representation. I also suspect ASN1_get_object is failing (because you aren't passing it a tag and length) and you're just getting the internal representation back. Try encoding it vi i2d_ASN1_INTEGER instead. > > The integer is *not* a 2's compliment of 'r'. Rather, its a positive > 'r' (in fact, its the same positive 'a' I started with). > That's because the internal representation of an integer is the big endian form of its magnitude. The sign is given by the type: V_ASN1_INTEGER or V_ASN1_NEG_INTEGER. The encoding routine makes the 2's complement conversion for negative integers. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
