+++ /dev/null
-
-OpenSSL ASN1 Revision
-=====================
-
-This document describes some of the issues relating to the new ASN1 code.
-
-Previous OpenSSL ASN1 problems
-=============================
-
-OK why did the OpenSSL ASN1 code need revising in the first place? Well
-there are lots of reasons some of which are included below...
-
-1. The code is difficult to read and write. For every single ASN1 structure
-(e.g. SEQUENCE) four functions need to be written for new, free, encode and
-decode operations. This is a very painful and error prone operation. Very few
-people have ever written any OpenSSL ASN1 and those that have usually wish
-they hadn't.
-
-2. Partly because of 1. the code is bloated and takes up a disproportionate
-amount of space. The SEQUENCE encoder is particularly bad: it essentially
-contains two copies of the same operation, one to compute the SEQUENCE length
-and the other to encode it.
-
-3. The code is memory based: that is it expects to be able to read the whole
-structure from memory. This is fine for small structures but if you have a
-(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
-
-4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
-changing the tag to the expected one, attempting to read it, then changing it
-back again. This means that decode buffers have to be writable even though they
-are ultimately unchanged. This gets in the way of constification.
-
-5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
-the decoder and encoder for every EXPLICIT tag.
-
-6. APPLICATION and PRIVATE tags aren't even supported at all.
-
-7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
-types that are not OPTIONAL.
-
-8. Much of the code assumes that a tag will fit in a single octet. This is
-only true if the tag is 30 or less (mercifully tags over 30 are rare).
-
-9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
-macros that properly support it.
-
-10. Encoders have no concept of OPTIONAL and have no error checking. If the
-passed structure contains a NULL in a mandatory field it will not be encoded,
-resulting in an invalid structure.
-
-11. It is tricky to add ASN1 encoders and decoders to external applications.
-
-Template model
-==============
-
-One of the major problems with revision is the sheer volume of the ASN1 code.
-Attempts to change (for example) the IMPLICIT behaviour would result in a
-modification of *every* single decode function.
-
-I decided to adopt a template based approach. I'm using the term 'template'
-in a manner similar to SNACC templates: it has nothing to do with C++
-templates.
-
-A template is a description of an ASN1 module as several constant C structures.
-It describes in a machine readable way exactly how the ASN1 structure should
-behave. If this template contains enough detail then it is possible to write
-versions of new, free, encode, decode (and possibly others operations) that
-operate on templates.
-
-Instead of having to write code to handle each operation only a single
-template needs to be written. If new operations are needed (such as a 'print'
-operation) only a single new template based function needs to be written
-which will then automatically handle all existing templates.
-
-Plans for revision
-==================
-
-The revision will consist of the following steps. Other than the first two
-these can be handled in any order.
-
-o Design and write template new, free, encode and decode operations, initially
-memory based. *DONE*
-
-o Convert existing ASN1 code to template form. *IN PROGRESS*
-
-o Convert an existing ASN1 compiler (probably SNACC) to output templates
-in OpenSSL form.
-
-o Add support for BIO based ASN1 encoders and decoders to handle large
-structures, initially blocking I/O.
-
-o Add support for non blocking I/O: this is quite a bit harder than blocking
-I/O.
-
-o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
-certificates etc etc.
-
-Description of major changes
-============================
-
-The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
-absent. The meaning of absent depends on the context. If for example the
-boolean type is DEFAULT FALSE (as in the case of the critical flag for
-certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
-Usually the value will only ever be read via an API which will hide this from
-an application.
-
-There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
-SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
-old code would omit the structure if the STACK was NULL (which is fine) or if
-it had zero elements (which is NOT OK). This causes problems because an empty
-SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
-it is encoded it will be omitted resulting in different encodings. The new code
-only omits the encoding if the STACK is NULL, if it contains zero elements it
-is encoded and empty. There is an additional problem though: because an empty
-STACK was omitted, sometimes the corresponding *_new() function would
-initialize the STACK to empty so an application could immediately use it, if
-this is done with the new code (i.e. a NULL) it wont work. Therefore a new
-STACK should be allocated first. One instance of this is the X509_CRL list of
-revoked certificates: a helper function X509_CRL_add0_revoked() has been added
-for this purpose.
-
-The X509_ATTRIBUTE structure used to have an element called 'set' which took
-the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
-to the behaviour of CHOICE in the new code this has been changed to a field
-called 'single' which is 0 for a SET OF and 1 for single. The old field has
-been deleted to deliberately break source compatibility. Since this structure
-is normally accessed via higher level functions this shouldn't break too much.
-
-The X509_REQ_INFO certificate request info structure no longer has a field
-called 'req_kludge'. This used to be set to 1 if the attributes field was
-(incorrectly) omitted. You can check to see if the field is omitted now by
-checking if the attributes field is NULL. Similarly if you need to omit
-the field then free attributes and set it to NULL.
-
-The top level 'detached' field in the PKCS7 structure is no longer set when
-a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
-The behaviour of PKCS7_get_detached() is unaffected.
-
-The values of 'type' in the GENERAL_NAME structure have changed. This is
-because the old code use the ASN1 initial octet as the selector. The new
-code uses the index in the ASN1_CHOICE template.
-
-The DIST_POINT_NAME structure has changed to be a true CHOICE type.
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
- STACK_OF(GENERAL_NAME) *fullname;
- STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-} DIST_POINT_NAME;
-
-This means that name.fullname or name.relativename should be set
-and type reflects the option. That is if name.fullname is set then
-type is 0 and if name.relativename is set type is 1.
-
-With the old code using the i2d functions would typically involve:
-
-unsigned char *buf, *p;
-int len;
-/* Find length of encoding */
-len = i2d_SOMETHING(x, NULL);
-/* Allocate buffer */
-buf = OPENSSL_malloc(len);
-if(buf == NULL) {
- /* Malloc error */
-}
-/* Use temp variable because &p gets updated to point to end of
- * encoding.
- */
-p = buf;
-i2d_SOMETHING(x, &p);
-
-
-Using the new i2d you can also do:
-
-unsigned char *buf = NULL;
-int len;
-len = i2d_SOMETHING(x, &buf);
-if(len < 0) {
- /* Malloc error */
-}
-
-and it will automatically allocate and populate a buffer with the
-encoding. After this call 'buf' will point to the start of the
-encoding which is len bytes long.
projects / cassiopeia.git / blobdiff