On Tue, Oct 6, 2009 at 3:04 AM, Konstantin Andreev <andr...@swemel.ru> wrote: > Hello. > > One more question about decoding DER structures. > > Some PKCS#11 mechanisms (namely, CKM_GOSTR3410 ) accept DER-encoded > parameters, which include DER tag-length prefix. > > I dissect these parameters from some wrapping DER structure by > SEC_QuickDERDecodeItem. Unfortunately, I could not find an option to ask > decoder to put tag-length prefix together with item. > > To handle this, I adjust decoded SECItems after decoding: > > SECItem t; > t.len += 2; > t.data -= 2; > > This works for now, because parameters are OIDS which fits in a 128-byte > limit. But this is unsafe. > > Please, advice, how can I save DER tag-length in item safely ?
I suspect that the SEC_ASN1_ANY decoder modifier is what you want, and you should *not* specify SEC_ASN1_INNER: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/quickder.c&rev=1.23&mark=779,781,783,785#779 There is a limitation of SEC_ASN1_ANY if SEC_ASN1_OPTIONAL is also specified -- in that case, it must be the last template in the template array. (See NSS tech note 1.) If SEC_ASN1_ANY doesn't work for you, the only solution I have is to re-encode the decoded SECItem. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
