On Wed, Sep 07, 2011, Dominik Oepen wrote:

> Hi all,
> in a project I maintain I have to deal with OIDs not contained within
> OpenSSL. In particular, I use OpenSSL to parse ASN1 encoded data
> containing OIDs (using the Macros from asn1t.h) and do switch-case
> statements on the resulting NIDs. Until now I used to patch OpenSSL
> (adding the OIDs to objects.txt and running the objects.pl script to
> generate the NIDs) to contain my OIDs but this approach is far from ideal.
> I know that I can add new OIDs to OpenSSL internals table using the
> OBJ_create function. So I could add all my OIDs in a library
> initialization function and save the resulting NIDs in some global
> data structure. But, as the man page already mentions, I can't use
> these NIDs for switch-case statements and probably also not for the
> ASN1 macros.
> So I would like to ask if there are any best practices on how to deal
> with this kind of problem. I'm pretty sure that other people must have
> already encountered this problem, but I couldn't find any code or
> documentation on how to deal with it.

That is problematical because if you change objects.txt you end up creating
new NIDs which are pretty much guaranteed to be incomaptible with future
version of OpenSSL that add new OIDs.

The best you can do is to check if the OID exists using for example
OBJ_txt2nid() and if not create it using OBJ_create().

Using dynamically created nids for "any defined by" structure isn't currently
possible using the macros. I can see two options both a bit messy.

One is to manualy encode the relevant field by using the catch all ASN1_TYPE

Another is to create the structures needed by the macros i.e an 
but which is *not* const so you can write the relevant values dynamically at
runtime. Looking through the macros that should only require that you redefine
the ASN1_ADB macro.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to