X509_CINF_dup fails with "invalid object encoding" error

vvprasad.chalumuri@xxxxxxxxx (VVPrasad Chalumuri) · Mon, 5 Jan 2015 17:25:42 +0530

Hi,

I was trying to duplicate the X509_CINF structure variable using
ASN1_item_dup with OpenSSL 1.0.1i code. But, it fails with the following
error. The same code works fine, if I run it against OpenSSL 0.9.8zb.

*error code; 218906840 in a_object.c line 303.Error message:
error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object
encodingerror code; 218640442 in tasn_dec.c line 751.error data:
Field=algorithm, Type=X509_ALGORError message: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 errorerror code; 218640442 in
tasn_dec.c line 751.error data: Field=signature, Type=X509_CINFError
message: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error*

Can some one please point out, if I'm missing something?

I really appreciate any help extended.
Copying the code snippet below with this mail.
--VVPrasad

============================================================

*IMPLEMENT_ASN1_DUP_FUNCTION(X509_CINF)*

*int test_X509_CINF_dup() *
*{*
*    char *serial = "1230ABCD";*
*    ASN1_INTEGER *asn1int = NULL;*
*    X509_NAME *name = NULL;*
*    X509_CINF *x509cinf;*

*    X509 *x509 = NULL;*
*    X509_CINF *cinf = NULL;*

*    int days = 365;*
*    struct timeval now;*

*    ASN1_TIME *nb;*
*    ASN1_TIME *na;*
*    struct timeval nbs;*
*    time_t tsec;*
*    time_t secs;*
*    long millis;*

*    int flags, line;*
*    const char *data, *file;*
*    unsigned long code;*
*    char *errstr;*

*    x509cinf = X509_CINF_new();*

*    /* allocate memory for X509_CINF */*
*    if (!(x509cinf->version = ASN1_INTEGER_new())) {*
* fprintf(stderr, "ERROR(%d): Allocating memory for X509_CINF\n",__LINE__);*
* goto err;*
*    }*

*    /* set the version */*
*    if (!ASN1_INTEGER_set(x509cinf->version, CERT_V3)) {*
* fprintf(stderr, "ERROR(%d): Setting version for X509_CINF\n",__LINE__);*
* goto err;*
*    }*

*    /* set the serial number */*
* {*
* /* convert the serial number into an ASN1_INTEGER */*
* if (char_array_2_asn1_integer(&asn1int, serial) < 0) {*
* fprintf(stderr, "ERROR(%d): char_array_2_asn1_integer\n",__LINE__);*
* goto err;*
* }*

* if (x509cinf->serialNumber)*
* M_ASN1_INTEGER_free(x509cinf->serialNumber);*

* x509cinf->serialNumber = asn1int;*
* }*

*    /* set subject name */*
* {*
* if (create_subject_name(&name) < 0) {*
* fprintf(stderr, "ERROR(%d): Invalid subject name\n",__LINE__);*
* goto err;*
* }*
* /* set it, but free first if one already exists */*
* if (x509cinf->subject)*
* X509_NAME_free(x509cinf->subject);*
* x509cinf->subject = name; *
* }*

*    /* set validity */*
* {*
* timeval_clock(&now, NULL);*
* nb = x509cinf->validity->notBefore;*
* if (! ASN1_TIME_set(nb, now.tv_sec)) {*
* fprintf(stderr, "ERROR(%d): Setting notBefore\n",__LINE__);*
* goto err;*
* }*

* na = x509cinf->validity->notAfter;*
* if (! ASN1_TIME_set(na, now.tv_sec)) {*
* fprintf(stderr, "ERROR(%d): Setting notAfter\n",__LINE__);*
* goto err;*
* }*

* if (nb->type != V_ASN1_UTCTIME && nb->type != V_ASN1_GENERALIZEDTIME) {*
* if (! X509_gmtime_adj(nb,0)) {*
* fprintf(stderr, "ERROR(%d): Setting notBefore to today\n",__LINE__);*
* goto err;*
* }*
* }*

* /* convert time to timeval */*
* parsetimebuf((const char *)nb->data, nb->length, (nb->type ==
V_ASN1_UTCTIME)? 1 : 0, &secs, &millis);*
* nbs.tv_sec = (long)secs;*
* nbs.tv_usec = millis * TME_MICROS_PER_MILLI;*

* /* set notAfter to days after notBefore */*
* tsec = (time_t)nbs.tv_sec;*
* if (! X509_time_adj(na, (long)60*60*24*days, &tsec)) {*
* fprintf(stderr, "ERROR(%d): Calculating notAfter\n",__LINE__);*
* goto err;*
* }*
* }*

*    /* duplicate the cert info */*
*    if (! (cinf = X509_CINF_dup(x509cinf))) {*
* fprintf(stderr, "ERROR: Allocating memory for the certificate information
object\n");*

* code = ERR_get_error_line_data(&file, &line, &data, &flags);*
* while (code)*
* {*
* printf("error code; %lu in %s line %d.\n", code, file, line);*
* if (data && (flags & ERR_TXT_STRING))*
* printf("error data: %s\n", data);*
* errstr = ERR_error_string(code, NULL);*
* printf("Error message: %s\n", errstr);*
* code = ERR_get_error_line_data(&file, &line, &data, &flags);*
* }*

* goto err;*
*    }*
* /**
*  * ...............................*
*  */*

*    return 0;*

*err:*
*    X509_CINF_free(x509cinf);*
*    X509_CINF_free(cinf);*
*    X509_free(x509);*
*    return -1;*
*}*

*int char_array_2_asn1_integer(ASN1_INTEGER **num, const char* const
serial) *
*{*
*    BIGNUM *bn = NULL;*
*    ASN1_INTEGER *asn1int = NULL;*

*    /* create an asn1 integer, if not already exists */*
*    if (*num) {*
* asn1int = *num;*
*    } else if (!(asn1int = ASN1_INTEGER_new())) {*
* goto err;*
*    }*

*    if (BN_hex2bn(&bn, serial) <= 0)*
* goto err;*

*    if (! BN_to_ASN1_INTEGER(bn, asn1int))*
* goto err;*

*    BN_free(bn);*
*    *num = asn1int;*

*    return 0;*
*err:*
*    BN_free(bn);*
*    ASN1_INTEGER_free(asn1int);*

*    return -1;*
*}*

*int create_subject_name(X509_NAME** x509_name)*
*{*
*    X509_NAME *newname=NULL;*
*    X509_NAME_ENTRY *ne=NULL;*
*    ASN1_OBJECT *obj=NULL;*
*    int setnumber = -1;*
*    int loc=0;*
*    int i = 0;*
*    int num;*
*    int str_type;*

*    char* types[] = {"CN", "emailAddress", "OU", "O", "C", 0};*
*    unsigned char* values[] = {*
* (unsigned char*)"test", *
* (unsigned char*)"hello at com.au", *
* (unsigned char*)"test_ou", *
* (unsigned char*)"test_o", *
* (unsigned char*)"US", *
* 0 };*

*    /* create a new name */*
*    if (! (newname = X509_NAME_new())) {*
* fprintf(stderr, "ERROR(%d): allocating new X509 name\n",__LINE__);*
* goto err;*
*    }*

*    while (types[i] && values[i])*
*    {*
* /* convert type string to object identifier (ASN1_OBJECT) */*
* if (! (obj = OBJ_txt2obj(types[i], 0))) {*
* fprintf(stderr, "ERROR(%d): unknown ldapv3 DN type [%s]\n",__LINE__,
types[i]);*
* goto err;*
* }*

* /* create a new entry */*
* if (! (ne = X509_NAME_ENTRY_new())) {*
* fprintf(stderr, "ERROR(%d): allocating new X509 name
component\n",__LINE__);*
* goto err;*
* }*

* /* set the rdn type */*
* if (! X509_NAME_ENTRY_set_object(ne, obj)) {*
* fprintf(stderr, "ERROR(%d): setting ldapv3 DN type\n",__LINE__);*
* goto err;*
* }*

* /* determine the string type */*
* str_type = (OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) ?
V_ASN1_IA5STRING : V_ASN1_PRINTABLESTRING;*

* if (! X509_NAME_ENTRY_set_data(ne, str_type, values[i], strlen((const
char*)values[i]))) {*
* fprintf(stderr, "ERROR(%d): setting ldapv3 DN data\n",__LINE__);*
* goto err;*
* }*

* if (strcmp(types[i], "emailAddress")) { *
* loc++;*
* } else { *
* loc = 0;*
* setnumber++;*
* }*

* ne->set = setnumber;*

* /* add the name entry to the name we are building */*
* if (! sk_X509_NAME_ENTRY_insert(newname->entries, ne, loc)) {*
* fprintf(stderr, "ERROR(%d): adding ldapv3 DN component\n",__LINE__);*
* goto err;*
* }*

* i++;*
*    }*

*    /* reverse the set numbers */*
*    for (i = 0, num = sk_X509_NAME_ENTRY_num(newname->entries) ; i < num ;
++i) {*
* sk_X509_NAME_ENTRY_value(newname->entries, i)->set = setnumber -*
* sk_X509_NAME_ENTRY_value(newname->entries, i)->set;*
*    }*

*    /* success */*
*    *x509_name = newname;*

*    return 0;*

*err:*
*    if (newname) X509_NAME_free(newname);*
*    *x509_name = NULL;*
*    return -1;*
*}*

============================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20150105/8e27fcec/attachment-0001.html>