parse identifier and length
ASN1_get_object(const unsigned char
**ber_in, long *plength, int
*ptag, int *pclass, long
parses the identifier and length octets of a BER-encoded value. On function
entry, *ber_in is expected to point to the first
identifier octet. If the identifier and length octets turn out to be valid,
the function advances *ber_in to the first content
octet before returning.
If the identifier octets are valid,
stores the tag number in *ptag and the class of the
tag in *pclass. The class is either
If the length octets are valid, too,
stores the number encoded in the length octets in
*plength. If the length octet indicates the indefinite
form, *plength is set to 0.
inspects at most omax bytes. If parsing of the length
octets remains incomplete after inspecting that number of bytes, parsing
Bits set in the return value of
ASN1_get_object() have the following meanings:
- An error occurred. One of the ERRORS described below has been set.
- 0x20 =
- The encoding is constructed rather than primitive, and the identifier and length octets are valid.
- The length octet indicates the indefinite form. This bit can only occur if
V_ASN1_CONSTRUCTEDis also set.
Consequently, the following combinations can occur:
- A valid primitive encoding.
- A valid constructed encoding, definite form.
- A valid constructed encoding, indefinite form.
- Either a primitive encoding with a valid tag and definite length, but the content octets won't fit into omax, or parsing failed. Use ERR_GET_REASON(3) to distinguish the two cases.
- A constructed encoding with a valid tag and definite length, but the content octets won't fit into omax.
The bit combinations 0x01, 0x81, and 0xa1 cannot occur as return values.
If the bit 0x80 is set in the return value, diagnostics can be retrieved with ERR_get_error(3), ERR_GET_REASON(3), and ERR_reason_error_string(3):
ASN1_R_HEADER_TOO_LONG"header too long"
- Inspecting omax bytes was insufficient to finish
parsing, the tag number encoded in the identifier octets exceeds
INT_MAX, the number encoded in the length octets exceeds
LONG_MAX, or using the indefinite form for the length octets is attempted even though the encoding is primitive.
In this case, the return value is exactly 0x80; no other bits are set.
If the problem occurred while parsing the identifier octets, *ptag and *pclass remain unchanged. If the problem occurred while parsing the length octets, *ptag and *pclass are set according to the identifier octets. In both cases, *ber_in and *plength remain unchanged.
The wording of the error message is confusing. On the one hand, the header might be just fine, and the root cause of the problem could be that the chosen omax argument was too small. On the other hand, outright BER syntax errors are also reported as
- The identifier and length octets are valid, but the content octets won't
fit into omax. The following have been set as
appropriate and can safely be inspected: *pclass, *ptag, *plength, and the
V_ASN1_CONSTRUCTEDand 0x01 in the return value. The parse pointer *ber_in has been advanced to the first content octet.
Again, the error message may occasionally sound confusing. The length of the content may be reasonable, and the root cause of the problem could be that the chosen omax argument was too small.
ASN1_item_d2i(3), ASN1_item_new(3), ASN1_parse_dump(3)
ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER):
- Section 8.1.2: Identifier octets
- Section 8.1.3: Length octets
ASN1_get_object() first appeared in SSLeay
0.5.1 and has been available since OpenBSD 2.4.