Re: [RFC PATCH 4/4] crypto: Add EC-RDSA algorithm

From: David Howells
Date: Wed Jan 16 2019 - 11:15:27 EST

Vitaly Chikunov <vt@xxxxxxxxxxxx> wrote:

> > Regarding your comment (2), I am not sure I understand. Why do you say that
> > the DER format cannot be parsed by the kernel's ASN.1 parser? For example,
> It can, but DER is stricter than BER. For example, in DER 'OCTET STRING'
> length field should be encoded in just one byte if it's smaller than
> 128, in BER it could be encoded in multiple encodings. This does not
> seem like a big deal, though. With BER decoder an improperly DER-encoded
> certificate could be successfully parsed.

Whilst that is true, I don't think it's that big a deal. DER is a subset of
BER, so a BER decoder ought to be able to parse it. Note that X.509 is
supposed to be DER, but we use a BER decoder for that too.