Note: There are a few cases of duplicates in user autocompletion which are being worked on.

need API to convert dotted OID format to/from octet representation

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
enhancement
RESOLVED FIXED
15 years ago
10 years ago

People

(Reporter: Terry Hayes, Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

15 years ago
OID values are frequently used in two different formats:
  1) a "dotted" representation such as 2.16.840.1.113730.1.1; which can also
     be represented as a sequence of integer values (int[])
  2) a sequence of octets that is the form used in DER/BER/PER encodings of OIDs

NSS should provide APIs to convert between these two formats.  One set of APIs 
should convert between an integer array (int[]) and the octet sequence.  
Another might be provided to convert "dotted" string values to/from the 
corresponding integer array.

These APIs would be useful for developers who have the "dotted" format from 
standards specifications and need to convert into octet sequences (as SECItems) 
to call APIs for certificate processing (and other APIs).  They would also be 
useful for converting unknown OID values into displayable strings.
(Assignee)

Comment 1

14 years ago
If I'm not mistaken, OIDs are usually displayed as decimal integers 
separated by spaces, not dots.  No?
But I agree that this would be useful for applications that want to display
OIDs in decimal form.
Priority: -- → P3
(Assignee)

Comment 2

14 years ago
NSS now has CERT_GetOidString(), which returns a string containing the 
OID form that is decimal integers separated by dots.  pp and certutil use it.

There is not yes a function to go in the other direction.

Terry, Does CERT_GetOidString satisfy this RFE ?
(Assignee)

Updated

12 years ago
QA Contact: bishakhabanerjee → jason.m.reid
(Assignee)

Updated

12 years ago
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries

Updated

10 years ago
OS: Windows NT → All
(Assignee)

Comment 3

10 years ago
Taking for NSS 3.12.

For a veriety of reasons, including 
- Need to accept all valid ASCII string DNs (bug 210584), and
- need to accept OID strings for certutil to encode poilcy OIDs in certs,
NSS needs a new function to take an OID string in the usual ASCII dotted
decimal form, and return a binary-encoded OID.

I have written a function to do that.  It returns a "raw" binary DER, 
without the DER tag and length octets that would go with it if it was in a
cert (or other DER encoded sequence).  If we also need a function to return
the fully DER-encoded form, that will be easy to do.
Assignee: nobody → nelson
Priority: P3 → P2
Target Milestone: --- → 3.12
Version: unspecified → 3.4
(Assignee)

Comment 4

10 years ago
Created attachment 268748 [details] [diff] [review]
add new function, v1

Reviewers should evaluate:
- the new function name & arguments
- the new source file name
- whether the output should be a full DER encoding, with tag and length octets
  or merely the contents octets (as it does in this patch).
- Anything else about this function that seems worthy of review
Attachment #268748 - Flags: review?(neil.williams)
(Assignee)

Comment 5

10 years ago
P1, as this bug blocks another P1 bug
Blocks: 210584, 324744
Priority: P2 → P1
(Assignee)

Comment 6

10 years ago
Created attachment 268819 [details] [diff] [review]
patch v2

Second patch, this one is better tested.
Attachment #268748 - Attachment is obsolete: true
Attachment #268819 - Flags: review?(neil.williams)
Attachment #268748 - Flags: review?(neil.williams)
(Assignee)

Updated

10 years ago
Attachment #268819 - Attachment is patch: true
Attachment #268819 - Attachment mime type: application/octet-stream → text/plain
(Assignee)

Updated

10 years ago
Summary: enh: need API to convert dotted OID format to/from octet representation → need API to convert dotted OID format to/from octet representation

Comment 7

10 years ago
Nelson, what happens when to->data != NULL && to->len < result_bytes? It looks like whatever was in to->data would get leaked if it's not dup'ed somewhere else.


    if (to->data && to->len >= result_bytes) {
        ...
    } else {
        ...
	rv = SECITEM_CopyItem(pool, to, &result_item);
    }
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
(Assignee)

Updated

10 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 8

10 years ago
to->data might be allocated from an arenapool, or might be an automatic
buffer (automatic array of char), in which cases no leak occurs.  
The anticipated use is with automatic arrays.  This saves the overhead
of an allocation in the common case where the automatic array is large
enough to receive the OID, but still works without buffer overflow in 
the case where the automatic array is not big enough.  

Comment 9

10 years ago
Comment on attachment 268819 [details] [diff] [review]
patch v2

r+, but I'd like a note along the lines of comment #8 in the function doc.
Attachment #268819 - Flags: review?(neil.williams) → review+
(Assignee)

Updated

10 years ago
Status: REOPENED → ASSIGNED
(Assignee)

Comment 10

10 years ago
Implement SEC_StringToOID(), which converts ASCII dotted decimal OID
strings to their DER encoded binary form.  Bug 161326. r=Neil

Checking in lib/nss/nss.def;      new revision: 1.176; previous revision: 1.175
Checking in lib/util/manifest.mn; new revision: 1.13; previous revision: 1.12
Checking in lib/util/secoid.h;    new revision: 1.7; previous revision: 1.6
Checking in lib/util/oidstring.c; initial revision: 1.1
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED

Updated

10 years ago
No longer blocks: 324744
(Assignee)

Updated

10 years ago
Blocks: 324744
You need to log in before you can comment on or make changes to this bug.