Hello, I have in my possession some smartcards whose pkcs15 objects contain incorrectly structured DER encodings, and I need to get these cards working in my card management tool. I've made structs corresponding to the relevant parts of pkcs15 using openssl's ASN1 module, but naturally the invalid encodings are not surviving contact with my d2i_ABC() functions. I'm using openssl 1.1.1o, I should say. I should also add these structures on the cards are read-only, so I can't even fix them, I just have to deal with them. These are the 2 invalid encodings I have seen: First, a bit-string used for flags, encoded as (hex) 030108. That is, the number of unused bits is set to 8, and no other content, presumably indicating no flags are set. DER would have this be 030100 instead. My d2i is resulting in ASN1_R_INVALID_BIT_STRING_BITS_LEFT in c2i_ASN1_BIT_STRING(). Second, a positive integer with leading 00 padding which is not necessary, encoded as 80020042. (It has an implicit [0] tag.) DER would have this be 800142. My d2i is resulting in ASN1_R_ILLEGAL_PADDING in c2i_ibuf(). So! Is it possible to work around these, using ASN1_MACRO trickery or what-have-you? It's pretty clear I should end up with an empty bit- string and integer value 0x42, so is there a way to loosen the parser's pickiness and achieve this? I could sanitize the inputs myself first, but at that point I'd be writing my own parser and I wouldn't need openssl's. :/ Any help would be appreciated. Thanks, -Dave
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
