Hi there,
I am having trouble decoding a custom extension that I created using
Openssl. I have created the templates for nss but I am receiving a
"bad der" error number from the decoder. As far as I can tell the der
is correct and can be parsed by openssl commands that show the
structure is as expected. After much trial and error I reduced the
extension to contain only an integer as a test but am still receiving
unusual results.
I have been looking at this for a while and think I have the template
but feel like I am missing something obvious along the way. When I
retrieve the extension from the cert, the raw asn.1 data appears
correct but the associated length is off. When I pass this through the
decoder it returns "bad der". If I increase the length "by hand" the
decoder returns success but returns null values (presumably because it
is going beyond the border of memory allocated for the raw extension
data)
I feel there is something fundamental I am missing here as regards
memory allocation. Any ideas on these problems?
Here is my definition of the template & structure:
struct _otherCertsExtData
{
SECItem otherCertificate;
};
typedef struct _otherCertsExtData otherCertsExtData;
const SEC_ASN1Template otherCertsExtTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0 , NULL, sizeof(otherCertsExtData) },
{ SEC_ASN1_INTEGER , offsetof(otherCertsExtData,
otherCertificate)},
{ 0 }
};
Here is a snippet of the decode:
PRArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
otherCertsExtData* parsedCertStructure;
parsedCertStructure = (otherCertsExtData*)PORT_ArenaZAlloc
(arena,sizeof
(otherCertsExtData));
otherCertsOIDTag = addOtherCertsOID();
SECItem otherCertExt;
SECStatus otherCertExtPresent = CERT_FindCertExtension(cert_handle,
(int)otherCertsOIDTag, &otherCertExt);
if (otherCertExtPresent != SECSuccess)
return;
otherCertExt.len = otherCertExt.len +2; //Adding this makes the
decoders return success
const SECItem* otherCertExtItem = &otherCertExt;
SECStatus extensionDecodeResult;
SEC_ASN1DecoderContext * context = SEC_ASN1DecoderStart(NULL,
&parsedCertStructure, otherCertsExtTemplate);
extensionDecodeResult = SEC_ASN1DecoderUpdate( context, (const char *)
otherCertExtItem->data, otherCertExtItem->len); // length is too
short! add one?
//extern SECStatus SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext
*cx);
extensionDecodeResult = SEC_ASN1DecoderFinish(context);
extensionDecodeResult = SEC_QuickDERDecodeItem( arena,
parsedCertStructure, SEC_ASN1_GET(otherCertsExtTemplate),
otherCertExtItem);
Here is a printout I have to show the bits contained in the extension
data which seem to be well formed der and can be decoded with Openssl:
Heres the raw extracted extension byte values:48-5-2-3-16-177-32
Heres the raw binary extracted:
00110000-00000101-00000010-00000011-00010000-10110001-00100000
Representing: sequence - length - Integer - length - val - val - val
Where am I going wrong here?
Many thanks in advance,
Brendan.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
