M_ASN1_D2I_* replacement in OpenSSL 1.1.0

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Aleksandr Konstantinov
Hello all,

I'm in process of porting our project to OpenSSL 1.1.0. We have part of code which heavily uses M_ASN1_D2I_* and M_ASN1_I2D_* for defining d2i_* and i2d_* methods for new extension. For example code uses M_ASN1_D2I_vars, M_ASN1_D2I_Init and M_ASN1_D2I_start_sequence to start reading sequence of items and then proceeds with M_ASN1_D2I_get_* for content of the sequence. Could please anybody advise what would be proper replacement for those macros in OpenSSL 1.1.0? Is there any new API for such things? Or shall one do raw byte banging?


Best regards,


A.K.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Dr. Stephen Henson
On Thu, Sep 08, 2016, Aleksandr Konstantinov wrote:

> Hello all,
>
> I'm in process of porting our project to OpenSSL 1.1.0. We have part of
> code which heavily uses M_ASN1_D2I_* and M_ASN1_I2D_* for defining d2i_*
> and i2d_* methods for new extension. For example code uses M_ASN1_D2I_vars,
> M_ASN1_D2I_Init and M_ASN1_D2I_start_sequence to start reading sequence of
> items and then proceeds with M_ASN1_D2I_get_* for content of the
> sequence. Could please anybody advise what would be proper replacement for
> those macros in OpenSSL 1.1.0? Is there any new API for such things? Or
> shall one do raw byte banging?
>

Those old macros were updated way back in OpenSSL 0.9.7 and finally retired in
OpenSSL 1.1.0.

You need to write an appropriate ASN.1 module to encode and decode your
structure. There are many examples of this such as in crypto/cms/cms_asn1.c
and some much simpler ones in crypto/x509v3 which are perhaps better suited to
you needs.

They use macros which start with ASN1_SEQUENCE*

Is it possible to look at your old code? Then I could give some more specific
pointers.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Aleksandr Konstantinov
Hello,

Thanks for your answer. Here is one of d2i functions simplified:

MYEXT * d2i_MYEXT(MYEXT ** myext, unsigned char ** pp, long length) {
  M_ASN1_D2I_vars(myext, MYEXT *, MYEXT_new);
  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get_EXP_opt(ret->intmember, d2i_ASN1_INTEGER, 1);
  M_ASN1_D2I_get_opt(ret->intmember, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
  M_ASN1_D2I_Finish(myext, MYEXT_free, ASN1_F_D2I_MYEXT);
}


Regards,


A.K.



On Thu, Sep 8, 2016 at 10:23 PM, Dr. Stephen Henson <[hidden email]> wrote:
On Thu, Sep 08, 2016, Aleksandr Konstantinov wrote:

> Hello all,
>
> I'm in process of porting our project to OpenSSL 1.1.0. We have part of
> code which heavily uses M_ASN1_D2I_* and M_ASN1_I2D_* for defining d2i_*
> and i2d_* methods for new extension. For example code uses M_ASN1_D2I_vars,
> M_ASN1_D2I_Init and M_ASN1_D2I_start_sequence to start reading sequence of
> items and then proceeds with M_ASN1_D2I_get_* for content of the
> sequence. Could please anybody advise what would be proper replacement for
> those macros in OpenSSL 1.1.0? Is there any new API for such things? Or
> shall one do raw byte banging?
>

Those old macros were updated way back in OpenSSL 0.9.7 and finally retired in
OpenSSL 1.1.0.

You need to write an appropriate ASN.1 module to encode and decode your
structure. There are many examples of this such as in crypto/cms/cms_asn1.c
and some much simpler ones in crypto/x509v3 which are perhaps better suited to
you needs.

They use macros which start with ASN1_SEQUENCE*

Is it possible to look at your old code? Then I could give some more specific
pointers.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Dr. Stephen Henson
On Fri, Sep 09, 2016, Aleksandr Konstantinov wrote:

> Hello,
>
> Thanks for your answer. Here is one of d2i functions simplified:
>
> MYEXT * d2i_MYEXT(MYEXT ** myext, unsigned char ** pp, long length) {
>   M_ASN1_D2I_vars(myext, MYEXT *, MYEXT_new);
>   M_ASN1_D2I_Init();
>   M_ASN1_D2I_start_sequence();
>   M_ASN1_D2I_get_EXP_opt(ret->intmember, d2i_ASN1_INTEGER, 1);
>   M_ASN1_D2I_get_opt(ret->intmember, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
>   M_ASN1_D2I_Finish(myext, MYEXT_free, ASN1_F_D2I_MYEXT);
> }
>
>

Presumably the two fields aren't the same? I'll call one intmember2 for
this example.

The above would translate to something like:

ASN1_SEQUENCE(MYEXT) = {
        ASN1_EXP_OPT(MYEXT, intmember, ASN1_INTEGER, 1),
        ASN1_OPT(MYEXT, intmember2, ASN1_INTEGER)
} ASN1_SEQUENCE_END(MYEXT)

IMPLEMENT_ASN1_FUNCTIONS(MYEXT)

Then you include:

DECLARE_ASN1_FUNCTIONS(MYEXT)

in a header file.

That generates four functions MYEXT_new(), MYEXT_free(), d2i_MYEXT() and
i2d_MYEXT().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Aleksandr Konstantinov
Hello,


Thanks. Your answer helped a lot and I'm progressing now. Could You please also give me a hint what M_ASN1_BIT_STRING_dup/ASN1_BIT_STRING_dup could be replaced with?


Best regards,


A.K.


On Fri, Sep 9, 2016 at 2:44 PM, Dr. Stephen Henson <[hidden email]> wrote:
On Fri, Sep 09, 2016, Aleksandr Konstantinov wrote:

> Hello,
>
> Thanks for your answer. Here is one of d2i functions simplified:
>
> MYEXT * d2i_MYEXT(MYEXT ** myext, unsigned char ** pp, long length) {
>   M_ASN1_D2I_vars(myext, MYEXT *, MYEXT_new);
>   M_ASN1_D2I_Init();
>   M_ASN1_D2I_start_sequence();
>   M_ASN1_D2I_get_EXP_opt(ret->intmember, d2i_ASN1_INTEGER, 1);
>   M_ASN1_D2I_get_opt(ret->intmember, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
>   M_ASN1_D2I_Finish(myext, MYEXT_free, ASN1_F_D2I_MYEXT);
> }
>
>

Presumably the two fields aren't the same? I'll call one intmember2 for
this example.

The above would translate to something like:

ASN1_SEQUENCE(MYEXT) = {
        ASN1_EXP_OPT(MYEXT, intmember, ASN1_INTEGER, 1),
        ASN1_OPT(MYEXT, intmember2, ASN1_INTEGER)
} ASN1_SEQUENCE_END(MYEXT)

IMPLEMENT_ASN1_FUNCTIONS(MYEXT)

Then you include:

DECLARE_ASN1_FUNCTIONS(MYEXT)

in a header file.

That generates four functions MYEXT_new(), MYEXT_free(), d2i_MYEXT() and
i2d_MYEXT().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Dr. Stephen Henson
On Mon, Sep 19, 2016, Aleksandr Konstantinov wrote:

>
> Thanks. Your answer helped a lot and I'm progressing now. Could You please
> also give me a hint what M_ASN1_BIT_STRING_dup/ASN1_BIT_STRING_dup could be
> replaced with?
>

ASN1_STRING_dup should work fine: ASN1_BIT_STRING is actually typedefed to
ASN1_STRING.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Aleksandr Konstantinov
Hello,

Thanks a lot. One more question if possible. Is there any way to express single element of the ASN1 sequence which can be any of ASN1_OCTET_STRING or ASN1_UTF8STRING and potentially other types?
Or maybe there is some tutorial for new interface similar to something like http://www.umich.edu/~x509/ssleay/asn1-macros.html for old one?

Best regards,


A.K.



On Mon, Sep 19, 2016 at 3:05 PM, Dr. Stephen Henson <[hidden email]> wrote:
On Mon, Sep 19, 2016, Aleksandr Konstantinov wrote:

>
> Thanks. Your answer helped a lot and I'm progressing now. Could You please
> also give me a hint what M_ASN1_BIT_STRING_dup/ASN1_BIT_STRING_dup could be
> replaced with?
>

ASN1_STRING_dup should work fine: ASN1_BIT_STRING is actually typedefed to
ASN1_STRING.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Erwann Abalea-4
Bonjour,

Something like this?

/*

MyChoice ::= CHOICE {
  anInteger INTEGER,
  anOctetString OCTET STRING
  anASCIIString IA5STRING
}

MyStruct ::= SEQUENCE {
  item1 MyChoice
}

*/

__ File mytypes.h __

#include <openssl/asn1.h>

#define ASN1_OBJECT_dup(x) ASN1_dup_of(ASN1_OBJECT,i2d_ASN1_OBJECT,d2i_ASN1_OBJECT,x)
#define DECLARE_ASN1_DUP_FUNCTION(stname) stname * stname##_dup(stname *x);

typedef struct {
  int type;
  union {
    ASN1_INTEGER *anInteger;
    ASN1_OCTET_STRING *anOctetString;
    ASN1_IA5STRING *anASCIIString;
  } value;
} MYCHOICE;

DECLARE_ASN1_FUNCTIONS(MYCHOICE)
DECLARE_ASN1_DUP_FUNCTION(MYCHOICE)
DECLARE_ASN1_PRINT_FUNCTION(MYCHOICE)
#define d2i_MYCHOICE_bio(bp,p) ASN1_d2i_bio_of(MYCHOICE, MYCHOICE_new,d2i_ MYCHOICE,bp,p)
#define i2d_MYCHOICE_bio(bp,o) ASN1_i2d_bio_of(MYCHOICE,i2d_ MYCHOICE,bp,o)
#define d2i_MYCHOICE_fp(fp,p) ASN1_d2i_fp_of(MYCHOICE, MYCHOICE_new,d2i_ MYCHOICE,fp,p)
#define i2d_MYCHOICE_fp(fp,p) ASN1_i2d_fp_of(MYCHOICE,i2d_ MYCHOICE,fp,p)


typedef struct {
  MYCHOICE *item1;
} MYSTRUCT;

DECLARE_ASN1_FUNCTIONS(MYSTRUCT)
DECLARE_ASN1_DUP_FUNCTION(MYSTRUCT)
DECLARE_ASN1_PRINT_FUNCTION(MYSTRUCT)
#define d2i_MYSTRUCT_bio(bp,p) ASN1_d2i_bio_of(MYSTRUCT, MYSTRUCT_new,d2i_ MYSTRUCT,bp,p)
#define i2d_MYSTRUCT_bio(bp,o) ASN1_i2d_bio_of(MYSTRUCT,i2d_ MYSTRUCT,bp,o)
#define d2i_MYSTRUCT_fp(fp,p) ASN1_d2i_fp_of(MYSTRUCT, MYSTRUCT_new,d2i_ MYSTRUCT,fp,p)
#define i2d_MYSTRUCT_fp(fp,p) ASN1_i2d_fp_of(MYSTRUCT,i2d_ MYSTRUCT,fp,p)
____

__ File mytypes.c __
#include <openssl/asn1t.h>
#include "mytypes.h"

ASN1_CHOICE(MYCHOICE) = {
  ASN1_SIMPLE(MYCHOICE, value.anInteger, ASN1_INTEGER),
  ASN1_SIMPLE(MYCHOICE, value.anOctetString, ASN1_OCTET_STRING),
  ASN1_SIMPLE(MYCHOICE, value.anASCIIString, ASN1_IA5STRING)
} ASN1_CHOICE_END(MYCHOICE)

IMPLEMENT_ASN1_FUNCTIONS(MYCHOICE)
IMPLEMENT_ASN1_DUP_FUNCTION(MYCHOICE)
IMPLEMENT_ASN1_PRINT_FUNCTION(MYCHOICE)


ASN1_SEQUENCE(MYSTRUCT) = {
  ASN1_SIMPLE(MYSTRUCT, item1, MYCHOICE)
} ASN1_SEQUENCE_END(MYSTRUCT)

IMPLEMENT_ASN1_FUNCTIONS(MYSTRUCT)
IMPLEMENT_ASN1_DUP_FUNCTION(MYSTRUCT)
IMPLEMENT_ASN1_PRINT_FUNCTION(MYSTRUCT)
____

Now you can call i2d_MYSTRUCT()/d2i_MYSTRUCT() to encode/decode such a data type, and similar _bio, _fp, _dup functions as well.

Cordialement,
Erwann Abalea

Le 20 sept. 2016 à 11:45, Aleksandr Konstantinov <[hidden email]> a écrit :

Hello,

Thanks a lot. One more question if possible. Is there any way to express single element of the ASN1 sequence which can be any of ASN1_OCTET_STRING or ASN1_UTF8STRING and potentially other types?
Or maybe there is some tutorial for new interface similar to something like http://www.umich.edu/~x509/ssleay/asn1-macros.html for old one?

Best regards,


A.K.



On Mon, Sep 19, 2016 at 3:05 PM, Dr. Stephen Henson <[hidden email]> wrote:
On Mon, Sep 19, 2016, Aleksandr Konstantinov wrote:

>
> Thanks. Your answer helped a lot and I'm progressing now. Could You please
> also give me a hint what M_ASN1_BIT_STRING_dup/ASN1_BIT_STRING_dup could be
> replaced with?
>

ASN1_STRING_dup should work fine: ASN1_BIT_STRING is actually typedefed to
ASN1_STRING.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: M_ASN1_D2I_* replacement in OpenSSL 1.1.0

Dr. Stephen Henson
In reply to this post by Aleksandr Konstantinov
On Tue, Sep 20, 2016, Aleksandr Konstantinov wrote:

> Hello,
>
> Thanks a lot. One more question if possible. Is there any way to express
> single element of the ASN1 sequence which can be any
> of ASN1_OCTET_STRING or ASN1_UTF8STRING and potentially other types?

That depends what you mean. If the supported types are well defined then you
can use the CHOICE construction.

If just about anything could go in the element then you can use ASN1_ANY which
encodes and decodes ASN1_TYPE.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users