[xmlsec] Problem with some cert which has a negative serial number
Chandler Peng
Chuandong.Peng at Sun.COM
Mon Feb 21 20:38:46 PST 2005
Dear all , Don't forget the scene that there is only one 0x00 when
serial number is ZERO . :-) .
Chandler .
Andrew Fan wrote:
> Aleksey Sanin wrote:
>
>> Note that this is not only 00s but also FFs for negative values
>> (11, 111, 1111, 11111, etc. all represent the same -1).
>
> I think there're a little misunderstanding about this pointer. a
> serial number with leading "00" is a positive integer in the case that
> positive integer first byte big then "0x80". Such as for integer 0x81,
> the big integer format is 0x0081, with leading "0x00".
>
> For negative serial number, the first bit must be set, otherwise it is
> a positive integer. For example, the big integer "0x81" is a negative
> integer, while "0x71" is a positive integer.
>
> I attached the rules about how to encode and decode integer, hope that
> helps.
>
> -Andrew
>
>> The real
>> question is how smart are the NSPR (CERT_FindCertByIssuerAndSN)
>> and MSCrypto (CertCompareIntegerBlob) functions? Do they understand
>> that these numbers are the same or not?
>>
>> Anyone wants to test it?
>>
>> Aleksey
>>
>> Michael Mi wrote:
>>
>>> I gree with you than "01", "00 01", "00 00 00 01" are same bns
>>> theoretically.
>>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
-------------- next part --------------
Skipped content of type multipart/related
More information about the xmlsec
mailing list