[openssl-users] X509_CINF_dup fails with "invalid object encoding" error
VVPrasad Chalumuri
vvprasad.chalumuri at gmail.com
Mon Jan 5 11:55:42 UTC 2015
Hi,
I was trying to duplicate the X509_CINF structure variable using
ASN1_item_dup with OpenSSL 1.0.1i code. But, it fails with the following
error. The same code works fine, if I run it against OpenSSL 0.9.8zb.
*error code; 218906840 in a_object.c line 303.Error message:
error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object
encodingerror code; 218640442 in tasn_dec.c line 751.error data:
Field=algorithm, Type=X509_ALGORError message: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 errorerror code; 218640442 in
tasn_dec.c line 751.error data: Field=signature, Type=X509_CINFError
message: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error*
Can some one please point out, if I'm missing something?
I really appreciate any help extended.
Copying the code snippet below with this mail.
--VVPrasad
============================================================
*IMPLEMENT_ASN1_DUP_FUNCTION(X509_CINF)*
*int test_X509_CINF_dup() *
*{*
* char *serial = "1230ABCD";*
* ASN1_INTEGER *asn1int = NULL;*
* X509_NAME *name = NULL;*
* X509_CINF *x509cinf;*
* X509 *x509 = NULL;*
* X509_CINF *cinf = NULL;*
* int days = 365;*
* struct timeval now;*
* ASN1_TIME *nb;*
* ASN1_TIME *na;*
* struct timeval nbs;*
* time_t tsec;*
* time_t secs;*
* long millis;*
* int flags, line;*
* const char *data, *file;*
* unsigned long code;*
* char *errstr;*
* x509cinf = X509_CINF_new();*
* /* allocate memory for X509_CINF */*
* if (!(x509cinf->version = ASN1_INTEGER_new())) {*
* fprintf(stderr, "ERROR(%d): Allocating memory for X509_CINF\n",__LINE__);*
* goto err;*
* }*
* /* set the version */*
* if (!ASN1_INTEGER_set(x509cinf->version, CERT_V3)) {*
* fprintf(stderr, "ERROR(%d): Setting version for X509_CINF\n",__LINE__);*
* goto err;*
* }*
* /* set the serial number */*
* {*
* /* convert the serial number into an ASN1_INTEGER */*
* if (char_array_2_asn1_integer(&asn1int, serial) < 0) {*
* fprintf(stderr, "ERROR(%d): char_array_2_asn1_integer\n",__LINE__);*
* goto err;*
* }*
* if (x509cinf->serialNumber)*
* M_ASN1_INTEGER_free(x509cinf->serialNumber);*
* x509cinf->serialNumber = asn1int;*
* }*
* /* set subject name */*
* {*
* if (create_subject_name(&name) < 0) {*
* fprintf(stderr, "ERROR(%d): Invalid subject name\n",__LINE__);*
* goto err;*
* }*
* /* set it, but free first if one already exists */*
* if (x509cinf->subject)*
* X509_NAME_free(x509cinf->subject);*
* x509cinf->subject = name; *
* }*
* /* set validity */*
* {*
* timeval_clock(&now, NULL);*
* nb = x509cinf->validity->notBefore;*
* if (! ASN1_TIME_set(nb, now.tv_sec)) {*
* fprintf(stderr, "ERROR(%d): Setting notBefore\n",__LINE__);*
* goto err;*
* }*
* na = x509cinf->validity->notAfter;*
* if (! ASN1_TIME_set(na, now.tv_sec)) {*
* fprintf(stderr, "ERROR(%d): Setting notAfter\n",__LINE__);*
* goto err;*
* }*
* if (nb->type != V_ASN1_UTCTIME && nb->type != V_ASN1_GENERALIZEDTIME) {*
* if (! X509_gmtime_adj(nb,0)) {*
* fprintf(stderr, "ERROR(%d): Setting notBefore to today\n",__LINE__);*
* goto err;*
* }*
* }*
* /* convert time to timeval */*
* parsetimebuf((const char *)nb->data, nb->length, (nb->type ==
V_ASN1_UTCTIME)? 1 : 0, &secs, &millis);*
* nbs.tv_sec = (long)secs;*
* nbs.tv_usec = millis * TME_MICROS_PER_MILLI;*
* /* set notAfter to days after notBefore */*
* tsec = (time_t)nbs.tv_sec;*
* if (! X509_time_adj(na, (long)60*60*24*days, &tsec)) {*
* fprintf(stderr, "ERROR(%d): Calculating notAfter\n",__LINE__);*
* goto err;*
* }*
* }*
* /* duplicate the cert info */*
* if (! (cinf = X509_CINF_dup(x509cinf))) {*
* fprintf(stderr, "ERROR: Allocating memory for the certificate information
object\n");*
* code = ERR_get_error_line_data(&file, &line, &data, &flags);*
* while (code)*
* {*
* printf("error code; %lu in %s line %d.\n", code, file, line);*
* if (data && (flags & ERR_TXT_STRING))*
* printf("error data: %s\n", data);*
* errstr = ERR_error_string(code, NULL);*
* printf("Error message: %s\n", errstr);*
* code = ERR_get_error_line_data(&file, &line, &data, &flags);*
* }*
* goto err;*
* }*
* /**
* * ...............................*
* */*
* return 0;*
*err:*
* X509_CINF_free(x509cinf);*
* X509_CINF_free(cinf);*
* X509_free(x509);*
* return -1;*
*}*
*int char_array_2_asn1_integer(ASN1_INTEGER **num, const char* const
serial) *
*{*
* BIGNUM *bn = NULL;*
* ASN1_INTEGER *asn1int = NULL;*
* /* create an asn1 integer, if not already exists */*
* if (*num) {*
* asn1int = *num;*
* } else if (!(asn1int = ASN1_INTEGER_new())) {*
* goto err;*
* }*
* if (BN_hex2bn(&bn, serial) <= 0)*
* goto err;*
* if (! BN_to_ASN1_INTEGER(bn, asn1int))*
* goto err;*
* BN_free(bn);*
* *num = asn1int;*
* return 0;*
*err:*
* BN_free(bn);*
* ASN1_INTEGER_free(asn1int);*
* return -1;*
*}*
*int create_subject_name(X509_NAME** x509_name)*
*{*
* X509_NAME *newname=NULL;*
* X509_NAME_ENTRY *ne=NULL;*
* ASN1_OBJECT *obj=NULL;*
* int setnumber = -1;*
* int loc=0;*
* int i = 0;*
* int num;*
* int str_type;*
* char* types[] = {"CN", "emailAddress", "OU", "O", "C", 0};*
* unsigned char* values[] = {*
* (unsigned char*)"test", *
* (unsigned char*)"hello at com.au", *
* (unsigned char*)"test_ou", *
* (unsigned char*)"test_o", *
* (unsigned char*)"US", *
* 0 };*
* /* create a new name */*
* if (! (newname = X509_NAME_new())) {*
* fprintf(stderr, "ERROR(%d): allocating new X509 name\n",__LINE__);*
* goto err;*
* }*
* while (types[i] && values[i])*
* {*
* /* convert type string to object identifier (ASN1_OBJECT) */*
* if (! (obj = OBJ_txt2obj(types[i], 0))) {*
* fprintf(stderr, "ERROR(%d): unknown ldapv3 DN type [%s]\n",__LINE__,
types[i]);*
* goto err;*
* }*
* /* create a new entry */*
* if (! (ne = X509_NAME_ENTRY_new())) {*
* fprintf(stderr, "ERROR(%d): allocating new X509 name
component\n",__LINE__);*
* goto err;*
* }*
* /* set the rdn type */*
* if (! X509_NAME_ENTRY_set_object(ne, obj)) {*
* fprintf(stderr, "ERROR(%d): setting ldapv3 DN type\n",__LINE__);*
* goto err;*
* }*
* /* determine the string type */*
* str_type = (OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) ?
V_ASN1_IA5STRING : V_ASN1_PRINTABLESTRING;*
* if (! X509_NAME_ENTRY_set_data(ne, str_type, values[i], strlen((const
char*)values[i]))) {*
* fprintf(stderr, "ERROR(%d): setting ldapv3 DN data\n",__LINE__);*
* goto err;*
* }*
* if (strcmp(types[i], "emailAddress")) { *
* loc++;*
* } else { *
* loc = 0;*
* setnumber++;*
* }*
* ne->set = setnumber;*
* /* add the name entry to the name we are building */*
* if (! sk_X509_NAME_ENTRY_insert(newname->entries, ne, loc)) {*
* fprintf(stderr, "ERROR(%d): adding ldapv3 DN component\n",__LINE__);*
* goto err;*
* }*
* i++;*
* }*
* /* reverse the set numbers */*
* for (i = 0, num = sk_X509_NAME_ENTRY_num(newname->entries) ; i < num ;
++i) {*
* sk_X509_NAME_ENTRY_value(newname->entries, i)->set = setnumber -*
* sk_X509_NAME_ENTRY_value(newname->entries, i)->set;*
* }*
* /* success */*
* *x509_name = newname;*
* return 0;*
*err:*
* if (newname) X509_NAME_free(newname);*
* *x509_name = NULL;*
* return -1;*
*}*
============================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20150105/8e27fcec/attachment-0001.html>
More information about the openssl-users
mailing list