Last Comment Bug 161326 - need API to convert dotted OID format to/from octet representation
: need API to convert dotted OID format to/from octet representation
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.4
: All All
P1 enhancement (vote)
: 3.12
Assigned To: Nelson Bolyard (seldom reads bugmail)
Depends on:
Blocks: 210584 324744
  Show dependency treegraph
Reported: 2002-08-06 11:36 PDT by Terry Hayes
Modified: 2007-07-24 21:58 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

add new function, v1 (6.88 KB, patch)
2007-06-17 22:09 PDT, Nelson Bolyard (seldom reads bugmail)
no flags Details | Diff | Splinter Review
patch v2 (7.72 KB, patch)
2007-06-18 11:13 PDT, Nelson Bolyard (seldom reads bugmail)
neil.williams: review+
Details | Diff | Splinter Review

Description User image Terry Hayes 2002-08-06 11:36:48 PDT
OID values are frequently used in two different formats:
  1) a "dotted" representation such as 2.16.840.1.113730.1.1; which can also
     be represented as a sequence of integer values (int[])
  2) a sequence of octets that is the form used in DER/BER/PER encodings of OIDs

NSS should provide APIs to convert between these two formats.  One set of APIs 
should convert between an integer array (int[]) and the octet sequence.  
Another might be provided to convert "dotted" string values to/from the 
corresponding integer array.

These APIs would be useful for developers who have the "dotted" format from 
standards specifications and need to convert into octet sequences (as SECItems) 
to call APIs for certificate processing (and other APIs).  They would also be 
useful for converting unknown OID values into displayable strings.
Comment 1 User image Nelson Bolyard (seldom reads bugmail) 2003-05-07 22:20:25 PDT
If I'm not mistaken, OIDs are usually displayed as decimal integers 
separated by spaces, not dots.  No?
But I agree that this would be useful for applications that want to display
OIDs in decimal form.
Comment 2 User image Nelson Bolyard (seldom reads bugmail) 2004-01-20 19:01:50 PST
NSS now has CERT_GetOidString(), which returns a string containing the 
OID form that is decimal integers separated by dots.  pp and certutil use it.

There is not yes a function to go in the other direction.

Terry, Does CERT_GetOidString satisfy this RFE ?
Comment 3 User image Nelson Bolyard (seldom reads bugmail) 2007-06-17 22:03:38 PDT
Taking for NSS 3.12.

For a veriety of reasons, including 
- Need to accept all valid ASCII string DNs (bug 210584), and
- need to accept OID strings for certutil to encode poilcy OIDs in certs,
NSS needs a new function to take an OID string in the usual ASCII dotted
decimal form, and return a binary-encoded OID.

I have written a function to do that.  It returns a "raw" binary DER, 
without the DER tag and length octets that would go with it if it was in a
cert (or other DER encoded sequence).  If we also need a function to return
the fully DER-encoded form, that will be easy to do.
Comment 4 User image Nelson Bolyard (seldom reads bugmail) 2007-06-17 22:09:08 PDT
Created attachment 268748 [details] [diff] [review]
add new function, v1

Reviewers should evaluate:
- the new function name & arguments
- the new source file name
- whether the output should be a full DER encoding, with tag and length octets
  or merely the contents octets (as it does in this patch).
- Anything else about this function that seems worthy of review
Comment 5 User image Nelson Bolyard (seldom reads bugmail) 2007-06-17 22:11:50 PDT
P1, as this bug blocks another P1 bug
Comment 6 User image Nelson Bolyard (seldom reads bugmail) 2007-06-18 11:13:35 PDT
Created attachment 268819 [details] [diff] [review]
patch v2

Second patch, this one is better tested.
Comment 7 User image Neil Williams 2007-06-20 19:46:12 PDT
Nelson, what happens when to->data != NULL && to->len < result_bytes? It looks like whatever was in to->data would get leaked if it's not dup'ed somewhere else.

    if (to->data && to->len >= result_bytes) {
    } else {
	rv = SECITEM_CopyItem(pool, to, &result_item);
Comment 8 User image Nelson Bolyard (seldom reads bugmail) 2007-06-21 12:03:21 PDT
to->data might be allocated from an arenapool, or might be an automatic
buffer (automatic array of char), in which cases no leak occurs.  
The anticipated use is with automatic arrays.  This saves the overhead
of an allocation in the common case where the automatic array is large
enough to receive the OID, but still works without buffer overflow in 
the case where the automatic array is not big enough.  
Comment 9 User image Neil Williams 2007-06-21 15:21:02 PDT
Comment on attachment 268819 [details] [diff] [review]
patch v2

r+, but I'd like a note along the lines of comment #8 in the function doc.
Comment 10 User image Nelson Bolyard (seldom reads bugmail) 2007-07-11 16:30:11 PDT
Implement SEC_StringToOID(), which converts ASCII dotted decimal OID
strings to their DER encoded binary form.  Bug 161326. r=Neil

Checking in lib/nss/nss.def;      new revision: 1.176; previous revision: 1.175
Checking in lib/util/; new revision: 1.13; previous revision: 1.12
Checking in lib/util/secoid.h;    new revision: 1.7; previous revision: 1.6
Checking in lib/util/oidstring.c; initial revision: 1.1

Note You need to log in before you can comment on or make changes to this bug.