Re: [openssl-users] BIO_printf with ASN1_BIT_STRING and ASN1_INTEGER?

2018-10-16 Thread Matthias Ballreich 
Hi,

thanks for this - what about the ASN1_BIT_STRING? Is there such a predefined 
function?

Von: openssl-users  im Auftrag von Dave 
Coombs 
Gesendet: Dienstag, 16. Oktober 2018 15:17 Uhr
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] BIO_printf with ASN1_BIT_STRING and ASN1_INTEGER?

Hi,

You can use i2a_ASN1_INTEGER() to print an ASN1_INTEGER to a BIO.

  -Dave


On Oct 16, 2018, at 05:37, Opa114 mailto:opa...@web.de>> wrote:

Hi there,

i have to print out some data, which is an ASN1_BIT_STRING and an ASN1_INTEGER 
with BIO_printf. For GENERAL_NAME for example there a predefined functions i 
can use like this: GENERAL_NAME_print(bp, GENERAL_NAME_VAR) <= 0

But for ASN1_INTGER and ASN1_BIT_STRING i haven't found any predefined function 
like ASN1_INTEGER_PRINT or something similiar i can use. So can someone tell me 
how i print out these two data types with BIO_printf in the correct and actual 
way?

thanks a lot.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-11 Thread Matthias Ballreich 
yes i can do this. I do it as github issue then. I hope i find time this 
evening to do this otherwise tomorrow.


Von: openssl-users <openssl-users-boun...@openssl.org> im Auftrag von Richard 
Levitte <levi...@openssl.org>
Gesendet: Dienstag, 11. Juli 2017 09:19:04
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

This all sounds a bit mysterious...

would you mind sharing a test program that shows the problem, with
detailed step by step instructions (among others what libraries you're
running against each time)?  Preferably as a github issue, but here is
fine as well...

Cheers,
Richard

In message 
<db6p195mb0182a9c918b5d06cf9a12fd8fb...@db6p195mb0182.eurp195.prod.outlook.com> 
on Mon, 10 Jul 2017 16:47:28 +, Matthias Ballreich 
<matthias.ballre...@outlook.de> said:

Matthias.Ballreich> Yes, MY_NID is really NID_whatever. I tried it with putting
Matthias.Ballreich> OPENSSL_init_crypto(0, NULL); at start of my main().
Matthias.Ballreich>
Matthias.Ballreich> Did not make any difference…
Matthias.Ballreich>
Matthias.Ballreich> The Integer value of MY_NID will be printed out and is the 
correct
Matthias.Ballreich> integer value.
Matthias.Ballreich>
Matthias.Ballreich> And i tried another thing. I replaced the two dll-libraries 
with the
Matthias.Ballreich> new created ones and then i run my Code and there all will 
be printed
Matthias.Ballreich> out correctly. BUT the whole time i used some older 
dll-libraries of
Matthias.Ballreich> openssl, (1.1.0f) and for development i used the latest 
1.1.1-dev and
Matthias.Ballreich> then i build this, which has added a new x509 extension 
(Admission),
Matthias.Ballreich> which has a new OID (NID_extX509Admission, etc.) and there 
the short
Matthias.Ballreich> and long name will be printed out correctly after Building 
the Code.
Matthias.Ballreich> So this is a Little bit strange.
Matthias.Ballreich>
Matthias.Ballreich> Or must i replace the dll-libraries every time i build the 
Code? But
Matthias.Ballreich> when, why has it worked with the old ones and the 1.1.1-dev 
(master
Matthias.Ballreich> branch)?
Matthias.Ballreich>
Matthias.Ballreich> Best regards
Matthias.Ballreich>
Matthias.Ballreich> Matthias
Matthias.Ballreich>
Matthias.Ballreich> Von: Richard Levitte
Matthias.Ballreich> Gesendet: Montag, 10. Juli 2017 06:14
Matthias.Ballreich> An: openssl-users@openssl.org
Matthias.Ballreich> Betreff: Re: [openssl-users] OpenSSL 1.1.0 providing new 
OIDs to
Matthias.Ballreich> source code
Matthias.Ballreich>
Matthias.Ballreich> In message
Matthias.Ballreich> 
<am5p195mb018008b87acd89d37b629cf3fb...@am5p195mb0180.eurp195.prod.outlook.com>
Matthias.Ballreich> on Sat, 8 Jul 2017 23:31:00 +, Matthias Ballreich
Matthias.Ballreich> <matthias.ballre...@outlook.de> said:
Matthias.Ballreich>
Matthias.Ballreich> matthias.ballreich> Hi there,
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> i want to contribute some more OIDs. 
Therefore i
Matthias.Ballreich> added the OIDs inside
Matthias.Ballreich> matthias.ballreich> the „Objects.txt“ inside /crypto/objects
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> Then i run these commands:
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> perl objects.pl objects.txt obj_mac.num 
.
Matthias.Ballreich> matthias.ballreich> ./../include/openssl/obj_mac.h
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> perl obj_dat.pl 
../../include/openssl/obj_mac.h
Matthias.Ballreich> obj_dat.h
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> perl objxref.pl obj_mac.num 
obj_xref.txt >
Matthias.Ballreich> obj_xref.h
Matthias.Ballreich>
Matthias.Ballreich> Sure, that looks fine to me
Matthias.Ballreich>
Matthias.Ballreich> matthias.ballreich> The files are generated / updated. Then 
i build
Matthias.Ballreich> the source which
Matthias.Ballreich> matthias.ballreich> builds fine without any exceptions. 
Then i tried
Matthias.Ballreich> to use the generated
Matthias.Ballreich> matthias.ballreich> NIDs in my Code. For test purposes i 
tried to
Matthias.Ballreich> print out the short and
Matthias.Ballreich> matthias.ballreich> Long Name of my new oid with 
OBJ_nid2sn(MY_NID)
Matthias.Ballreich> and OBJ_nid2(MY_NID).
Matthias.Ballreich> matthias.ballreich> But here it prints out an empty string.
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> When o try to use my NID with 
X509_get_ext_by_NID
Matthias.Ballreich> (cert, MY_NID, -1)
Matthias.Ballreich> matthias.ballreich> the O

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-10 Thread Matthias Ballreich 
Yes, MY_NID is really NID_whatever. I tried it with putting 
OPENSSL_init_crypto(0, NULL); at start of my main().
Did not make any difference…

The Integer value of MY_NID will be printed out and is the correct integer 
value.

And i tried another thing. I replaced the two dll-libraries with the new 
created ones and then i run my Code and there all will be printed out 
correctly. BUT the whole time i used some older dll-libraries of openssl, 
(1.1.0f) and for development i used the latest 1.1.1-dev and then i build this, 
which has added a new x509 extension (Admission), which has a new OID 
(NID_extX509Admission, etc.) and there the short and long name will be printed 
out correctly after Building the Code. So this is a Little bit strange.

Or must i replace the dll-libraries every time i build the Code? But when, why 
has it worked with the old ones and the 1.1.1-dev (master branch)?

Best regards
Matthias


Von: Richard Levitte<mailto:levi...@openssl.org>
Gesendet: Montag, 10. Juli 2017 06:14
An: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Betreff: Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

In message 
<am5p195mb018008b87acd89d37b629cf3fb...@am5p195mb0180.eurp195.prod.outlook.com> 
on Sat, 8 Jul 2017 23:31:00 +, Matthias Ballreich 
<matthias.ballre...@outlook.de> said:

matthias.ballreich> Hi there,
matthias.ballreich>
matthias.ballreich> i want to contribute some more OIDs. Therefore i added the 
OIDs inside
matthias.ballreich> the „Objects.txt“ inside /crypto/objects
matthias.ballreich>
matthias.ballreich> Then i run these commands:
matthias.ballreich>
matthias.ballreich> perl objects.pl objects.txt obj_mac.num .
matthias.ballreich> ./../include/openssl/obj_mac.h
matthias.ballreich>
matthias.ballreich> perl obj_dat.pl ../../include/openssl/obj_mac.h obj_dat.h
matthias.ballreich>
matthias.ballreich> perl objxref.pl obj_mac.num obj_xref.txt > obj_xref.h

Sure, that looks fine to me

matthias.ballreich> The files are generated / updated. Then i build the source 
which
matthias.ballreich> builds fine without any exceptions. Then i tried to use the 
generated
matthias.ballreich> NIDs in my Code. For test purposes i tried to print out the 
short and
matthias.ballreich> Long Name of my new oid with OBJ_nid2sn(MY_NID) and 
OBJ_nid2(MY_NID).
matthias.ballreich> But here it prints out an empty string.
matthias.ballreich>
matthias.ballreich> When o try to use my NID with X509_get_ext_by_NID(cert, 
MY_NID, -1)
matthias.ballreich> the Output is -2.
matthias.ballreich>
matthias.ballreich> So where is the Problem or what i’m doing wrong here? 
Thanks!

If you've come that far, MY_NID (which I assume is really
NID_whatever) obviously exists, or your code wouldn't even have
compiled.  One possibility remains, that for some reason, libcrypto
hasn't been initialised like it should.  This can happen if you only
call a very select set of OpenSSL functions.  What happens if you add
this at the start of your main()?

OPENSSL_init_crypto(0, NULL);

(note, that should be seen as a temporary measure, as this is called
internally in quite a number of spots, so for larger uses of OpenSSL
functionality, you shouldn't need that)

Cheers,
Richard

--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-09 Thread Matthias Ballreich 
Thanks. I tried it but i got the error Message that make update is not 
available.

I am Building it on windows with nmake under the visual Studio Developer Shell. 
Why is nmake Update Not working there?

Am 09.07.2017 um 08:40 schrieb Billy Brumley :

>> i want to contribute some more OIDs. Therefore i added the OIDs inside the
>> „Objects.txt“ inside /crypto/objects
>> 
>> 
>> 
>> Then i run these commands:
>> 
>> perl objects.pl objects.txt obj_mac.num ../../include/openssl/obj_mac.h
>> 
>> perl obj_dat.pl ../../include/openssl/obj_mac.h obj_dat.h
>> 
>> perl objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
> 
> Try 'make update' instead.
> 
> BBB
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

2017-07-09 Thread Matthias Ballreich 
Hi there,

i want to contribute some more OIDs. Therefore i added the OIDs inside the 
„Objects.txt“ inside /crypto/objects

Then i run these commands:
perl objects.pl objects.txt obj_mac.num ../../include/openssl/obj_mac.h
perl obj_dat.pl ../../include/openssl/obj_mac.h obj_dat.h
perl objxref.pl obj_mac.num obj_xref.txt > obj_xref.h

The files are generated / updated. Then i build the source which builds fine 
without any exceptions. Then i tried to use the generated NIDs in my Code. For 
test purposes i tried to print out the short and Long Name of my new oid with 
OBJ_nid2sn(MY_NID) and OBJ_nid2(MY_NID). But here it prints out an empty string.

When o try to use my NID with X509_get_ext_by_NID(cert, MY_NID, -1) the Output 
is -2.

So where is the Problem or what i’m doing wrong here? Thanks!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Matthias Ballreich 
Thanks for reply.
Ohh that's bad news. So I have will look at the various d2i_XXX and i2d_XXX 
functions you mentioned.


Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von 
Salz, Rich via openssl-users
Gesendet: Dienstag, 9. Mai 2017 15:55
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes 
Extension?

That attribute is not currently supported.

Someone would have to write ASN1 parsing code.  There are examples all over the 
place within OpenSSL; see the various d2i_XXX and i2d_XXX functions.  There are 
macro/define's available to make the job easier.  But, it is not really 
documented.

Maybe there are other people here who are interested, and could write the code 
and make a pull request on GitHub.

I doubt the team will get to it quickly.  Sorry, but I just want to be 
realistic.

--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Matthias Ballreich 
I will take a look on it. Thanks.
Can you explain it a little bit more what you mean with "You can either add a 
custom extension or just parse the structure from the extentsion contents." ?





-Ursprüngliche Nachricht-
Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von 
Dr. Stephen Henson
Gesendet: Dienstag, 9. Mai 2017 18:06
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes 
Extension?

On Tue, May 09, 2017, Matthias Ballreich wrote:

> Here are nor some more details, which may help you to better understand.
> 
> 
> My Certificate contains the SubjectDirectoryAttributes-Extension with the 
> following Attributes:
> 
> OID   : Value
> ---
> (1.3.6.1.5.5.7.9.4) countryOfCitizenship  : DE
> (1.3.6.1.5.5.7.9.3) gender: F
> (1.3.6.1.5.5.7.9.1) dateOfBirth   : 1971-10-14 12:00:00 UTC
> (1.3.6.1.5.5.7.9.2) placeOfBirth  : Darmstadt
> 
> So i want to get these pairs of OID and Value.
> 
> I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can 
> use. I got the Extension this way:
> 
> int loc = X509_get_ext_by_NID(certificate, 
> NID_subject_directory_attributes, -1); X509_EXTENSION *ex = 
> X509_get_ext(certificate, loc);
> 
> But how can i get then all the data, which means all the OIDs and Values to 
> the OIDs? The ASN.1 Structure is:
> 
> SubjectDirectoryAttributes ::= Attributes
> 
> Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
> 
> Attribute ::= SEQUENCE
> {
> type AttributeType
> values SET OF AttributeValue
> }
> 
> AttributeType ::= OBJECT IDENTIFIER
> AttributeValue ::= ANY DEFINED BY AttributeType
> 
> I found out that i get a custom extension with: X509_EXTENSION_get_object(ex) 
> and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the 
> ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the 
> result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to 
> X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY).
> 
> Then i tried to get the number of attributes by calling the 
> sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp. 
> X509_NAME.entries, but i got not the right number. I expect to get the number 
> 3 or 4 (don't know the exactly internal counting - but the example cert 
> contains 4 Attributes, so the output should be 3 or 4 depending if the 
> counting will start at 0 or 1). But instead of 3 or 4 i got a much larger 
> number like 34335029 and this number is different every time i run the code. 
> So i think there is a problem with the casting or i did not choose the right 
> Data-Type(s).
> 
> I'm using OpenSSL 1.0.2j.
> 
> So what's wrong and how can i fix it? - Thanks in advice!
> 

Looks like the type isn't X509_NAME_ENTRY but X509_ATTRIBUTE and the extension 
is a SEQUENCE OF Attribute. We don't have the direct equivalent as a specific 
type IIRC but it isn't hard to add one just follow what is done for 
GENERAL_NAMES which is a SEQUENCE OF GENERAL_NAME.

You can either add a custom extension or just parse the structure from the 
extentsion contents.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Matthias Ballreich 
Here are nor some more details, which may help you to better understand.


My Certificate contains the SubjectDirectoryAttributes-Extension with the 
following Attributes:

OID   : Value
---
(1.3.6.1.5.5.7.9.4) countryOfCitizenship  : DE
(1.3.6.1.5.5.7.9.3) gender: F
(1.3.6.1.5.5.7.9.1) dateOfBirth   : 1971-10-14 12:00:00 UTC
(1.3.6.1.5.5.7.9.2) placeOfBirth  : Darmstadt

So i want to get these pairs of OID and Value.

I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can 
use. I got the Extension this way:

int loc = X509_get_ext_by_NID(certificate, NID_subject_directory_attributes, 
-1);
X509_EXTENSION *ex = X509_get_ext(certificate, loc);

But how can i get then all the data, which means all the OIDs and Values to the 
OIDs? The ASN.1 Structure is:

SubjectDirectoryAttributes ::= Attributes

Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute

Attribute ::= SEQUENCE
{
type AttributeType
values SET OF AttributeValue
}

AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType

I found out that i get a custom extension with: X509_EXTENSION_get_object(ex) 
and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the 
ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the 
result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to 
X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY).

Then i tried to get the number of attributes by calling the 
sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp. 
X509_NAME.entries, but i got not the right number. I expect to get the number 3 
or 4 (don't know the exactly internal counting - but the example cert contains 
4 Attributes, so the output should be 3 or 4 depending if the counting will 
start at 0 or 1). But instead of 3 or 4 i got a much larger number like 
34335029 and this number is different every time i run the code. So i think 
there is a problem with the casting or i did not choose the right Data-Type(s).

I'm using OpenSSL 1.0.2j.

So what's wrong and how can i fix it? - Thanks in advice!

Here a short excerpt of my code:
X509_EXTENSION *ex = 

STACK_OF(X509_NAME_ENTRY) *st = (STACK_OF(X509_NAME_ENTRY)*) 
X509_EXTENSION_get_data(ex);
printf(sk_X509_NAME_ENTRY_num(st));

// or alternative

X509_Name *name = (X509_Name*) X509_EXTENSION_get_data(ex);
printf(sk_X509_NAME_ENTRY_num(name.entries));

Here i append the certificate if you need it. It's from the RFC specification:

-BEGIN CERTIFICATE-
MIIDEDCCAnmgAwIBAgIESZYC0jANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJE
RTE5MDcGA1UECgwwR01EIC0gRm9yc2NodW5nc3plbnRydW0gSW5mb3JtYXRpb25z
dGVjaG5payBHbWJIMB4XDTA0MDIwMTEwMDAwMFoXDTA4MDIwMTEwMDAwMFowZTEL
MAkGA1UEBhMCREUxNzA1BgNVBAoMLkdNRCBGb3JzY2h1bmdzemVudHJ1bSBJbmZv
cm1hdGlvbnN0ZWNobmlrIEdtYkgxHTAMBgNVBCoMBVBldHJhMA0GA1UEBAwGQmFy
emluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc50zVodVa6wHPXswg88P8
p4fPy1caIaqKIK1d/wFRMN5yTl7T+VOS57sWxKcdDzGzqZJqjwjqAP3DqPK7AW3s
o7lBG6JZmiqMtlXG3+olv+3cc7WU+qDv5ZXGEqauW4x/DKGc7E/nq2BUZ2hLsjh9
Xy9+vbw+8KYE9rQEARdpJQIDAQABo4HpMIHmMGQGA1UdCQRdMFswEAYIKwYBBQUH
CQQxBBMCREUwDwYIKwYBBQUHCQMxAxMBRjAdBggrBgEFBQcJATERGA8xOTcxMTAx
NDEyMDAwMFowFwYIKwYBBQUHCQIxCwwJRGFybXN0YWR0MA4GA1UdDwEB/wQEAwIG
QDASBgNVHSAECzAJMAcGBSskCAEBMB8GA1UdIwQYMBaAFAABAgMEBQYHCAkKCwwN
Dg/+3LqYMDkGCCsGAQUFBwEDBC0wKzApBggrBgEFBQcLAjAdMBuBGW11bmljaXBh
bGl0eUBkYXJtc3RhZHQuZGUwDQYJKoZIhvcNAQEFBQADgYEAj4yAu7LYa3X04h+C
7+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep
z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU
uIKzn+GhapCuGoC4qWdlGLWqfpc=
-END CERTIFICATE-



Von: Matthias Ballreich <matthias.ballre...@outlook.de>
Gesendet: Sonntag, 30. April 2017 13:44:48
An: openssl-users@openssl.org
Betreff: C++ How to parse Subject Directory Attributes Extension?


Hi there,


can anyone tell me how to parse a the Subject Directory Attribute Extension of 
a X509-Certificate in C++ with OpenSSL? I don't found any documentation or 
piece of code in the Github Repo of OpenSSL.


I read the Extension this way:

int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1);
X509_EXTENSION *ex = X509_get_ext(cert, loc);

But i stuck on how to continue and get the TypeValue-Stuff.
Would be very helpful if someone can help me.

thanks and best regards
Matthias

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] QcStatements with OpenSSL (C++)?

2017-05-05 Thread Matthias Ballreich 
thanks :)

But can you explain how i got the concrete data like QCStatement? Because there 
is no defined structure in OpenSSL like for example CRLDistributionPoints. So 
which structure and functions i have to use, to get the matching data?

QCStatement ::= SEQUENCE {

  statementId   QC-STATEMENT.({SupportedStatements}),
  statementInfo QC-STATEMENT.
  ({SupportedStatements}{@statementId}) OPTIONAL }

thanks again!


Von: openssl-users <openssl-users-boun...@openssl.org> im Auftrag von lists 
<li...@rustichelli.net>
Gesendet: Mittwoch, 26. April 2017 17:06:58
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] QcStatements with OpenSSL (C++)?

On 04/17/2017 06:40 PM, Matthias Ballreich wrote:

Hi there,

can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these?
Any Piece of example Code of how can i parse the data?


To my knowledge, there is direct support for the qcStatements, you must parse 
it yourself.
I asked for some help on the list more or less a month ago, I was trying to 
develop the required structures but apparently I got lost in the OpenSSL macro 
jungle, finally I had to quit working on it.
What you can do is search for specific statements of interest to you (there are 
quite a bit) by parsing the attribute.
Get the attribute NID of the object in the extension and see if it matches the 
NID of qcStatements:

oneObj = X509_EXTENSION_get_object(oneExt);
objnid = OBJ_obj2nid(theObj);
if (objnid == NID_qcStatements)
  { printf("DEBUG:ext:GOTCHA!:this is qcStatements!\n"); }

you then extract the data from the object and parse it.
For the moment I have this ugly quick way of doing it, for instance for a 
simple one:

#define UC_id_etsi_qcs_QcCompliance "0.4.0.1862.1.1"

  if (strstr(extdump, UC_id_etsi_qcs_QcCompliance) == NULL)
{ printf("INFO:QcCompliance:no:\n"); }
  else
{ printf("INFO:QcCompliance:yes:\n"); }



Thanks
Matthias


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-04-30 Thread Matthias Ballreich 
Hi there,


can anyone tell me how to parse a the Subject Directory Attribute Extension of 
a X509-Certificate in C++ with OpenSSL? I don't found any documentation or 
piece of code in the Github Repo of OpenSSL.


I read the Extension this way:

int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1);
X509_EXTENSION *ex = X509_get_ext(cert, loc);

But i stuck on how to continue and get the TypeValue-Stuff.
Would be very helpful if someone can help me.

thanks and best regards
Matthias

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] QcStatements with OpenSSL (C++)?

2017-04-18 Thread Matthias Ballreich 

Hi there,

can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these?
Any Piece of example Code of how can i parse the data?

Thanks
Matthias
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Leading Zeros in ASN1_INTEGER?

2017-01-30 Thread Matthias Ballreich 
thanks for explanation.


But why did Windows Cert Manager and Firefox Cert Manager show 00BEED73EE as 
serial number instead of BEED73EE (which openssl shows)?



Von: openssl-users <openssl-users-boun...@openssl.org> im Auftrag von Viktor 
Dukhovni <openssl-us...@dukhovni.org>
Gesendet: Samstag, 28. Januar 2017 17:00:53
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] Leading Zeros in ASN1_INTEGER?


> On Jan 28, 2017, at 10:01 AM, Matthias Ballreich 
> <matthias.ballre...@outlook.de> wrote:
>
> is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER?
> I tried to read the Certificate Serial and the Certificate Serial in the
> AuthorityKeyID-Extension with C++, which works very well, but i noticed
> that OpenSSL removes the leading Zeros on it.
>
> The real ASN1-Value is: 00BEED73EE for example, but i got only BEED73EE.
> If i view the Certificate inside Microsoft Cert Tool (Certmgr.exe) the
> leading Zeros are listed there. Same on Firefox, if i Import and view
> the Certificate there. So is this the correct way of handling inside
> OpenSSL or is it a bug or?

Integers don't have leading zeros.  Octet strings representing integers
(in non-DER form) might have leading zeros, but you should not confuse
the data type with its representation.  OpenSSL outputs the correct DER
form of the serial *number* in certificates.

Leading zeros are needed in the DER representation of positive integers
whose most significant nibble is in the range from 8 to F.  Otherwise
the leading bit would cause the integer to be interpreted as negative.

--
Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Leading Zeros in ASN1_INTEGER?

2017-01-28 Thread Matthias Ballreich 
Hi there,

is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER?
I tried to read the Certificate Serial and the Certificate Serial in the 
AuthorityKeyID-Extension with C++, which works very well, but i noticed that 
OpenSSL removes the leading Zeros on it.
The real ASN1-Value is: 00BEED73EE for example, but i got only BEED73EE.
If i view the Certificate inside Microsoft Cert Tool (Certmgr.exe) the leading 
Zeros are listed there. Same on Firefox, if i Import and view the Certificate 
there.
So is this the correct way of handling inside OpenSSL or is it a bug or?

Is there a way to prevent that?

I’m using  OpenSSL 1.0.2j.

Hope someone could explain it a little bit.
Thanks!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Access Mozilla NSS (shared) Database / PKCS#11 Modules via OpenSSL?

2016-11-08 Thread Matthias Ballreich 
Hi there,



how can i access the Mozilla NSS (shared) Database (cert8 or cert9d.db) / 
PKCS#11-Modules via OpenSSL?

I need read & write access to the NSS User Cert Database (softokn3) and to the 
Built-In Cert Database (nssckbi) under Windows.



I tried it with Libp11 this way:



int rc = 0;
PKCS11_CTX *pkcs11_ctx;
pkcs11_ctx = PKCS11_CTX_new();
PKCS11_CTX_init_args(pkcs11_ctx,
 
"configdir=''C:/Users/Username/AppData/Roaming/Mozilla/Firefox/Profiles/5wzkdcjx.default'
 certPrefix='' keyPrefix='' secmod='secmod.db'");
rc = PKCS11_CTX_load(pkcs11_ctx, " C:/Program Files 
(x86)/Mozilla/Firefox/softokn3.dll ");
printf("Desc: %s\n", pkcs11_ctx->description);
if (rc)
printf("Error loading Module");

But it return every time "-1" which tells me that the loading fails. So is this 
the right way? Or should I use another library? Or is my code not right?

And can I edit the Trust Settings with that or another library like with NSS 
directly? Because I can't delete the built-in certs of nssckbi because this is 
read-only I can edit the Trust-Settings for that certificate. Can I do that 
with OpenSSL in combination with a library, too? Or should I better use NSS 
instead of OpenSSL?



Thanks.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users