Closed Bug 161326 Opened 18 years ago Closed 13 years ago

need API to convert dotted OID format to/from octet representation


(NSS :: Libraries, enhancement, P1)



(Not tracked)



(Reporter: thayes0993, Assigned: nelson)




(1 file, 1 obsolete file)

OID values are frequently used in two different formats:
  1) a "dotted" representation such as 2.16.840.1.113730.1.1; which can also
     be represented as a sequence of integer values (int[])
  2) a sequence of octets that is the form used in DER/BER/PER encodings of OIDs

NSS should provide APIs to convert between these two formats.  One set of APIs 
should convert between an integer array (int[]) and the octet sequence.  
Another might be provided to convert "dotted" string values to/from the 
corresponding integer array.

These APIs would be useful for developers who have the "dotted" format from 
standards specifications and need to convert into octet sequences (as SECItems) 
to call APIs for certificate processing (and other APIs).  They would also be 
useful for converting unknown OID values into displayable strings.
If I'm not mistaken, OIDs are usually displayed as decimal integers 
separated by spaces, not dots.  No?
But I agree that this would be useful for applications that want to display
OIDs in decimal form.
Priority: -- → P3
NSS now has CERT_GetOidString(), which returns a string containing the 
OID form that is decimal integers separated by dots.  pp and certutil use it.

There is not yes a function to go in the other direction.

Terry, Does CERT_GetOidString satisfy this RFE ?
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
OS: Windows NT → All
Taking for NSS 3.12.

For a veriety of reasons, including 
- Need to accept all valid ASCII string DNs (bug 210584), and
- need to accept OID strings for certutil to encode poilcy OIDs in certs,
NSS needs a new function to take an OID string in the usual ASCII dotted
decimal form, and return a binary-encoded OID.

I have written a function to do that.  It returns a "raw" binary DER, 
without the DER tag and length octets that would go with it if it was in a
cert (or other DER encoded sequence).  If we also need a function to return
the fully DER-encoded form, that will be easy to do.
Assignee: nobody → nelson
Priority: P3 → P2
Target Milestone: --- → 3.12
Version: unspecified → 3.4
Attached patch add new function, v1 (obsolete) — Splinter Review
Reviewers should evaluate:
- the new function name & arguments
- the new source file name
- whether the output should be a full DER encoding, with tag and length octets
  or merely the contents octets (as it does in this patch).
- Anything else about this function that seems worthy of review
Attachment #268748 - Flags: review?(neil.williams)
P1, as this bug blocks another P1 bug
Blocks: 210584, 324744
Priority: P2 → P1
Attached patch patch v2Splinter Review
Second patch, this one is better tested.
Attachment #268748 - Attachment is obsolete: true
Attachment #268819 - Flags: review?(neil.williams)
Attachment #268748 - Flags: review?(neil.williams)
Attachment #268819 - Attachment is patch: true
Attachment #268819 - Attachment mime type: application/octet-stream → text/plain
Summary: enh: need API to convert dotted OID format to/from octet representation → need API to convert dotted OID format to/from octet representation
Nelson, what happens when to->data != NULL && to->len < result_bytes? It looks like whatever was in to->data would get leaked if it's not dup'ed somewhere else.

    if (to->data && to->len >= result_bytes) {
    } else {
	rv = SECITEM_CopyItem(pool, to, &result_item);
Closed: 13 years ago
Resolution: --- → FIXED
Resolution: FIXED → ---
to->data might be allocated from an arenapool, or might be an automatic
buffer (automatic array of char), in which cases no leak occurs.  
The anticipated use is with automatic arrays.  This saves the overhead
of an allocation in the common case where the automatic array is large
enough to receive the OID, but still works without buffer overflow in 
the case where the automatic array is not big enough.  
Comment on attachment 268819 [details] [diff] [review]
patch v2

r+, but I'd like a note along the lines of comment #8 in the function doc.
Attachment #268819 - Flags: review?(neil.williams) → review+
Implement SEC_StringToOID(), which converts ASCII dotted decimal OID
strings to their DER encoded binary form.  Bug 161326. r=Neil

Checking in lib/nss/nss.def;      new revision: 1.176; previous revision: 1.175
Checking in lib/util/; new revision: 1.13; previous revision: 1.12
Checking in lib/util/secoid.h;    new revision: 1.7; previous revision: 1.6
Checking in lib/util/oidstring.c; initial revision: 1.1
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
No longer blocks: 324744
Blocks: 324744
You need to log in before you can comment on or make changes to this bug.