"+" bug in mac_key?
Michael 'hacker' Krelin
hacker at klever.net
Tue Aug 2 15:26:01 PDT 2005
On Tue, Aug 02, 2005 at 02:42:07PM -0700, Brad Fitzpatrick wrote:
> On Tue, 2 Aug 2005, Michael 'hacker' Krelin wrote:
> > On Tue, Aug 02, 2005 at 02:36:04PM -0700, Brad Fitzpatrick wrote:
> > > Wechsler,
> > >
> > > All that comes to mind is that somebody escaping/descaping the parameter
> > > as a URL parameter one too many/few times.
> > >
> > > Let me know if it's a bug with LiveJournal's (the Perl) libraries.
> > If my guess was right, this may be thought of as bug, but definitely the
> > one you will want to make into a feature and maintain compatibility
> > with. On the other hand, I believe this can be fixed without breaking
> > compatibility.
> If it's a bug and deviates from the specs, it'll be fixed. Let me know.
I'm not sure if it's a bug, and specs do not specify that. I think it's
about this code (it's been a while since I digged that code):
# prepend zeros to round to byte boundary, or to unset high bit
my $prepend = (8 - length($bits) % 8) || ($bits =~ /^1/ ? 8 : 0);
$bits = ("0" x $prepend) . $bits if $prepend;
There is nothing wrong with it, but this is not how OpenSSL packs
its bignums. I think it is possible to accept both with and without high
bit set. It's not a big deal to prepend zero either.
> BTW, are you open sourcing your PHP library?
That wasn't for me, I believe ;-)
More information about the yadis