This is just a repeat to what I put into https://bugzilla.mozilla.org/show_bug.cgi?id=349949 but...
I see two approaches (These only apply to the NSS_CMS prefixed calls): - Break up NSS_CMSEncoder_Start into *_Init and *_Run, allow user to set flags between the two new calls and this could change the behavior of the encoder to do things like definite length encoding. Then we leave *_Start defined as running *_Init and *_Run in a default/current behavior. - Create a new set of CMS Encoder calls. The new set would represent an RFC strict (more secure?) encoder, while the previous/older version would be a (less secure?) but with better performance for SMIME applications. Thanks, Vinnie On Sat, Sep 11, 2010 at 4:14 PM, Nelson B Bolyard <nel...@bolyard.me> wrote: > On 2010-09-09 03:37 PDT, Vincent Agriesti wrote: >> How do I get the CMS encoder in mozilla's NSS 3.12.7 to use definite >> encodings on constructed types as well as data [?] > [snip] >> Researching into the code, I've found (in secasn1e.c) >> >> /* The !isString test below is apparently intended to ensure that all >> ** constructed types receive indefinite length encoding. > [snip] >> which leads me to believe there is no way to do this easily. If know one >> knows of an easy way to handle this, I'll probably submit bug/patch, just >> thought this was suppose to be a std feature of CMS encoders? >> >> Thanks for any help! >> Vinnie Agriesti > > NSS has two encoders and two decoders for "PKCS7". > > The older one, whose functions use the SEC_PKCS7_ prefix, implements an > older version of the standard, but IINM, allows for either DER or BER > encoding. > > The newer one, which uses the NSS_CMS prefixes, was designed exclusively > for use in an SMIME email package, where it was believed that BER encoding > was always allowed. > > If the new encoder can be made to do DER encoding without a huge > restructuring, we'd appreciate a patch to enable that. But if not, > you may want to switch to the other encoder. > > -- > /Nelson Bolyard > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
