Re: decoding ASN1 OCTET STRING

Thu, 26 Jul 2007 09:37:17 -0700 

Please look at the code I released a few weeks ago that will show you
how to decode just such a thing. I sent it out on the openssl-users
mailing list.

Peace,
Chuck Wegrzyn


On 7/26/07, edkulus <[EMAIL PROTECTED]> wrote:

Hi All,

I have the following piece of code, that I use for reading the contents of 
X.509 extensions:

X509 *cert = NULL;
X509_EXTENSION *extension;
ASN1_OCTET_STRING *extdata;
char *extname;

for (i = 0; i < X509_get_ext_count(cert); i++)
{
   extension = X509_get_ext(cert, i);
   extdata = X509_EXTENSION_get_data(extension);
   extname = (char 
*)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
   ...
}

In the above example, the ASN1_OCTET_STRING *extdata is used for storing the extension 
data. The structure for extdata  is the same as for ASN1_STRING (OpenSSL uses the same 
structure for all ASN.1 strings I believe) so I can access the X.509 extension data 
through the extdata->data (knowing the data size from extdata->length and the type 
of the data from extdata->type).

In each parsed extension (generally), in extdata->data I get an encoded string of 
type (extdata->type) 4, which is V_ASN1_OCTET_STRING. For the purpose of string 
manipulation, comparison or print-out, this is really useless in its encoded form and 
needs to be further decoded to a human readable format string (for example) so that I 
can pass the string to another application or print it out properly.

I looked for BER decoding functions in OpenSSL but really I was able to find 
only the encoding ones. Even the OpenSSL asn1parse, when I run it, gives only a 
hexadecimal dump of the OCTET STRING content of each extension.

Is there a way in OpenSSL so that I can decode (unpack) the ASN1_OCTET_STRING 
string and present it in plain text?

Perhaps there are some other libraries, that you are aware of, that could be 
used for this purpose.

Thanks in advance for your help.

edkulus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to