How to parse DER encoded x509 attributes?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How to parse DER encoded x509 attributes?

Libor Chocholaty

Hello,

I would like to parse DER encoded x509 attributes and have no clue how to use d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what to pass like free_func.

I am trying to uderstand by collecting pieces of known code, looking into openssl sources but...

PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
d2i_ASN1_SET_OF_X509_ATTRIBUTE(&p7si->auth_attr, &der_data, der_data_length, d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, V_ASN1_UNIVERSAL);

Could somebody help how to do it or give a link to some useful documentation?
Search internet looks completely not useful in this topic... or do not know how to ask...

Regards,
Libor

 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to parse DER encoded x509 attributes?

Dave Coombs
Hello,

You can do something like the following.

First make a type corresponding to a stack of x509 attributes:

typedef STACK_OF(X509_ATTRIBUTE) SEQ_X509_ATTRIBUTE;
DECLARE_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE);

Then make an asn1 template that specifies how the stack should be encoded.  (You can use ASN1_TFLG_SET_OF instead of ..SEQUENCE_OF here, depending on the DER you're trying to interpret, I don't know.)

ASN1_ITEM_TEMPLATE(SEQ_X509_ATTRIBUTE) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, x509attribute, X509_ATTRIBUTE)
ASN1_ITEM_TEMPLATE_END(SEQ_X509_ATTRIBUTE)
IMPLEMENT_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE)

Now your type has its own d2i and i2d functions, and you can use them:

STACK_OF(X509_ATTRIBUTE) *attrs = d2i_SEQ_X509_ATTRIBUTE(NULL, &data, length);

Cheers,
  -Dave


On Nov 15, 2017, at 07:26, Libor Chocholaty <[hidden email]> wrote:

Hello,

I would like to parse DER encoded x509 attributes and have no clue how to use d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what to pass like free_func.

I am trying to uderstand by collecting pieces of known code, looking into openssl sources but...

PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
d2i_ASN1_SET_OF_X509_ATTRIBUTE(&p7si->auth_attr, &der_data, der_data_length, d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, V_ASN1_UNIVERSAL);

Could somebody help how to do it or give a link to some useful documentation?
Search internet looks completely not useful in this topic... or do not know how to ask...

Regards,
Libor

 
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to parse DER encoded x509 attributes?

Libor Chocholaty

Hello,

thanks a lot. Works nice. Just it is interesting that I get X509_ATTRIBUTEs what should be a SEQUENCE but need to parse as SET.

And to free the memory:

X509_ATTRIBUTE *attr;
while ((attr = sk_X509_ATTRIBUTE_pop(attrs)) != NULL) {
    X509_ATTRIBUTE_free(attr);
}
sk_X509_ATTRIBUTE_free(attrs);

Looks working.

Regards,
Libor

 

On 2017-11-15 15:31, Dave Coombs wrote:

Hello,
 
You can do something like the following.
 
First make a type corresponding to a stack of x509 attributes:
 
typedef STACK_OF(X509_ATTRIBUTE) SEQ_X509_ATTRIBUTE;
DECLARE_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE);
 
Then make an asn1 template that specifies how the stack should be encoded.  (You can use ASN1_TFLG_SET_OF instead of ..SEQUENCE_OF here, depending on the DER you're trying to interpret, I don't know.)
 
ASN1_ITEM_TEMPLATE(SEQ_X509_ATTRIBUTE) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, x509attribute, X509_ATTRIBUTE)
ASN1_ITEM_TEMPLATE_END(SEQ_X509_ATTRIBUTE)
IMPLEMENT_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE)
 
Now your type has its own d2i and i2d functions, and you can use them:
 
STACK_OF(X509_ATTRIBUTE) *attrs = d2i_SEQ_X509_ATTRIBUTE(NULL, &data, length);
 
Cheers,
  -Dave
 

On Nov 15, 2017, at 07:26, Libor Chocholaty <[hidden email]> wrote:

Hello,

I would like to parse DER encoded x509 attributes and have no clue how to use d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what to pass like free_func.

I am trying to uderstand by collecting pieces of known code, looking into openssl sources but...

PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
d2i_ASN1_SET_OF_X509_ATTRIBUTE(&p7si->auth_attr, &der_data, der_data_length, d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, V_ASN1_UNIVERSAL);

Could somebody help how to do it or give a link to some useful documentation?
Search internet looks completely not useful in this topic... or do not know how to ask...

Regards,
Libor

 
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

 

 

 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to parse DER encoded x509 attributes?

Dave Coombs
Hello,

As I said, you could experiment with ASN1_TFLG_SET_OF instead of ASN1_TFLG_SEQUENCE_OF.

Also, to free the memory, you should be able to use just one call:
sk_X509_ATTRIBUTE_pop_free(attrs, X509_ATTRIBUTE_free);

This frees each element in the stack, and also frees the stack.

All the best,
  -Dave


On Nov 20, 2017, at 09:03, Libor Chocholaty <[hidden email]> wrote:

Hello,

thanks a lot. Works nice. Just it is interesting that I get X509_ATTRIBUTEs what should be a SEQUENCE but need to parse as SET.

And to free the memory:

X509_ATTRIBUTE *attr;
while ((attr = sk_X509_ATTRIBUTE_pop(attrs)) != NULL) {
    X509_ATTRIBUTE_free(attr);
}
sk_X509_ATTRIBUTE_free(attrs);

Looks working.

Regards,
Libor

 

On 2017-11-15 15:31, Dave Coombs wrote:

Hello,
 
You can do something like the following.
 
First make a type corresponding to a stack of x509 attributes:
 
typedef STACK_OF(X509_ATTRIBUTE) SEQ_X509_ATTRIBUTE;
DECLARE_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE);
 
Then make an asn1 template that specifies how the stack should be encoded.  (You can use ASN1_TFLG_SET_OF instead of ..SEQUENCE_OF here, depending on the DER you're trying to interpret, I don't know.)
 
ASN1_ITEM_TEMPLATE(SEQ_X509_ATTRIBUTE) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, x509attribute, X509_ATTRIBUTE)
ASN1_ITEM_TEMPLATE_END(SEQ_X509_ATTRIBUTE)
IMPLEMENT_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE)
 
Now your type has its own d2i and i2d functions, and you can use them:
 
STACK_OF(X509_ATTRIBUTE) *attrs = d2i_SEQ_X509_ATTRIBUTE(NULL, &data, length);
 
Cheers,
  -Dave
 

On Nov 15, 2017, at 07:26, Libor Chocholaty <[hidden email]> wrote:

Hello,

I would like to parse DER encoded x509 attributes and have no clue how to use d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what to pass like free_func.

I am trying to uderstand by collecting pieces of known code, looking into openssl sources but...

PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
d2i_ASN1_SET_OF_X509_ATTRIBUTE(&p7si->auth_attr, &der_data, der_data_length, d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, V_ASN1_UNIVERSAL);

Could somebody help how to do it or give a link to some useful documentation?
Search internet looks completely not useful in this topic... or do not know how to ask...

Regards,
Libor

 
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

 
 
 
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users