SECKEY_PublicKeyStrengthInBits calculates the bitlength of integers as 8*bytelength or 8*(bytelength-1) depending on whether there's a leading zero byte. The correct calculation is the one done in sftk_GetLengthInBits. The difference is minor (over-estimating the bitlength by up to seven bits) except for the case where there is more than one leading zero. The result of SECKEY_PublicKeyStrengthInBits is used to make security decisions within libssl and it is relayed to applications.
Summary: libssl and SECKEY_PublicKeyStrengthInBits does not report correct bitlengths for RSA or → libssl and SECKEY_PublicKeyStrengthInBits do not report correct key sizes for RSA and DH keys
You need to log in before you can comment on or make changes to this bug.