On 04/11/2021 17:39, Max Larsson wrote:
But now I’m wondering how I can “cascade” using this method to influence
the encoding
to avoid the writing of the additional bytes after the OID gest encoded
and before
the innerToken is encoded:
*….. *0x05 0x05 0x02 *0x04 0x76* 0xa0 0x74….(here are a lot of bytes
omitted)
I think this is an entirely different problem.
0x04 corresponds to the universal tag for an OCTET STRING, and 0x76 is
the length of that OCTET STRING.
I assume what you want to see is 0xa0, which means a context specific
constructed type with tag 0, followed by data of length 0x74.
So, basically, it looks to me like your initial definition of the
GSSAPI_CONTEXTTOKEN object is wrong:
typedef struct ContextToken_st {
ASN1_OBJECT *mech;
ASN1_OCTET_STRING *innerContextToken;
} GSSAPI_CONTEXTTOKEN;
Since this clearly shows that the thing after the OID is an OCTET
STRING. So you really need to understand what the actual type is for
innerContextToken in order to correctly encode/decode it.
Matt
Best regards
Max
*From: *openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of
Matt Caswell <matt@xxxxxxxxxxx>
*Date: *Thursday, 4. November 2021 at 17:14
*To: *openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx>
*Subject: *Re: ASN1 <-> DER encoding with application tag
On 04/11/2021 13:58, Max Larsson wrote:
> i2d_GSSAPI_CONTEXTTOKEN( negToken,&p );
>
You can tell i2d to encode using "application" tagging like this:
ASN1_item_ex_i2d((const ASN1_VALUE **)&negToken, &p,
ASN1_ITEM_rptr(GSSAPI_CONTEXTTOKEN), 0,
ASN1_TFLG_APPLICATION);
Matt
> for( intlen = 0;len < bufferSize;len++ ) {
>
> if( ( len % 8) == 0)
>
> printf( " ");
>
> if( ( len % 16) == 0)
>
> printf( "\n\t\t");
>
> printf( " 0x%02x",(short)buffer[ len ] );
>
> }
>
> printf( "\n");
>
> . . .
>
> The code above output the following DER encoded structure (the
> difference marled in bold):
>
> *0**x**3**0**0**x**81 0x80*0x060x060x2b0x060x010x050x050x02*0x04
> 0x76*0xa00x74
>
> The google result, which I found seems to point into the direction to
> use application tags to encode.
>
> But I haven’t found any example or how to how to achieve this with
> openssl, can anyone give me sone hints?
>
> Best regards
>
> Max Larsson
>
> Mit freundlichen Grüßen
> Best regards
>
> Dipl.-Inform. Max Larsson
> Geschäftsleitung
>
> ------------------------------------------------------------------------
>
> phone: +49(0)6151/62908-75
> fax:
> email: max.larsson@xxxxxxxxxxxxxxxx
<mailto:max.larsson@xxxxxxxxxxxxxxxx <mailto:max.larsson@xxxxxxxxxxxxxxxx>>
> web: http://facilityboss.biz <http://facilityboss.biz>
<http://facilityboss.biz <http://facilityboss.biz>>
>
>
>
> *facilityboss <http://facilityboss.biz <http://facilityboss.biz>>*
> Bad Nauheimer Str. 4
> 64289 Darmstadt
> Germany
>
> Sitz der Gesellschaft: Darmstadt
> Registergericht: Amtsgericht Darmstadt, HRB 86193
> Geschäftsführer: Dipl.-Inform Max Lars Robert Larsson
>
> ------------------------------------------------------------------------
>
> Diese E-Mail enthält unter Umständen vertrauliche und/oder rechtlich
> geschützte Informationen, die allein für den Adressaten bestimmt sind.
> Wenn Sie nicht der zutreffende Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, ist jede Verwendung, Verbreitung, Kopie oder
> Bezugnahme auf den Inhalt dieser E-Mail verboten. Bitte informieren Sie
> uns über einen eventuellen Irrtum per Telefon, per Telefax oder E-Mail.
>
> This e-mail may contain confidential and/or privileged information. If
> you are not the intended recipient, any disclosure, copying,
> distribution or reference on the contents of this e-mail is strictly
> prohibited. If you have received this e-mail in error please notify us
> by e-mail, facsimile or phone call.
>