Hello,
I've run into a problem with asn1_der_decoding() recently. I have to
decode some DER data which I'm obtaining from a third party source. The
problem is that most of the time the obtained DER data contain some
additional trailing bytes.
The function
asn1_der_decoding (asn1_node * element, const void *ider, int ider_len,
char *errorDescription)
, as it is implemented now, expects @ider to have the exact length of
@ider_len. But in my case, @ider_len is slightly larger because of the
aforementioned padding. This causes the whole function to end with
ASN1_DER_ERROR even though the supplied DER was properly parsed.
A solution to my this problem may be:
* relaxing the test at the end of the function (example in the supplied
patch)
* introducing a new function witch such properties (this function could
also give a hint about the real DER size)
* adding a flag to asn1_der_decoding() whether the function should
perform a strict size test (this would break backward compatibility)
My personal favourite is the second choice. Please let me know whether
you are willing to accept any of these changes/enhancements. If so, I
could send you a patch with the changes.
Best regards,
Karel.
diff --git a/lib/decoding.c b/lib/decoding.c
index f5a8fca..b59d121 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -1468,12 +1468,17 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len,
_asn1_delete_not_used (*element);
- if (ider_len != 0)
+ if (ider_len < 0)
{
warn();
result = ASN1_DER_ERROR;
goto cleanup;
}
+ else if (ider_len > 0)
+ {
+ /* Generate warning or a different return code? */
+ return ASN1_SUCCESS;
+ }
return ASN1_SUCCESS;
