[openssl.org #3194] [PATCH] Provide asn1parse with capability to show raw OIDs

[Stephen Henson via RT]

We can't change the parameters of functions at all if we wish to maintain
binary compatibility and if we wanted additional ASN.1 parsing flags in future
we'd need further functions.

An alternative would be to pass an opaque structure with the printing
parameters to an extended version of ASN1_parse. The existing ASN1_PCTX could
be used for this purpose if it was extended. The existing ASN1_parse* variants
would then be a special case.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #3194] [PATCH] Provide asn1parse with capability to show raw OIDs

[Johannes Bauer via RT]

Resubmitted (the first try I had the wrong mailing list, sorry):

Hello list,

the asn1parse application does provide a mechanism to enhance the output
by providing additional OID/string mappings. As of now it is not
possible to display the raw OIDs (without any name resolution done).
This is something I have found very useful in the past when digging into
ASN1.

I have written a patch against openssl-1.0.1e that does provide this
functionality. The changes for the user in summary are:

* Add -rawoids command line switch to asn1parse application

Under the hood I made these changes:

* Introduced i2t_ASN1_OBJECT_resolve and i2a_ASN1_OBJECT_resolve which
work just like i2t_ASN1_OBJECT and i2a_ASN1_OBJECT, but take an
additional resolveoids parameter
* Changed i2t_ASN1_OBJECT and i2a_ASN1_OBJECT to call their _resolve
respective counterparts (with resolve_oids = 1 in order to keep current
behavior)
* Changed API of ASN1_parse_dump in order to accept a resolve_oids parameter
* Changed calls of ASN1_parse_dump to pass 1 for the resolve_oids parameter

The rationale is as follows:

* i2t_ASN1_OBJECT and i2a_ASN1_OBJECT are probably used internally in
external applications, so I found it useful to keep their APIs stable
* ASN1_parse_dump is currently only used in debug/error output
conditions, which is why I thought API stability would not be that
important at this point. Any conversion from old to new is trivial (just
append ,1 to the call)

Attached to this mail is the patch I produced. I took care to preserve
coding style and nomenclature where applicable.

I would greatly appreciate feedback on this patch.
Best regards,
Johannes

From ae9c5bb1123db6b756af3d5114c7e0661c8b2e07 Mon Sep 17 00:00:00 2001
From: Johannes Bauer dfnsonfsdu...@gmx.de
Date: Fri, 29 Nov 2013 11:46:39 +0100
Subject: [PATCH] Implement raw OID display

---
 openssl-1.0.1e/apps/asn1pars.c|  8 +++-
 openssl-1.0.1e/apps/pkeyutl.c |  2 +-
 openssl-1.0.1e/apps/rsautl.c  |  2 +-
 openssl-1.0.1e/crypto/asn1/a_object.c | 20 +++-
 openssl-1.0.1e/crypto/asn1/asn1.h |  4 +++-
 openssl-1.0.1e/crypto/asn1/asn1_par.c | 16 
 openssl-1.0.1e/crypto/asn1/tasn_prn.c |  2 +-
 openssl-1.0.1e/crypto/x509v3/v3_prn.c |  2 +-
 8 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/openssl-1.0.1e/apps/asn1pars.c b/openssl-1.0.1e/apps/asn1pars.c
index 0d66070..dd398f0 100644
--- a/openssl-1.0.1e/apps/asn1pars.c
+++ b/openssl-1.0.1e/apps/asn1pars.c
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
 	char *genstr=NULL, *genconf=NULL;
 	unsigned char *tmpbuf;
 	const unsigned char *ctmpbuf;
+	int rawoids = 0;
 	BUF_MEM *buf=NULL;
 	STACK_OF(OPENSSL_STRING) *osk=NULL;
 	ASN1_TYPE *at=NULL;
@@ -181,6 +182,10 @@ int MAIN(int argc, char **argv)
 			if (--argc  1) goto bad;
 			genconf= *(++argv);
 			}
+		else if (strcmp(*argv,-rawoids) == 0)
+			{
+			rawoids=1;
+			}
 		else
 			{
 			BIO_printf(bio_err,unknown option %s\n,*argv);
@@ -211,6 +216,7 @@ bad:
 		BIO_printf(bio_err,   ASN1 blob wrappings\n);
 		BIO_printf(bio_err, -genstr str   string to generate ASN1 structure from\n);
 		BIO_printf(bio_err, -genconf file file to generate ASN1 structure from\n);
+		BIO_printf(bio_err, -rawoids  never resolve OIDs to string representation\n);
 		goto end;
 		}
 
@@ -363,7 +369,7 @@ bad:
 	}
 	if (!noout 
 	!ASN1_parse_dump(out,(unsigned char *)(str[offset]),length,
-		indent,dump))
+		indent,dump,!rawoids))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
diff --git a/openssl-1.0.1e/apps/pkeyutl.c b/openssl-1.0.1e/apps/pkeyutl.c
index 7eb3f5c..5c56cd1 100644
--- a/openssl-1.0.1e/apps/pkeyutl.c
+++ b/openssl-1.0.1e/apps/pkeyutl.c
@@ -363,7 +363,7 @@ int MAIN(int argc, char **argv)
 	ret = 0;
 	if(asn1parse)
 		{
-		if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+		if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1, 1))
 			ERR_print_errors(bio_err);
 		}
 	else if(hexdump)
diff --git a/openssl-1.0.1e/apps/rsautl.c b/openssl-1.0.1e/apps/rsautl.c
index b01f004..32cab61 100644
--- a/openssl-1.0.1e/apps/rsautl.c
+++ b/openssl-1.0.1e/apps/rsautl.c
@@ -302,7 +302,7 @@ int MAIN(int argc, char **argv)
 	}
 	ret = 0;
 	if(asn1parse) {
-		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1, 1)) {
 			ERR_print_errors(bio_err);
 		}
 	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
diff --git a/openssl-1.0.1e/crypto/asn1/a_object.c b/openssl-1.0.1e/crypto/asn1/a_object.c
index 3978c91..c786da9 100644
--- a/openssl-1.0.1e/crypto/asn1/a_object.c
+++ b/openssl-1.0.1e/crypto/asn1/a_object.c
@@ -227,25 +227,25 @@ err:
 	return(0);
 	}
 
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+int i2t_ASN1_OBJECT_resolve(char *buf, int buf_len, ASN1_OBJECT *a, int resolve_oids)
 {
-	return OBJ_obj2txt(buf, buf_len, a, 0);
+	return OBJ_obj2txt(buf, buf_len, a, !resolve_oids);
 }
 
-int i2a_ASN1_OBJECT(BIO