> Thanks for your point. However, I think you
> misinterpreted my problem.


Actually, you have misinterpret your own problem.

> I know BER is a superset of DER, so we can use DER in
> places where BER is expected.


Exactly.

> However, my case is reversed. I am trying to use BER
> to a place where DER is expected.


This is fine, so long as you simply convert the BER to DER before using it.
You can do this as easily as reading the thing in to any function that
expects DER or BER and writing it back out as DER.

> Specifically,
>
> The following section of code within
> X509_PUBKEY_set() extracts public key in DER format by
> calling i2d_PublicKey(pkey,&p), then pass the buffer s
> to
> M_ASN1_BIT_STRING_set(pk->public_key,s,i)
>
> --------------------------------------------------
> if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
> if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
> {
> X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILUR E);
> goto err;
> }
> p=s;
> i2d_PublicKey(pkey,&p);
> if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto
> err;
> -------------------------------------------------------
>
> Now, I replaced the above code segment with
>
> if (custom_exportRSAPublicKey(publickeyhandle, &s, &i)
> == -1) goto err;
>
> if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto
> err;
>
> Where custom_exportRSAPublicKey exports the public
> key designated by publickeyhandle to HSM
> into BER blob, then I pass the BER blob to
> M_ASN1_BIT_STRING_set(pk->public_key,s,i).
>
> It appears that BER is not interpreted correctly
> where DER is expected.
> Because the Modulus and Exponent are switched:


This is not a DER/BER issue. Where you put the modules and exponent has
nothing to do with whether you're using DER or BER. DER and BER are binary
standards. They say, for example, how to encode a large integer, but not
which large integer to put where.

> Does using the latest openssl solve this problem?
> Or do you know how to work around this problem?


The problem has nothing to do with DER or BER but with what format you use
to encode the private key itself. This is a format that layers on top of DER
or BER. If you are using your own format, you will need to write your own
code to parse it.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org