OpenBSD manual page server

Manual Page Search Parameters

ASN1_GET_OBJECT(3) Library Functions Manual ASN1_GET_OBJECT(3)

ASN1_get_objectparse identifier and length octets

#include <openssl/asn1.h>

int
ASN1_get_object(const unsigned char **ber_in, long *plength, int *ptag, int *pclass, long omax);

() parses the identifier and length octets of a BER-encoded value. On function entry, *ber_in is expected to point to the first identifier octet. If the identifier and length octets turn out to be valid, the function advances *ber_in to the first content octet before returning.

If the identifier octets are valid, () stores the tag number in *ptag and the class of the tag in *pclass. The class is either V_ASN1_UNIVERSAL or V_ASN1_APPLICATION or V_ASN1_CONTEXT_SPECIFIC or V_ASN1_PRIVATE.

If the length octets are valid, too, () stores the number encoded in the length octets in *plength. If the length octet indicates the indefinite form, *plength is set to 0.

() inspects at most omax bytes. If parsing of the length octets remains incomplete after inspecting that number of bytes, parsing fails with ASN1_R_HEADER_TOO_LONG.

Bits set in the return value of ASN1_get_object() have the following meanings:

0x80
An error occurred. One of the ERRORS described below has been set.
0x20 = V_ASN1_CONSTRUCTED
The encoding is constructed rather than primitive, and the identifier and length octets are valid.
0x01
The length octet indicates the indefinite form. This bit can only occur if V_ASN1_CONSTRUCTED is also set.

Consequently, the following combinations can occur:

0x00
A valid primitive encoding.
0x20
A valid constructed encoding, definite form.
0x21
A valid constructed encoding, indefinite form.
0x80
Either a primitive encoding with a valid tag and definite length, but the content octets won't fit into omax, or parsing failed. Use ERR_GET_REASON(3) to distinguish the two cases.
0xa0
A constructed encoding with a valid tag and definite length, but the content octets won't fit into omax.

The bit combinations 0x01, 0x81, and 0xa1 cannot occur as return values.

If the bit 0x80 is set in the return value, diagnostics can be retrieved with ERR_get_error(3), ERR_GET_REASON(3), and ERR_reason_error_string(3):

"header too long"
Inspecting omax bytes was insufficient to finish parsing, the tag number encoded in the identifier octets exceeds INT_MAX, the number encoded in the length octets exceeds LONG_MAX, or using the indefinite form for the length octets is attempted even though the encoding is primitive.

In this case, the return value is exactly 0x80; no other bits are set.

If the problem occurred while parsing the identifier octets, *ptag and *pclass remain unchanged. If the problem occurred while parsing the length octets, *ptag and *pclass are set according to the identifier octets. In both cases, *ber_in and *plength remain unchanged.

The wording of the error message is confusing. On the one hand, the header might be just fine, and the root cause of the problem could be that the chosen omax argument was too small. On the other hand, outright BER syntax errors are also reported as ASN1_R_HEADER_TOO_LONG.

"too long"
The identifier and length octets are valid, but the content octets won't fit into omax. The following have been set as appropriate and can safely be inspected: *pclass, *ptag, *plength, and the bits V_ASN1_CONSTRUCTED and 0x01 in the return value. The parse pointer *ber_in has been advanced to the first content octet.

Again, the error message may occasionally sound confusing. The length of the content may be reasonable, and the root cause of the problem could be that the chosen omax argument was too small.

ASN1_item_d2i(3), ASN1_item_new(3), ASN1_parse_dump(3)

ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER):

ASN1_get_object() first appeared in SSLeay 0.5.1 and has been available since OpenBSD 2.4.

July 11, 2021 OpenBSD-7.5