On Wed, Sep 07, 2011, Dominik Oepen wrote: > Hi all, > > in a project I maintain I have to deal with OIDs not contained within > OpenSSL. In particular, I use OpenSSL to parse ASN1 encoded data > containing OIDs (using the Macros from asn1t.h) and do switch-case > statements on the resulting NIDs. Until now I used to patch OpenSSL > (adding the OIDs to objects.txt and running the objects.pl script to > generate the NIDs) to contain my OIDs but this approach is far from ideal. > > I know that I can add new OIDs to OpenSSL internals table using the > OBJ_create function. So I could add all my OIDs in a library > initialization function and save the resulting NIDs in some global > data structure. But, as the man page already mentions, I can't use > these NIDs for switch-case statements and probably also not for the > ASN1 macros. > > So I would like to ask if there are any best practices on how to deal > with this kind of problem. I'm pretty sure that other people must have > already encountered this problem, but I couldn't find any code or > documentation on how to deal with it. >
That is problematical because if you change objects.txt you end up creating new NIDs which are pretty much guaranteed to be incomaptible with future version of OpenSSL that add new OIDs. The best you can do is to check if the OID exists using for example OBJ_txt2nid() and if not create it using OBJ_create(). Using dynamically created nids for "any defined by" structure isn't currently possible using the macros. I can see two options both a bit messy. One is to manualy encode the relevant field by using the catch all ASN1_TYPE structure. Another is to create the structures needed by the macros i.e an ASN1_ADB_TABLE_st but which is *not* const so you can write the relevant values dynamically at runtime. Looking through the macros that should only require that you redefine the ASN1_ADB macro. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
