Security/CryptoEngineering/ASN.1

This page is the ultimate guide to the ASN.1 parsers maintained by the CryptoEng team.

Legacy ASN.1 parsers

The legacy ASN.1 parsers are used in many places in NSS and some places in Firefox.

lib/util/der*.c

This seems to be the oldest parser. It’s used by a lot of different parts of NSS. It has no fuzzing or test coverage at all.

DER_AsciiToTime
DER_DecodeTimeChoice
DER_Encode
DER_EncodeTimeChoice
DER_GeneralizedDayToAscii
DER_GeneralizedTimeToTime
DER_GetInteger
DER_GetUInteger
DER_LengthLength
DER_Lengths
DER_SetUInteger
DER_StoreHeader
DER_TimeChoiceDayToAscii
DER_TimeToGeneralizedTime
DER_TimeToGeneralizedTimeArena
DER_TimeToUTCTime
DER_UTCDayToAscii
DER_UTCTimeToAscii
DER_UTCTimeToTime

SEC_ASN1

SEC_ASN1 is probably the most complex of all available encoder/decoders supporting templates and callbacks.

SEC_ASN1Decode
SEC_ASN1DecodeInteger
SEC_ASN1DecodeItem
SEC_ASN1DecoderAbort
SEC_ASN1DecoderClearFilterProc
SEC_ASN1DecoderClearNotifyProc
SEC_ASN1DecoderFinish
SEC_ASN1DecoderSetFilterProc
SEC_ASN1DecoderSetNotifyProc
SEC_ASN1DecoderStart
SEC_ASN1DecoderUpdate
SEC_ASN1Encode
SEC_ASN1EncodeInteger
SEC_ASN1EncodeItem
SEC_ASN1EncoderAbort
SEC_ASN1EncoderClearNotifyProc
SEC_ASN1EncoderClearStreaming
SEC_ASN1EncoderClearTakeFromBuf
SEC_ASN1EncoderFinish
SEC_ASN1EncoderSetNotifyProc
SEC_ASN1EncoderSetStreaming
SEC_ASN1EncoderSetTakeFromBuf
SEC_ASN1EncoderStart
SEC_ASN1EncoderUpdate
SEC_ASN1EncodeUnsignedInteger
SEC_ASN1LengthLength

QuickDER

QuickDER was intended to be a safer and simpler replacement of SEC_ASN1, supporting templates but not callbacks. It seems that this work was never completed.

SEC_QuickDERDecodeItem

mozpkix::Der

mozpkix::Der is the most modern of the ASN.1 encoders and decoders mentioned here, but also the most specialized one, supporting only what’s needed in the web PKI world. It is written in C++ and has good test coverage. Firefox directly uses its implicit C++ API.