[openssl.org #3194] [PATCH] Provide asn1parse with capability to show raw OIDs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #3194] [PATCH] Provide asn1parse with capability to show raw OIDs

Rich Salz via RT
Resubmitted (the first try I had the wrong mailing list, sorry):

Hello list,

the asn1parse application does provide a mechanism to enhance the output
by providing additional OID/string mappings. As of now it is not
possible to display the raw OIDs (without any name resolution done).
This is something I have found very useful in the past when digging into
ASN1.

I have written a patch against openssl-1.0.1e that does provide this
functionality. The changes for the user in summary are:

* Add "-rawoids" command line switch to asn1parse application

Under the hood I made these changes:

* Introduced i2t_ASN1_OBJECT_resolve and i2a_ASN1_OBJECT_resolve which
work just like i2t_ASN1_OBJECT and i2a_ASN1_OBJECT, but take an
additional "resolveoids" parameter
* Changed i2t_ASN1_OBJECT and i2a_ASN1_OBJECT to call their _resolve
respective counterparts (with resolve_oids = 1 in order to keep current
behavior)
* Changed API of ASN1_parse_dump in order to accept a resolve_oids parameter
* Changed calls of ASN1_parse_dump to pass 1 for the resolve_oids parameter

The rationale is as follows:

* i2t_ASN1_OBJECT and i2a_ASN1_OBJECT are probably used internally in
external applications, so I found it useful to keep their APIs stable
* ASN1_parse_dump is currently only used in debug/error output
conditions, which is why I thought API stability would not be that
important at this point. Any conversion from old to new is trivial (just
append ",1" to the call)

Attached to this mail is the patch I produced. I took care to preserve
coding style and nomenclature where applicable.

I would greatly appreciate feedback on this patch.
Best regards,
Johannes


>From ae9c5bb1123db6b756af3d5114c7e0661c8b2e07 Mon Sep 17 00:00:00 2001
From: Johannes Bauer <[hidden email]>
Date: Fri, 29 Nov 2013 11:46:39 +0100
Subject: [PATCH] Implement raw OID display

---
 openssl-1.0.1e/apps/asn1pars.c        |  8 +++++++-
 openssl-1.0.1e/apps/pkeyutl.c         |  2 +-
 openssl-1.0.1e/apps/rsautl.c          |  2 +-
 openssl-1.0.1e/crypto/asn1/a_object.c | 20 +++++++++++++++-----
 openssl-1.0.1e/crypto/asn1/asn1.h     |  4 +++-
 openssl-1.0.1e/crypto/asn1/asn1_par.c | 16 ++++++++--------
 openssl-1.0.1e/crypto/asn1/tasn_prn.c |  2 +-
 openssl-1.0.1e/crypto/x509v3/v3_prn.c |  2 +-
 8 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/openssl-1.0.1e/apps/asn1pars.c b/openssl-1.0.1e/apps/asn1pars.c
index 0d66070..dd398f0 100644
--- a/openssl-1.0.1e/apps/asn1pars.c
+++ b/openssl-1.0.1e/apps/asn1pars.c
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
  char *genstr=NULL, *genconf=NULL;
  unsigned char *tmpbuf;
  const unsigned char *ctmpbuf;
+ int rawoids = 0;
  BUF_MEM *buf=NULL;
  STACK_OF(OPENSSL_STRING) *osk=NULL;
  ASN1_TYPE *at=NULL;
@@ -181,6 +182,10 @@ int MAIN(int argc, char **argv)
  if (--argc < 1) goto bad;
  genconf= *(++argv);
  }
+ else if (strcmp(*argv,"-rawoids") == 0)
+ {
+ rawoids=1;
+ }
  else
  {
  BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -211,6 +216,7 @@ bad:
  BIO_printf(bio_err,"               ASN1 blob wrappings\n");
  BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
  BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
+ BIO_printf(bio_err," -rawoids      never resolve OIDs to string representation\n");
  goto end;
  }
 
@@ -363,7 +369,7 @@ bad:
  }
  if (!noout &&
     !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
-    indent,dump))
+    indent,dump,!rawoids))
  {
  ERR_print_errors(bio_err);
  goto end;
diff --git a/openssl-1.0.1e/apps/pkeyutl.c b/openssl-1.0.1e/apps/pkeyutl.c
index 7eb3f5c..5c56cd1 100644
--- a/openssl-1.0.1e/apps/pkeyutl.c
+++ b/openssl-1.0.1e/apps/pkeyutl.c
@@ -363,7 +363,7 @@ int MAIN(int argc, char **argv)
  ret = 0;
  if(asn1parse)
  {
- if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+ if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1, 1))
  ERR_print_errors(bio_err);
  }
  else if(hexdump)
diff --git a/openssl-1.0.1e/apps/rsautl.c b/openssl-1.0.1e/apps/rsautl.c
index b01f004..32cab61 100644
--- a/openssl-1.0.1e/apps/rsautl.c
+++ b/openssl-1.0.1e/apps/rsautl.c
@@ -302,7 +302,7 @@ int MAIN(int argc, char **argv)
  }
  ret = 0;
  if(asn1parse) {
- if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+ if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1, 1)) {
  ERR_print_errors(bio_err);
  }
  } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
diff --git a/openssl-1.0.1e/crypto/asn1/a_object.c b/openssl-1.0.1e/crypto/asn1/a_object.c
index 3978c91..c786da9 100644
--- a/openssl-1.0.1e/crypto/asn1/a_object.c
+++ b/openssl-1.0.1e/crypto/asn1/a_object.c
@@ -227,25 +227,25 @@ err:
  return(0);
  }
 
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+int i2t_ASN1_OBJECT_resolve(char *buf, int buf_len, ASN1_OBJECT *a, int resolve_oids)
 {
- return OBJ_obj2txt(buf, buf_len, a, 0);
+ return OBJ_obj2txt(buf, buf_len, a, !resolve_oids);
 }
 
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+int i2a_ASN1_OBJECT_resolve(BIO *bp, ASN1_OBJECT *a, int resolve_oids)
  {
  char buf[80], *p = buf;
  int i;
 
  if ((a == NULL) || (a->data == NULL))
  return(BIO_write(bp,"NULL",4));
- i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+ i=i2t_ASN1_OBJECT_resolve(buf,sizeof buf,a,resolve_oids);
  if (i > (int)(sizeof(buf) - 1))
  {
  p = OPENSSL_malloc(i + 1);
  if (!p)
  return -1;
- i2t_ASN1_OBJECT(p,i + 1,a);
+ i2t_ASN1_OBJECT_resolve(p,i + 1,a,resolve_oids);
  }
  if (i <= 0)
  return BIO_write(bp, "<INVALID>", 9);
@@ -255,6 +255,16 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
  return(i);
  }
 
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+ return i2t_ASN1_OBJECT_resolve(buf,buf_len,a,1);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+ {
+ return i2a_ASN1_OBJECT_resolve(bp,a,1);
+ }
+
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
      long length)
 {
diff --git a/openssl-1.0.1e/crypto/asn1/asn1.h b/openssl-1.0.1e/crypto/asn1/asn1.h
index 220a0c8..0c5a486 100644
--- a/openssl-1.0.1e/crypto/asn1/asn1.h
+++ b/openssl-1.0.1e/crypto/asn1/asn1.h
@@ -905,10 +905,12 @@ int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
 int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
 int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int i2a_ASN1_OBJECT_resolve(BIO *bp,ASN1_OBJECT *a,int resolveoids);
 int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
 int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
 #endif
 int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+int i2t_ASN1_OBJECT_resolve(char *buf,int buf_len,ASN1_OBJECT *a,int resolveoids);
 
 int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
@@ -1030,7 +1032,7 @@ int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
 int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
  unsigned char *buf, int off);
 int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
+int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump,int resolveoids);
 #endif
 const char *ASN1_tag2str(int tag);
 
diff --git a/openssl-1.0.1e/crypto/asn1/asn1_par.c b/openssl-1.0.1e/crypto/asn1/asn1_par.c
index aaca69a..15a09b3 100644
--- a/openssl-1.0.1e/crypto/asn1/asn1_par.c
+++ b/openssl-1.0.1e/crypto/asn1/asn1_par.c
@@ -65,7 +65,7 @@
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
  int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
- int offset, int depth, int indent, int dump);
+ int offset, int depth, int indent, int dump, int resolveoids);
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
      int indent)
  {
@@ -101,16 +101,16 @@ err:
 
 int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
  {
- return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+ return(asn1_parse2(bp,&pp,len,0,0,indent,0,1));
  }
 
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump, int resolveoids)
  {
- return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
+ return(asn1_parse2(bp,&pp,len,0,0,indent,dump,resolveoids));
  }
 
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
-     int depth, int indent, int dump)
+     int depth, int indent, int dump, int resolveoids)
  {
  const unsigned char *p,*ep,*tot,*op,*opp;
  long len;
@@ -180,7 +180,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
  {
  r=asn1_parse2(bp,&p,(long)(tot-p),
  offset+(p - *pp),depth+1,
- indent,dump);
+ indent,dump,resolveoids);
  if (r == 0) { ret=0; goto end; }
  if ((r == 2) || (p >= tot)) break;
  }
@@ -190,7 +190,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
  {
  r=asn1_parse2(bp,&p,(long)len,
  offset+(p - *pp),depth+1,
- indent,dump);
+ indent,dump,resolveoids);
  if (r == 0) { ret=0; goto end; }
  }
  }
@@ -223,7 +223,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
  if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
  {
  if (BIO_write(bp,":",1) <= 0) goto end;
- i2a_ASN1_OBJECT(bp,o);
+ i2a_ASN1_OBJECT_resolve(bp,o,resolveoids);
  }
  else
  {
diff --git a/openssl-1.0.1e/crypto/asn1/tasn_prn.c b/openssl-1.0.1e/crypto/asn1/tasn_prn.c
index 542a091..819fa93 100644
--- a/openssl-1.0.1e/crypto/asn1/tasn_prn.c
+++ b/openssl-1.0.1e/crypto/asn1/tasn_prn.c
@@ -610,7 +610,7 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
  if (BIO_puts(out, "\n") <= 0)
  return 0;
  if (ASN1_parse_dump(out, str->data, str->length,
- indent, 0) <= 0)
+ indent, 0, 1) <= 0)
  ret = 0;
  needlf = 0;
  break;
diff --git a/openssl-1.0.1e/crypto/x509v3/v3_prn.c b/openssl-1.0.1e/crypto/x509v3/v3_prn.c
index 3146218..c0aa2c3 100644
--- a/openssl-1.0.1e/crypto/x509v3/v3_prn.c
+++ b/openssl-1.0.1e/crypto/x509v3/v3_prn.c
@@ -211,7 +211,7 @@ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
 
  case X509V3_EXT_PARSE_UNKNOWN:
  return ASN1_parse_dump(out,
- ext->value->data, ext->value->length, indent, -1);
+ ext->value->data, ext->value->length, indent, -1, 1);
  case X509V3_EXT_DUMP_UNKNOWN:
  return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
 
--
1.8.1.5