1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
|
.\" $OpenBSD: OBJ_nid2obj.3,v 1.22 2024/01/31 08:02:53 tb Exp $
.\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
.\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2017, 2021, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2006, 2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 31 2024 $
.Dt OBJ_NID2OBJ 3
.Os
.Sh NAME
.Nm OBJ_nid2obj ,
.Nm OBJ_nid2ln ,
.Nm OBJ_nid2sn ,
.Nm OBJ_obj2nid ,
.Nm OBJ_ln2nid ,
.Nm OBJ_sn2nid ,
.Nm OBJ_txt2nid ,
.Nm OBJ_txt2obj ,
.Nm OBJ_obj2txt ,
.Nm OBJ_cmp ,
.Nm OBJ_dup ,
.Nm i2t_ASN1_OBJECT ,
.Nm i2a_ASN1_OBJECT
.Nd inspect and create ASN.1 object identifiers
.Sh SYNOPSIS
.In openssl/objects.h
.Ft ASN1_OBJECT *
.Fo OBJ_nid2obj
.Fa "int nid"
.Fc
.Ft const char *
.Fo OBJ_nid2ln
.Fa "int nid"
.Fc
.Ft const char *
.Fo OBJ_nid2sn
.Fa "int nid"
.Fc
.Ft int
.Fo OBJ_obj2nid
.Fa "const ASN1_OBJECT *object"
.Fc
.Ft int
.Fo OBJ_ln2nid
.Fa "const char *ln"
.Fc
.Ft int
.Fo OBJ_sn2nid
.Fa "const char *sn"
.Fc
.Ft int
.Fo OBJ_txt2nid
.Fa "const char *s"
.Fc
.Ft ASN1_OBJECT *
.Fo OBJ_txt2obj
.Fa "const char *s"
.Fa "int no_name"
.Fc
.Ft int
.Fo OBJ_obj2txt
.Fa "char *buf"
.Fa "int buf_len"
.Fa "const ASN1_OBJECT *object"
.Fa "int no_name"
.Fc
.Ft int
.Fo OBJ_cmp
.Fa "const ASN1_OBJECT *a"
.Fa "const ASN1_OBJECT *b"
.Fc
.Ft ASN1_OBJECT *
.Fo OBJ_dup
.Fa "const ASN1_OBJECT *object"
.Fc
.In openssl/asn1.h
.Ft int
.Fo i2t_ASN1_OBJECT
.Fa "char *buf"
.Fa "int buf_len"
.Fa "const ASN1_OBJECT *object"
.Fc
.Ft int
.Fo i2a_ASN1_OBJECT
.Fa "BIO *out_bio"
.Fa "const ASN1_OBJECT *object"
.Fc
.Sh DESCRIPTION
The ASN.1 object utility functions process
.Vt ASN1_OBJECT
structures, in the following called
.Dq objects .
An object represents an ASN.1
.Vt OBJECT IDENTIFIER
.Pq OID .
The library maintains an internal global table of objects.
Many of these objects are built into the library
and contained in the global table by default.
The application program can add additional objects to the global table
by using functions documented in the
.Xr OBJ_create 3
manual page.
Consequently, there are three classes of objects:
built-in table objects, user-defined table objects, and non-table objects.
.Pp
In addition to the OID, each object can hold
a long name, a short name, and a numerical identifier (NID).
Even though the concept of NIDs is specific to the library
and not standardized, using the NID is often the most convenient way
for source code to refer to a specific OID.
The NIDs of the built-in objects are available as defined constants.
.Pp
Built-in table objects have certain advantages
over objects that are not in the global table:
for example, their NIDs can be used in C language switch statements.
They are also shared:
there is only a single static constant structure for each built-on OID.
.Pp
Some functions operate on table objects only:
.Pp
.Fn OBJ_nid2obj
retrieves the table object associated with the
.Fa nid .
.Fn OBJ_nid2ln
and
.Fn OBJ_nid2sn
retrieve its long and short name, respectively.
.Pp
.Fn OBJ_obj2nid
retrieves the NID associated with the given
.Fa object ,
which is either the NID stored in the
.Fa object
itself, if any, or otherwise the NID stored in a table object
containing the same OID.
.Pp
.Fn OBJ_ln2nid
and
.Fn OBJ_sn2nid
retrieve the NID from the table object with the long name
.Fa ln
or the short name
.Fa sn ,
respectively.
.Pp
.Fn OBJ_txt2nid
retrieves the NID from the table object described by the text string
.Fa s ,
which can be a long name, a short name,
or the numerical representation of an OID.
.Pp
The remaining functions can be used both on table objects
and on objects that are not in the global table:
.Pp
.Fn OBJ_txt2obj
retrieves or creates an object matching the text string
.Fa s .
If
.Fa no_name
is 1, only the numerical representation of an OID is accepted.
If
.Fa no_name
is 0, long names and short names are accepted as well.
.Pp
.Fn OBJ_obj2txt
writes a NUL terminated textual representation
of the OID contained in the given
.Fa object
into
.Fa buf .
At most
.Fa buf_len
bytes are written, truncating the result if necessary.
The total amount of space required is returned.
If
.Fa no_name
is 0 and the table object containing the same OID
contains a long name, the long name is written.
Otherwise, if
.Fa no_name
is 0 and the table object containing the same OID
contains a short name, the short name is written.
Otherwise, the numerical representation of the OID is written.
.Pp
.Fn i2t_ASN1_OBJECT
is the same as
.Fn OBJ_obj2txt
with
.Fa no_name
set to 0.
.Pp
.Fn i2a_ASN1_OBJECT
writes a textual representation of the OID contained in the given
.Fa object
to
.Fa out_bio
using
.Xr BIO_write 3 .
It does not write a terminating NUL byte.
If the
.Fa object
argument is
.Dv NULL
or contains no OID, it writes the 4-byte string
.Qq NULL .
If
.Fn i2t_ASN1_OBJECT
fails,
.Fn i2a_ASN1_OBJECT
writes the 9-byte string
.Qq <INVALID> .
Otherwise, it writes the string constructed with
.Fn i2t_ASN1_OBJECT .
.Pp
.Fn OBJ_cmp
tests whether
.Fa a
and
.Fa b
represent the same ASN.1
.Vt OBJECT IDENTIFIER .
Any names and NIDs contained in the two objects are ignored,
even if they differ between both objects.
.Pp
.Fn OBJ_dup
returns a deep copy of the given
.Fa object
if it is marked as dynamically allocated.
The new object and all data contained in it are marked as dynamically
allocated.
If the given
.Fa object
is not marked as dynamically allocated,
.Fn OBJ_dup
just returns a pointer to the
.Fa object
itself.
.Sh RETURN VALUES
Application code should treat all returned values \(em
objects, names, and NIDs \(em as constants.
.Pp
.Fn OBJ_nid2obj
returns a pointer to a table object owned by the library or
.Dv NULL
if no matching table object is found.
.Pp
.Fn OBJ_nid2ln
and
.Fn OBJ_nid2sn
return a pointer to a string owned by a table object or
.Dv NULL
if no matching table object is found.
For
.Dv NID_undef ,
they return the constant static strings
.Qq undefined
and
.Qq UNDEF ,
respectively.
.Pp
.Fn OBJ_obj2nid
returns an NID on success, or
.Dv NID_undef
if
.Fa object
is
.Dv NULL ,
does not contain an OID,
if no table object matching the OID is found,
or if the matching object does not contain an NID.
.Pp
.Fn OBJ_ln2nid
and
.Fn OBJ_sn2nid
return an NID on success or
.Dv NID_undef
if no matching table object is found
or if the matching object does not contain an NID.
.Pp
.Fn OBJ_txt2nid
returns an NID on success or
.Dv NID_undef
if parsing of
.Fa s
or memory allocation fails, if no matching table object is found,
or if the matching object does not contain an NID.
.Pp
.Fn OBJ_txt2obj
returns a pointer to a table object owned by the library if lookup of
.Fa s
as a long or short name succeeds.
Otherwise, it returns a newly created object,
transferring ownership to the caller, or
.Dv NULL
if parsing of
.Fa s
or memory allocation fails.
.Pp
.Fn OBJ_obj2txt
and
.Fn i2t_ASN1_OBJECT
return the amount of space required in bytes,
including the terminating NUL byte,
or zero if an error occurs before the required space can be calculated,
in particular if
.Fa buf_len
is negative,
.Fa object
is
.Dv NULL
or does not contain an OID,
or if memory allocation fails.
.Pp
.Fn OBJ_cmp
returns 0 if both objects refer to the same OID
or neither of them are associated with any OID,
or a non-zero value if at least one of them refers to an OID
but the other one does not refer to the same OID.
.Pp
.Fn OBJ_dup
returns the pointer to the original
.Fa object
if it is not marked as dynamically allocated.
Otherwise, it returns a newly created object,
transferring ownership to the caller, or
.Dv NULL
if
.Fa object
is
.Dv NULL
or memory allocation fails.
.Pp
.Fn i2a_ASN1_OBJECT
returns the number of bytes written, even if the given
.Fa object
is invalid or contains invalid data,
but a negative value if memory allocation or a write operation fails.
.Pp
In some cases of failure of
.Fn OBJ_nid2obj ,
.Fn OBJ_nid2ln ,
.Fn OBJ_nid2sn ,
.Fn OBJ_txt2nid ,
.Fn OBJ_txt2obj ,
.Fn OBJ_obj2txt ,
.Fn OBJ_dup ,
.Fn i2t_ASN1_OBJECT ,
and
.Fn i2a_ASN1_OBJECT ,
the reason can be determined with
.Xr ERR_get_error 3 .
.Sh EXAMPLES
Retrieve the object for
.Sy commonName :
.Bd -literal -offset indent
ASN1_OBJECT *object;
object = OBJ_nid2obj(NID_commonName);
.Ed
.Pp
Check whether an object contains the OID for
.Sy commonName :
.Bd -literal -offset indent
if (OBJ_obj2nid(object) == NID_commonName)
/* Do something */
.Ed
.Pp
Create a new object directly:
.Bd -literal -offset indent
object = OBJ_txt2obj("1.2.3.4", 1);
.Ed
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
.Xr BIO_new 3 ,
.Xr d2i_ASN1_OBJECT 3 ,
.Xr OBJ_create 3
.Sh HISTORY
.Fn OBJ_nid2obj ,
.Fn OBJ_nid2ln ,
.Fn OBJ_nid2sn ,
.Fn OBJ_obj2nid ,
.Fn OBJ_ln2nid ,
.Fn OBJ_sn2nid ,
.Fn OBJ_txt2nid ,
.Fn OBJ_cmp ,
and
.Fn OBJ_dup
first appeared in SSLeay 0.5.1.
.Fn i2a_ASN1_OBJECT
first appeared in SSLeay 0.6.0, and
.Fn i2t_ASN1_OBJECT
in SSLeay 0.9.0.
All these functions have been available since
.Ox 2.4 .
.Pp
.Fn OBJ_txt2obj
first appeared in OpenSSL 0.9.2b.
.Fn OBJ_obj2txt
first appeared in OpenSSL 0.9.4.
Both functions have been available since
.Ox 2.6 .
.Sh CAVEATS
The API contract of
.Fn OBJ_txt2obj
when called with a
.Fa no_name
argument of 0 and of
.Fn OBJ_dup
is scary in so far as the caller cannot find out from the returned
object whether it is owned by the library or whether ownership was
transferred to the caller.
Consequently, it is best practice to assume that ownership of the object
may have been transferred and call
.Xr ASN1_OBJECT_free 3
on the returned object when the caller no longer needs it.
In case the library retained ownership of the returned object,
.Xr ASN1_OBJECT_free 3
has no effect and is harmless.
.Pp
Objects returned from
.Fn OBJ_txt2obj
with a
.Fa no_name
argument of 1 always require
.Xr ASN1_OBJECT_free 3
to prevent memory leaks.
.Pp
Objects returned from
.Fn OBJ_nid2obj
never require
.Xr ASN1_OBJECT_free 3 ,
but calling it anyway has no effect and is harmless.
.Sh BUGS
Usually, an object is expected to contain an NID other than
.Dv NID_undef
if and only if it is a table object.
However, this is not an invariant guaranteed by the API.
In particular,
.Xr ASN1_OBJECT_create 3
allows the creation of non-table objects containing bogus NIDs.
.Fn OBJ_obj2nid
returns such bogus NIDs even though
.Fn OBJ_nid2obj
cannot use them for retrieval.
On top of that, the global table contains one built-in object with an NID of
.Dv NID_undef .
.Pp
.Fn OBJ_obj2txt
is awkward and messy to use: it doesn't follow the convention of other
OpenSSL functions where the buffer can be set to
.Dv NULL
to determine the amount of data that should be written.
Instead
.Fa buf
must point to a valid buffer and
.Fa buf_len
should be set to a positive value.
A buffer length of 80 should be more than enough to handle any OID
encountered in practice.
|