Security/CryptoEngineering/ASN.1
This page is the ultimate guide to the ASN.1 parsers maintained by the CryptoEng team.
Legacy ASN.1 parsers
The legacy ASN.1 parsers are used in many places in NSS and some places in Firefox.
lib/util/der*.c
This seems to be the oldest parser. It’s used by a lot of different parts of NSS. It has no fuzzing or test coverage at all.
DER_AsciiToTime DER_DecodeTimeChoice DER_Encode DER_EncodeTimeChoice DER_GeneralizedDayToAscii DER_GeneralizedTimeToTime DER_GetInteger DER_GetUInteger DER_LengthLength DER_Lengths DER_SetUInteger DER_StoreHeader DER_TimeChoiceDayToAscii DER_TimeToGeneralizedTime DER_TimeToGeneralizedTimeArena DER_TimeToUTCTime DER_UTCDayToAscii DER_UTCTimeToAscii DER_UTCTimeToTime
SEC_ASN1
SEC_ASN1 is probably the most complex of all available encoder/decoders supporting templates and callbacks.
SEC_ASN1Decode SEC_ASN1DecodeInteger SEC_ASN1DecodeItem SEC_ASN1DecoderAbort SEC_ASN1DecoderClearFilterProc SEC_ASN1DecoderClearNotifyProc SEC_ASN1DecoderFinish SEC_ASN1DecoderSetFilterProc SEC_ASN1DecoderSetNotifyProc SEC_ASN1DecoderStart SEC_ASN1DecoderUpdate SEC_ASN1Encode SEC_ASN1EncodeInteger SEC_ASN1EncodeItem SEC_ASN1EncoderAbort SEC_ASN1EncoderClearNotifyProc SEC_ASN1EncoderClearStreaming SEC_ASN1EncoderClearTakeFromBuf SEC_ASN1EncoderFinish SEC_ASN1EncoderSetNotifyProc SEC_ASN1EncoderSetStreaming SEC_ASN1EncoderSetTakeFromBuf SEC_ASN1EncoderStart SEC_ASN1EncoderUpdate SEC_ASN1EncodeUnsignedInteger SEC_ASN1LengthLength
QuickDER
QuickDER was intended to be a safer and simpler replacement of SEC_ASN1, supporting templates but not callbacks. It seems that this work was never completed.
SEC_QuickDERDecodeItem
mozpkix::Der
mozpkix::Der is the most modern of the ASN.1 encoders and decoders mentioned here, but also the most specialized one, supporting only what’s needed in the web PKI world. It is written in C++ and has good test coverage. Firefox directly uses its implicit C++ API.