[openssl-users] How to parse DER encoded x509 attributes?
Dave Coombs
dcoombs at carillon.ca
Mon Nov 20 14:09:42 UTC 2017
Hello,
As I said, you could experiment with ASN1_TFLG_SET_OF instead of ASN1_TFLG_SEQUENCE_OF.
Also, to free the memory, you should be able to use just one call:
sk_X509_ATTRIBUTE_pop_free(attrs, X509_ATTRIBUTE_free);
This frees each element in the stack, and also frees the stack.
All the best,
-Dave
> On Nov 20, 2017, at 09:03, Libor Chocholaty <ossl at mts.cz> wrote:
> Hello,
>
> thanks a lot. Works nice. Just it is interesting that I get X509_ATTRIBUTEs what should be a SEQUENCE but need to parse as SET.
>
> And to free the memory:
>
> X509_ATTRIBUTE *attr;
> while ((attr = sk_X509_ATTRIBUTE_pop(attrs)) != NULL) {
> X509_ATTRIBUTE_free(attr);
> }
> sk_X509_ATTRIBUTE_free(attrs);
>
> Looks working.
>
> Regards,
> Libor
>
>
> On 2017-11-15 15:31, Dave Coombs wrote:
>
>> Hello,
>>
>> You can do something like the following.
>>
>> First make a type corresponding to a stack of x509 attributes:
>>
>> typedef STACK_OF(X509_ATTRIBUTE) SEQ_X509_ATTRIBUTE;
>> DECLARE_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE);
>>
>> Then make an asn1 template that specifies how the stack should be encoded. (You can use ASN1_TFLG_SET_OF instead of ..SEQUENCE_OF here, depending on the DER you're trying to interpret, I don't know.)
>>
>> ASN1_ITEM_TEMPLATE(SEQ_X509_ATTRIBUTE) =
>> ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, x509attribute, X509_ATTRIBUTE)
>> ASN1_ITEM_TEMPLATE_END(SEQ_X509_ATTRIBUTE)
>> IMPLEMENT_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE)
>>
>> Now your type has its own d2i and i2d functions, and you can use them:
>>
>> STACK_OF(X509_ATTRIBUTE) *attrs = d2i_SEQ_X509_ATTRIBUTE(NULL, &data, length);
>>
>> Cheers,
>> -Dave
>>
>>
>>> On Nov 15, 2017, at 07:26, Libor Chocholaty <ossl at mts.cz <mailto:ossl at mts.cz>> wrote:
>>> Hello,
>>>
>>> I would like to parse DER encoded x509 attributes and have no clue how to use d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what to pass like free_func.
>>>
>>> I am trying to uderstand by collecting pieces of known code, looking into openssl sources but...
>>>
>>> PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
>>> d2i_ASN1_SET_OF_X509_ATTRIBUTE(&p7si->auth_attr, &der_data, der_data_length, d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, V_ASN1_UNIVERSAL);
>>>
>>> Could somebody help how to do it or give a link to some useful documentation?
>>> Search internet looks completely not useful in this topic... or do not know how to ask...
>>>
>>> Regards,
>>> Libor
>>>
>>>
>>> --
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users <https://mta.openssl.org/mailman/listinfo/openssl-users>
>>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171120/c6b383e7/attachment.html>
More information about the openssl-users
mailing list