Re: Is there a way to make asn1parse print out GENERALSTRING values?

Wed, 20 Oct 2010 14:50:09 -0700 

Thanks for the patch, Ger!

I just saw that Dr. Stephen Henson was recently planning to fix this in OpenSSL:
http://thread.gmane.org/gmane.comp.encryption.openssl.user/39349/focus=39398

Interesting, maybe he could make use of your patch?

Cross posting to openssl-dev then.


-- 
Best Regards,
  Aleksander Adamowski
  http://olo.org.pl

On Wed, Oct 20, 2010 at 14:22, Ger Hobbelt <g...@hobbelt.com> wrote:
> Had a similar issue last year. vanilla OpenSSL doesn't do this, alas.
>
> I did a brutal backport of my own work to CVS HEAD (bleeding edge) OpenSSL
> -- I have a tweaked version of OpenSSL over here, which is fully
> size_t-ified and other odds and ends, hence the need for 'backpatching' for
> me -- and you can download the patch file here (compressed with 7zip:
> www.7zip.org):
>
> http://hebbut.net/asn1stringdumping.7z
>
> If you're behind a a**l corporate firewall and don't have 7zip:
>
> http://hebbut.net/asn1stringdumping.patch
>
> Patch has been tested against CVS HEAD on Ubuntu 10.04/AMD64.
> To see what it does:
>
> -----------
> g...@michelle:/tmp/o$ apps/openssl asn1parse --help
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
> unknown option --help
> asn1parse [options] <infile
> where options are
>  -inform arg   input format - one of D[ER], T[EXT], P[EM], PV[K],
> N[ETSCAPE], S[MIME], M[SBLOB], 1/P12/PKCS12, E[NGINE]
>  -in arg       input file
>  -out arg      output file (output format is always DER
>  -noout arg    don't produce any output
>  -offset arg   offset into file
>  -length arg   length of section in file
>  -i            indent entries
>  -dump         dump unknown data in hex form
>  -dlimit arg   dump the first arg bytes of unknown data in hex form
>  -oid file     file of extra oid definitions
>  -strparse offset
>                a series of these can be used to 'dig' into multiple
>                ASN.1 blob wrappings
>  -genstr str   string to generate ASN1 structure from
>  -genconf file file to generate ASN1 structure from
>  -noshow options
>                dump ASN.1 without these. Accepts a comma separated list of:
>                  offset,depth,hl,length,info
> -----------------
> note the added -noshow option as I have used asn1parse do dump/test all
> sorts of ASN.1 data streams, not just OpenSSL ones.
>
> A bit of sample output (GENERALSTRING will be 'hexdumped' because
> GENERALSTRING data may be arbitrary binary, so it rides on what I did for
> other ASN.1 bits too: extend the general BIO_dump 'hexdumping' facility to
> include ASCII text printing and offsets, so one can see what's in there in
> an easy way.
>
> Also note that timestamps should now be printed in a more legible fashion
> than with 'vanilla' asn1parse.
> -----------------
> apps/openssl asn1parse -dump -inform PEM -i < ./apps/cert.pem
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
>     0:d=0  hl=4 l= 416 cons: SEQUENCE
>     4:d=1  hl=4 l= 330 cons:  SEQUENCE
>     8:d=2  hl=2 l=   1 prim:   INTEGER           :00
>    11:d=2  hl=2 l=  13 cons:   SEQUENCE
>    13:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
>    24:d=3  hl=2 l=   0 prim:    NULL
>    26:d=2  hl=2 l=  99 cons:   SEQUENCE
>    28:d=3  hl=2 l=  11 cons:    SET
>    30:d=4  hl=2 l=   9 cons:     SEQUENCE
>    32:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
>    37:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
>    41:d=3  hl=2 l=  19 cons:    SET
>    43:d=4  hl=2 l=  17 cons:     SEQUENCE
>    45:d=5  hl=2 l=   3 prim:      OBJECT            :stateOrProvinceName
>    50:d=5  hl=2 l=  10 prim:      PRINTABLESTRING   :Queensland
>    62:d=3  hl=2 l=  26 cons:    SET
>    64:d=4  hl=2 l=  24 cons:     SEQUENCE
>    66:d=5  hl=2 l=   3 prim:      OBJECT            :organizationName
>    71:d=5  hl=2 l=  17 prim:      PRINTABLESTRING   :CryptSoft Pty Ltd
>    90:d=3  hl=2 l=  35 cons:    SET
>    92:d=4  hl=2 l=  33 cons:     SEQUENCE
>    94:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
>    99:d=5  hl=2 l=  26 prim:      PRINTABLESTRING   :Server test cert (512
> bit)
>   127:d=2  hl=2 l=  30 cons:   SEQUENCE
>   129:d=3  hl=2 l=  13 prim:    UTCTIME           :970909034126Z (Sep  9
> 03:41:26 1997 GMT)
>   144:d=3  hl=2 l=  13 prim:    UTCTIME           :971009034126Z (Oct  9
> 03:41:26 1997 GMT)
>   159:d=2  hl=2 l=  94 cons:   SEQUENCE
>   161:d=3  hl=2 l=  11 cons:    SET
>   163:d=4  hl=2 l=   9 cons:     SEQUENCE
>   165:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
>   170:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
>   174:d=3  hl=2 l=  19 cons:    SET
>   176:d=4  hl=2 l=  17 cons:     SEQUENCE
>   178:d=5  hl=2 l=   3 prim:      OBJECT            :stateOrProvinceName
>   183:d=5  hl=2 l=  10 prim:      PRINTABLESTRING   :Some-State
>   195:d=3  hl=2 l=  33 cons:    SET
>   197:d=4  hl=2 l=  31 cons:     SEQUENCE
>   199:d=5  hl=2 l=   3 prim:      OBJECT            :organizationName
>   204:d=5  hl=2 l=  24 prim:      PRINTABLESTRING   :Internet Widgits Pty
> Ltd
>   230:d=3  hl=2 l=  23 cons:    SET
>   232:d=4  hl=2 l=  21 cons:     SEQUENCE
>   234:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
>   239:d=5  hl=2 l=  14 prim:      PRINTABLESTRING   :Eric the Young
>   255:d=2  hl=2 l=  81 cons:   SEQUENCE
>   257:d=3  hl=2 l=   9 cons:    SEQUENCE
>   259:d=4  hl=2 l=   5 prim:     OBJECT            :dsaEncryption-old
>   266:d=4  hl=2 l=   0 prim:     NULL
>   268:d=3  hl=2 l=  68 prim:    BIT STRING
>       0000 - 00 02 41 00 b5 44 a8 f3-83 9e 92 38 ad 28 65   ..A..D.....8.(e
>       000f - 63-c4 bb b4 1e f5 dc 93 6f-69 bb e7 e8 69 de   c.......oi...i.
>       001e - 77 bc-f2 97 02 cb 89 74 00 a3-f3 c0 4f a9 9f   w......t....O..
>       002d - 75 63 d3-c8 25 fd 46 52 1d fc 0a-e8 87 5a 2e   uc..%.FR.....Z.
>       003c - f3 dd c1 03-7d 90 b2 08                        ....}...
>   338:d=1  hl=2 l=  13 cons:  SEQUENCE
>   340:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
> -----------------
>
>
>
> On Wed, Oct 20, 2010 at 8:30 AM, Aleksander Adamowski <open...@olo.org.pl>
> wrote:
>>
>> Hi!
>>
>> Is there a way to make asn1parse print out GENERALSTRING values? I'm
>> dissecting the Kerberos v5 protocol and it's a large nuisance to mess
>> with offsets and dumping strings manually.
>>
>> There doesn't seem to be any related option documented in asn1parse
>> manual, nor in asn1parse source
>> (http://cvs.openssl.org/fileview?f=openssl/apps/asn1pars.c&v=1.16.2.7).
>>
>> I saw that one guy made a patch to do this back in 2007
>> (http://thread.gmane.org/gmane.comp.encryption.openssl.devel/10672);
>> can it be true that since then nothing has happened in this regard?
>> It would seem to me that such functionality gap is severely limiting
>> asn1parse usefullness for lots of people.
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-us...@openssl.org
>> Automated List Manager                           majord...@openssl.org
>
>
>
> --
> Met vriendelijke groeten / Best regards,
>
> Ger Hobbelt
>
> --------------------------------------------------
> web:    http://www.hobbelt.com/
>         http://www.hebbut.net/
> mail:   g...@hobbelt.com
> mobile: +31-6-11 120 978
> --------------------------------------------------
>
>
:��I"Ϯ��r�m����
(����Z+�K�+����1���x��h����[�z�(����Z+���f�y�������f���h��)z{,���

Reply via email to