RE: MS ASN.1 <-> OpenSSL ASN.1

[Alexey S. Poe]

Clear. Thanks.

PS yes, the first dump was made by dumpasn1 (P. Gutmann)

Alexey
-------
Moscow Institute of Physics and Technology
www.mipt.ru

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Friday, September 05, 2003 3:51 PM
To: [EMAIL PROTECTED]
Subject: Re: MS ASN.1 <-> OpenSSL ASN.1

On Thu, Sep 04, 2003, Alexey S. Poe wrote:

> 
> What is the difference between the result of working MS ASN.1 routines
> (such as CryptEncodeObject/CryptDecodeObject) and Open SSL (such as
> ASN1_seq_pack)?
> 

The formats should be equivalent for equivalent objects.

> Example:
> 
> Two dumps (cert subject's GOST R34.10-94 public key)
> 
> 1. using M$ CryptDecodeObject
> 
>     SEQUENCE {
>       SEQUENCE {
>         OBJECT IDENTIFIER '1 2 643 2 6 1 3 2 1 1'
>         NULL
>         }
>       BIT STRING 0 unused bits
>         20 E2 18 54 31 26 9C 8F 95 8B 8A 2C CD 81 04 E9
>         79 F7 A7 E9 41 5A 44 64 8A CD 4F CF 01 D4 C2 A4
>         20 E2 3B 65 38 2A 9A 7C DE CF FA C0 D0 99 78 4E
>         FC BF EB 9C 77 89 09 78 47 27 57 FD A9 AB DC 58
>         40 CD F4 67 B1 A6 F1 61 18 97 1C 20 E5 73 C3 0E
>         38 E9 45 97 3D 28 57 EA 29 C4 AB 28 E3 29 FD B6
>         CB 15 02 A9 DF C1 A7 CB D8 AA D3 C2 B9 6B DF D4
>         04 B9 8D 93 2B A6 3C C9 90 D5 C1 4C 80 8D 79 C2
>       }
> 
> 2. using openssl -> asn1parse
> 
>   127:d=2  hl=3 l= 148 cons:   SEQUENCE          
>   130:d=3  hl=2 l=  14 cons:    SEQUENCE          
>   132:d=4  hl=2 l=  10 prim:     OBJECT
> :1.2.643.2.6.1.3.2.1.1
>   144:d=4  hl=2 l=   0 prim:     NULL              
>   146:d=3  hl=3 l= 129 prim:    BIT STRING        
>       0000 - 00 20 e2 18 54 31 26 9c-8f 95 8b 8a 2c cd 81 04
>       0010 - e9 79 f7 a7 e9 41 5a 44-64 8a cd 4f cf 01 d4 c2
>       0020 - a4 20 e2 3b 65 38 2a 9a-7c de cf fa c0 d0 99 78
>       0030 - 4e fc bf eb 9c 77 89 09-78 47 27 57 fd a9 ab dc   
>       0040 - 58 40 cd f4 67 b1 a6 f1-61 18 97 1c 20 e5 73 c3
>       0050 - 0e 38 e9 45 97 3d 28 57-ea 29 c4 ab 28 e3 29 fd 
>       0060 - b6 cb 15 02 a9 df c1 a7-cb d8 aa d3 c2 b9 6b df  
>       0070 - d4 04 b9 8d 93 2b a6 3c-c9 90 d5 c1 4c 80 8d 79  
>       0080 - c2                                                
> 
> 
> The difference is in the leading zero-byte. 
> 
> What is it for?
> 

Actually it isn't a difference its just a difference in presentation.
OpenSSLs
asn1parse (arguably misleadingly) includes the leading byte in the
output
verbatim whereas dumpasn1 (which the top output looks like to me)
interprets it.

The first byte (or "octet" in ASN1 parlance) is the number of unused
bits and
as you can see its zero in both cases.

Steve.
--
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]