Re: Cannot set pqualid of POLICYQUALINFO with another NID different of NID_id_qt_cps

Thu, 23 Jan 2014 15:20:14 -0800 

On Thu, Jan 23, 2014, Rogrio Saulo wrote:

> Hi all, 
> 
> Sorry if it as a stupid question but...
> 
> I'm trying to add an custom policy qualifier attribute with another NID 
> different from NID_id_qt_cps to an PKCS7 envelope.
> 
> If I use the NID_id_qt_cps all works fine, BUT if I change the NID to another 
> created by OBJ_create the program crashes at thei2d_POLICYINFO function.
> 
> I cannot use the POLICYQUALINFO object with another NID different from 
> NID_id_qt_cps??
> 
> There is my working code :
> 
>     ASN1_OBJECT *polID;
>     POLICYINFO *pInfo = POLICYINFO_new();
>     polID = OBJ_txt2obj("2.16.76.1.7.1.2.2.1", 0);
>     pInfo->policyid = polID;
>     POLICYQUALINFO *pQInfo;
>     pQInfo = POLICYQUALINFO_new();
>     pInfo->qualifiers = sk_POLICYQUALINFO_new_null();
>     pQInfo = POLICYQUALINFO_new();
>     sk_POLICYQUALINFO_push(pInfo->qualifiers, pQInfo);
>     pQInfo->pqualid = OBJ_nid2obj(NID_id_qt_cps);
>     pQInfo->d.cpsuri = M_ASN1_IA5STRING_new();
>     char *urlPolitica = "http://politicas.icpbrasil.gov.br/PA_AD_RT_v2_1.der";;
>     ASN1_STRING_set(pQInfo->d.cpsuri, urlPolitica, strlen(urlPolitica));
>     POLICY_add_attrib(si, pInfo); // WORKS FINE
>     
> If I change the line :
> 
>     pQInfo->pqualid = OBJ_nid2obj(NID_id_qt_cps);
> 
> With :
> 
>     int NID_id_spq_ets_uri = OBJ_create("1.2.840.113549.1.9.16.5.1", 
> "id_spq_ets_uri", "id_spq_ets_uri");
>     pQInfo->pqualid = OBJ_nid2obj(NID_id_spq_ets_uri);
> 
> The program crashes at function POLICY_add_attrib in THIS LINE :
> 
>       int len = i2d_POLICYINFO(pInfo, NULL);
> 
> What I'm doing wrong???
> 

The problem is that the structure in question is the "any defined by OID"
type. There are two standard OIDs NID_id_qt_cps and NID_id_qt_unotice. If you
have any other OID the code has no idea how to handle it and so falls back to
using ASN1_TYPE. The crash is because it's expecting ASN1_TYPE in the union
but gets a different structure.

So you need to populate the d.other field in that case.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to