One leading NUL byte in RSA key modulus
nmav at gnutls.org
Thu Mar 29 11:29:11 CEST 2012
On Wed, Mar 28, 2012 at 10:23 PM, Jim Lloyd
<jlloyd at silvertailsystems.com> wrote:
> I am nearly done porting our application to use gnutls 2.12 instead of 2.8.
> We have a reasonably decent set of unit tests, nearly all of which pass
> without requiring any changes. However, there are two failing tests that I
> find curious.
> First, we have a function that user gnutls_x509_privkey_export_rsa_raw to
> return the size in bytes of the modulus of a private key. One specific unit
> test simply asserts that the size of a given test key is 128 bytes. That
> test fails because the actual size of the key is now 129 bytes.
The null byte ensures that the number isn't treated as negative when
imported to a bignum library. Thus it should be expected (at least to
numbers with their MSB being 1).
> In addition, the Public Key Id output by gnutls_x509_crt_print has changed
> to be an entirely different hash.
Could it be the change in 2.8.6?
* Version 2.8.6 (released 2010-03-15)
** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.
VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti
<trupti.wilankar at hp.com> and Boyan Kasarov <bkasarov at gmail.com>.
Note: As a side effect of this change, the "public key identifier"
value computed for a certificate using this version of GnuTLS will be
different from values computed using earlier versions of GnuTLS.
More information about the Gnutls-devel