On 2009-10-07 10:06 PDT, Nelson B Bolyard wrote: > On 2009-10-07 04:09 PDT, Konstantin Andreev wrote: >> On Tue, 06 Oct 2009, Wan-Teh Chang wrote: >>> On Tue, Oct 6, 2009 at 3:04 AM, Konstantin Andreev <andr...@swemel.ru> >>> wrote: > >>>> Please, advice, how can I save DER tag-length in item safely ? >>> I suspect that the SEC_ASN1_ANY decoder modifier is what you want, and >>> you should *not* specify SEC_ASN1_INNER: >>> http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/quickder.c&rev=1.23&mark=779,781,783,785#779 > >> I've checked this. SEC_ASN1_ANY saves tag-length prefix, but ignores tag >> number, thus matches anything. > > True, so put that template after a template that decodes the particular type > you want, and put the SEC_ASN1_SAVE flag in that prior template
I explained that badly. Please ignore that suggestion and read the explanation below that (hopefully) will be better. >> SEC_ASN1_SAVE: saves the component data, but does not proceed to the next >> component if within a SEQUENCE template array. This means the next >> template will reprocess the same component. See http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/certdb.c&rev=1.101&mark=128-132,136-140#128 for some examples of SEC_ASN1_SAVE. If I recall correctly, SEC_ASN1_SAVE is like SEC_ASN1_ANY, but after it saves the BER/DER encoded data, it does not skip over it, so the next template in the template array processes the same data again. In this way, you can have the decoder decode and validate (parse) the encoded data, and get as outputs both the raw encoded data and also the decoded data. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
