Open Bug 226787 Opened 22 years ago Updated 3 years ago

handling of implicit tagging in ASN.1 decoders

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

People

(Reporter: julien.pierre, Unassigned)

Details

This applies to both the traditional ASN.1 and "QuickDER" decoders of NSS. Here is an example of a template using implicit tagging : static const SEC_ASN1Template CERT_EDIPartyNameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 5, offsetof(CERTGeneralName, name.other), SEC_AnyTemplate, sizeof (CERTGeneralName)} }; Here is an explanation of the above : kind = SEC_ASN1_CONTEXT_SPECIFIC | 5 Tells the decoder to check that the component tag is 0x85 . offset = offsetof(CERTGeneralName, name.other) Tells the decoder location of where to store the component data sub = SEC_AnyTemplate Subtemplate the decoder will use to process the component data : size = sizeof (CERTGeneralName)} Size to allocate for this structure, if allocate from parent (in POINTER type). Irrelevant to this discussion. This bug is about the requirement for a subtemplate in this case. It is for the most part bogus. In the above example, the use of SEC_AnyTemplate as a subtemplate, or any other template with a primitive type, doesn't give the decoder any additional information. If the subtemplate is for a primitive type, the type in the subtemplate is irrelevant since the tag has already been checked in the parent template, which contained the implicit tag. Thus it doesn't matter which primitive type is used in the subtemplate. By extension, I think we should allow not passing a subtemplate (ie. NULL) and get the same treatment. This would be clearer. The only case in which a subtemplate is really required is if the component is constructed, for example if it is really a sequence or not that has been retagged implicitly. In that case the subtemplate will get used for processing the constructed subcomponents. But the component tag type defined at the top of that template (ie. SEC_ASN1_SEQUENCE or SEC_ASN1_SET, etc.) will be irrelevant. The decoder won't actually use it to check the component tag, which was already checked. So, it is still quite confusing that the template user must define one. I don't have a proposal on how to best fix that. The indirection model with parent/subtemplate makes it difficult. If the subtemplate is only meant to be used with implicit tagging then perhaps we could add the modifier SEC_ASN1_IMPLICIT which would be a hint to the code reader that the component tag isn't really being checked against this type. I hope the above made sense to anyone other than the decoder implementer ;).
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.