On Mon, 2019-12-09 at 18:44 +0000, David Woodhouse wrote: > On 9 December 2019 18:03:11 GMT, James Bottomley > <James.Bottomley@HansenPartnership> wrote: [...] > > > Then in the happy case where it is <128, just go back and fill it > > > in as you currently do. Otherwise append 0x00 0x00 as the end > > > marker. > > > > That doesn't work ... the format of these octet strings is likely > > to have two zeros together, so they *have* to be definite length > > encoded. > > The octet-strings sure, but we know the length of those. It was the > sequence you have that <127 check and bail out for... wasn't it? The interior sequence encloses the octet streams. In theory the standard requires any parser to skip over the interior structures rather than simply chunk down the sequence looking for the two byte zero, but doing definite length allows us not to have to worry about buggy parsers in that case. > > > None of this has to be DER, does it? > > > > None of what? The policy? the DER format is already in use so we > > can't change it. > > What we *output* doesn't need to be DER (mandatory definite length) > and can be BER though, right? I'm not sure. I think the openssl routines that save and load the structure in userspace do BER but I'd rather stick to DER to be on the safe side. Plus, I know of no policy statement that's anywhere near 127 bytes long, so there's no problem with doing the single byte fixed length that DER requires. James
