Comments (2)
kazuho
commented on September 8, 2024
I believe that the particular version of OpenSSL you are using is prepending 00 when the most-significant bit of the private key is set, as you need to do for ASN.1.
Interestingly, whether if such padding is made seems to depend on the version of the OpenSSL; as shown below, OpenSSL 1.1.0 does not prepend 00 to the output.
$ /usr/local/openssl-1.0.2/bin/openssl ec -in key.pem -text
read EC key
Private-Key: (256 bit)
priv:
00:fe:44:a5:6f:e8:18:a6:b6:28:6a:5a:e1:a6:86:
3c:02:4e:42:50:77:90:4e:d2:dc:89:99:c5:24:2e:
a3:9e:77
pub:
(snip)
$ /usr/local/openssl-1.1.0/bin/openssl ec -in key.pem -text
read EC key
Private-Key: (256 bit)
priv:
fe:44:a5:6f:e8:18:a6:b6:28:6a:5a:e1:a6:86:3c:
02:4e:42:50:77:90:4e:d2:dc:89:99:c5:24:2e:a3:
9e:77
pub:
(snip)
Considering the facts, I'd suggest removing the first byte on the script side if the length of the private key is 1 byte longer than expected and if the first byte is 00.
from picotls.
larseggert
commented on September 8, 2024
Thanks! I fixed this in NTAP/quant@dc414c9
from picotls.
Related Issues (20)
- Generating qlog files when using quicly as a library
- Conditional jump or move depends on uninitialised value(s) HOT 9
- Open SSL version not recognized on MacOS Ventura 13.2 HOT 6
- cmake fails on clean install HOT 1
- in ptls_import / ptls_export, take care of partial TLS record being received
- Adding a new crypto engine HOT 4
- no error handling of key_schedule_new failure
- We should document ECH, update the ESNI wiki page.
- picotls build seems to fail? HOT 2
- Perhaps require appropriate C standard? Pre-C11 compiler fails: `picotls.c: error: ‘ptls_handshake_properties_t’ has no member named ‘client’`
- Possible integer overflow when checking obfuscated ticket age
- Ticket issued time does not compensate for RTT
- OpenSSL RSA private key default format changes to PKCS#8
- Build error with Clang on 10.6–10.7: `error: call to undeclared library function 'aligned_alloc' with type 'void *(unsigned long, unsigned long)'; ISO C99 and later do not support implicit function declarations`
- test-openssl.t has a few failing tests HOT 4
- Build error: `picotls.c: error: too many arguments to function 'subtest'` HOT 7
- cli can not parse argument '-u'
- when cli act as server with client authentication, it sends NewSessionTicket directly after Finished
- Should exclude PSK_DHE mode when key_share is null
- External PSK auth may fail with missing_extension (109) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from picotls.