"+" bug in mac_key?

meepbear * meepbear at hotmail.com
Tue Aug 2 22:20:50 PDT 2005


>I'm not sure if it's a bug, and specs do not specify that. I think it's
>about this code (it's been a while since I digged that code):
>
>     # prepend zeros to round to byte boundary, or to unset high bit
>     my $prepend = (8 - length($bits) % 8) || ($bits =~ /^1/ ? 8 : 0);
>     $bits = ("0" x $prepend) . $bits if $prepend;
>
>There is nothing wrong with it, but this is not how OpenSSL packs
>its bignums. I think it is possible to accept both with and without high
>bit set. It's not a big deal to prepend zero either.

I started a topic about that a few weeks back. The spec specifies signed 
integers instead of unsigned so they have to be zero padded to preserve the 
sign (even though in the case of OpenID signed vs unsigned doesn't actually 
make any difference).




More information about the yadis mailing list