[openssl-users] how to implement functions for STACK OF custom type?

lists lists at rustichelli.net
Wed Mar 29 10:05:38 UTC 2017

On 03/24/2017 06:46 PM, Dr. Stephen Henson wrote:
> On Tue, Mar 21, 2017, lists wrote:
 > On Tue, Mar 21, 2017, lists wrote:
 >> [...]
 >> I am exploring my options with OpenSSL and specifically I am trying 
to manage the stacks for some custom objects.
 >> [...]
 >> What am I doing wrong here?
 > [...]
 > For OpenSSL versions before 1.1.0 it's a bit messier. The type specific
 > STACK_OF functions are actually macros which are generated by the 
 > script and appear in the safestack.h header file. If you want to 
create your
 > own one way is to extract a type specific section from safestack.h, 
copy it
 > to your own header file and do a search/replace for the new type.
 > So for example extract the sk_OPENSSL_BLOCK macros and replace 
 > with FOO.
 > Steve.
 > --
 > Dr Stephen N. Henson. OpenSSL project core developer.
 > Commercial tech support now available see: http://www.openssl.org

Sorry but it seems I still got something wrong, now that I am more 
practically addressing qcStatements (as in RFC 3039, for the moment, not 
yet RFC 3739). I put here almost all of the code because it may be 
useful to some other who want to cover this attribute.
Question number one: is there a document/tutorial about ASN.1 to OpenSSL 
macros mapping?
Question number two: why does the code that I add in the end of the 
message miserably fails when I execute

     const unsigned char *tmpMovingPt = oneExt->value->data;
     // d2i_UC_qcStatements returns NULL here! It cannot parse it?
     // Is X509_EXTENSION *oneExt->value->data the right thing to pass here?
     qcstt = d2i_UC_qcStatements(NULL, &tmpMovingPt, oneExt->value->length);

and I know for sure that X509_EXTENSION *oneExt is qcStatements?
Specifically, the qcStatements should be RFC 3039-compliant because all 
of the entries only have statementId and statementInfo.

Here the rest of the code for OpenSSL 1.0, something must be wrong or 
maybe I have to implement something more:


// -- QCStatement

// I use this odd name to avoid confusion with qcStatements (with the 
"s"), for the moment
typedef struct UC_QcsAtom_st
     // statementId OBJECT IDENTIFIER
     ASN1_OBJECT *statementId;
     // statementInfo ANY DEFINED BY statementId OPTIONAL
     ASN1_TYPE *statementInfo;


#define sk_UC_QcsAtom_new(cmp) SKM_sk_new(UC_QcsAtom, (cmp))
#define sk_UC_QcsAtom_new_null() SKM_sk_new_null(UC_QcsAtom)
#define sk_UC_QcsAtom_free(st) SKM_sk_free(UC_QcsAtom, (st))
#define sk_UC_QcsAtom_num(st) SKM_sk_num(UC_QcsAtom, (st))
#define sk_UC_QcsAtom_value(st, i) SKM_sk_value(UC_QcsAtom, (st), (i))
#define sk_UC_QcsAtom_set(st, i, val) SKM_sk_set(UC_QcsAtom, (st), (i), 
[...many more...]

// -- QCStatements

typedef struct UC_qcStatements_st
     // SEQUENCE OF QCStatement
     STACK_OF(UC_QcsAtom) *statements_sk;



// -- QCStatament aka UC_QcsAtom

     ASN1_SIMPLE(UC_QcsAtom, statementId, ASN1_OBJECT),
     ASN1_OPT(UC_QcsAtom, statementInfo, ASN1_ANY)


// -- qcStataments aka QCStatements aka UC_qcStatements

ASN1_SEQUENCE(UC_qcStatements) = {
     ASN1_SEQUENCE_OF(UC_qcStatements, statements_sk, UC_QcsAtom)
} ASN1_SEQUENCE_END(UC_qcStatements)


/* ...is it required to implement something like this?...:

     UC_QcsAtom *d2i_UC_QcsAtom_bio(BIO *bp, UC_QcsAtom **a)
         return ASN1_d2i_bio_of(UC_QcsAtom, UC_QcsAtom_new, 
d2i_UC_QcsAtom, bp, a);


More information about the openssl-users mailing list