[openssl-users] openssl asn1parse -length

Christian Böhme christian.boehme at cloudandheat.com
Mon Jul 23 14:56:55 UTC 2018


Hello all,

I have been trying to find a way to ascertain that the contents of a file
is a DER-encoded ASN.1 structure such as

$ openssl version
OpenSSL 1.0.2g  1 Mar 2016

$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -i
    0:d=0  hl=4 l= 978 cons: SEQUENCE          
    4:d=1  hl=2 l=   9 prim:  OBJECT            :pkcs7-envelopedData
   15:d=1  hl=4 l= 963 cons:  cont [ 0 ]        
   19:d=2  hl=4 l= 959 cons:   SEQUENCE          
   23:d=3  hl=2 l=   1 prim:    INTEGER           :03
   26:d=3  hl=3 l= 133 cons:    SET               
   29:d=4  hl=3 l= 130 cons:     cont [ 3 ]        
   32:d=5  hl=2 l=   1 prim:      INTEGER           :00
   35:d=5  hl=2 l=  27 cons:      cont [ 0 ]        
   37:d=6  hl=2 l=   9 prim:       OBJECT            :PBKDF2
   48:d=6  hl=2 l=  14 cons:       SEQUENCE          
   50:d=7  hl=2 l=   8 prim:        OCTET STRING      [HEX DUMP]:64C8DCE92BE6CF80
   60:d=7  hl=2 l=   2 prim:        INTEGER           :0800
   64:d=5  hl=2 l=  46 cons:      SEQUENCE          
   66:d=6  hl=2 l=  11 prim:       OBJECT            :id-alg-PWRI-KEK
   79:d=6  hl=2 l=  31 cons:       SEQUENCE          
   81:d=7  hl=2 l=  11 prim:        OBJECT            :camellia-256-cbc
   94:d=7  hl=2 l=  16 prim:        OCTET STRING      [HEX DUMP]:DC131C842F099909DF465439C1B06038
  112:d=5  hl=2 l=  48 prim:      OCTET STRING      [HEX DUMP]:7BEFFB307D05C8242A040B371EEA3C6F59F082C415057BF5A71F67437B92668CEED9C46B0F57B4E4A077B1651892D9D5
  162:d=3  hl=4 l= 816 cons:    SEQUENCE          
  166:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
  177:d=4  hl=2 l=  31 cons:     SEQUENCE          
  179:d=5  hl=2 l=  11 prim:      OBJECT            :camellia-256-cbc
  192:d=5  hl=2 l=  16 prim:      OCTET STRING      [HEX DUMP]:995169EEF15C876E5F1A92DAF6A129D7
  210:d=4  hl=4 l= 768 prim:     cont [ 0 ]

Since the files to test are rather large, I'd be content with being able
to have only the first couple of bytes inspected.  It would appear that the
-length  option allows to do just that.  However, whatever argument specified,
I get this:

$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 4
Error in encoding
140548547200664:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157:
$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 16
Error in encoding
140076397213336:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 32
Error in encoding
139879438956184:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 64
Error in encoding
139887577974424:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 128
Error in encoding
140008118994584:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 256
Error in encoding
140518349809304:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:
$ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 512
Error in encoding
140042967262872:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147:

etcpp.  The files to test are expected to be at least 512 bytes in size.

What's the expected behaviour of the  -length  option, BTW?


Thanks,
Christian

-- 
*Christian Böhme*

Developer System Integration

CLOUD&HEAT

*CLOUD & HEAT Technologies GmbH*
Königsbrücker Str. 96 (Halle 15) | 01099 Dresden
Tel: +49 351 479 3670 - 100
Fax: +49 351 479 3670 - 110
E-Mail: christian.boehme at cloudandheat.com <mailto:christian.boehme at cloudandheat.com>
Web: https://www.cloudandheat.com <https://www.cloudandheat.com>

Handelsregister: Amtsgericht Dresden
Registernummer: HRB 30549
USt.-Ident.-Nr.: DE281093504
Geschäftsführer: Nicolas Röhrs


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 533 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180723/c18538ef/attachment-0001.sig>


More information about the openssl-users mailing list