CODEWITHSUNDEEP
opensslasn.1
neubert
neubert

Reputation: 16792

where does openssl store it's oid's?

So I have a CMS signed message:

MIIF3QYJKoZIhvcNAQcCoIIFzjCCBcoCAQExDzANBglghkgBZQMEAgEFADASBgkq 
hkiG9w0BBwGgBQQDYWFhoIIDAzCCAv8wggHnoAMCAQICAQEwDQYJKoZIhvcNAQEF 
BQAwGjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAlo0MB4XDTEzMDgyODE4MjgzNFoX 
DTIzMDgyODE4MjgzNFowGjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAlo0MIIBIjAN 
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33TqqLR3eeUmDtHS89qF3p4MP7Wf 
qt2Zjj3lZjLjjCGDvwr9cJNlNDiuKboODgUiT4ZdPWbOiMAfDcDzlOxA04DDnEFG 
Af+kDQiNSe2ZtqC7bnIc8+KSG/qOGQIVaay4Ucr6ovDkykO5Hxn7OU7sJp9TP9H0 
JH8zMQA6YzijYH9LsupTerrY3U6zyihVEDXXOv08vBHk50BMFJbE9iwFwnxCsU5+ 
UZUZYw87Uu0n4LPFS9BT8tUIvAfnRXIEWCha3KbFWmdZQZlyrFw0buUEf0YN3/Q0 
auBkdbDR/ES2PbgKTJdkjc/rEeM0TxvOUf7HuUNOhrtAVEN1D5uuxE1WSwIDAQAB 
o1AwTjAdBgNVHQ4EFgQUB2T0xMkFbv9CP90FoZU8lu1qE80wHwYDVR0jBBgwFoAU 
B2T0xMkFbv9CP90FoZU8lu1qE80wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF 
AAOCAQEAx8aifcvGpUx+2oFTFmX4nP0W63bx8MqviDq4A06KsqNMPiGegQp/b47+ 
YroaruBaKzlgwBaUCmVtAywSREMv+/9PvaZNgz4StV83TqL5Uq5EbfhnBKRp1F58 
wAlwwWztPlq5PoXIxJEEUStW1tq5JwESBCRvRkvqUoT/Qav9AZjbDHqXTXAWtM92 
uQdH8xcgkKFJV+kU6sUcNYdULeRdNKX7Ke0o11SL2HHsB2jQEm7aNZ+Ya0s9VWPY 
S22tdYry9TeFqFm5swC+gVmm7Atg/zHp0k9v1+oUyshl6YNxINod4i71LcHDZ8tI 
USrLXO9yZfcUd6l31yiR9E4U5atIKjGCApcwggKTAgEBMB8wGjELMAkGA1UEBhMC 
VVMxCzAJBgNVBAoMAlo0AgEBMA0GCWCGSAFlAwQCAQUAoIIBSTAYBgkqhkiG9w0B 
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA3MjIwMjUyMzVaMC8G 
CSqGSIb3DQEJBDEiBCCYNIdtz7BcsWelwklT66WMSsibGt9X8o8vnQmvEH7o8DA6 
BgsqhkiG9w0BCRACDzErMCkGBCoDBAUwITAJBgUrDgMCGgUABBShoqOkpaanqKmg 
oaKjpKWmp6ipoDBKBgsqhkiG9w0BCRACDDE7MDkwNwQUdsGdeHdBva92yrHELRZs 
tTaqg/gwHzAaMQswCQYDVQQGEwJVUzELMAkGA1UECgwCWjQCAQEwVgYLKoZIhvcN 
AQkQAi8xRzBFMEMEIMNV3E7h3KKpUFPtkNJ/8TAlyIeCTafXzIM0irKg6URCMB8w 
GjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAlo0AgEBMA0GCSqGSIb3DQEBCwUABIIB 
ANW+XgUsuYk1rul2Ws6m9PSrvQeWcK+b8Rg8tvsYN3k4rGrI4i/Vzl880oX3vIX7 
r8Q8v4WZ+QxmgnBD+0PFqET/wkHBWYPRx6KthiKnz8dY3cakK5UorJebAkaamBB0 
LUIFsTQlNB+bw1N9jHwGg9pdGgsBMB0ZGJkv9qfzfeNaIIo2TkOWHOHEGp+iQ+4V 
J10wYE72K16Z5ylNKS980azGLdWSA2B1NlRsf0DrxZNLH6jFDAGrQtiuhcYs7/+R 
8Rx+ISPa3YC/E813LKBjNdTMvGnxoPUrsc22MPRUb4Sj3+NthZO42aUqXwGfLLE/ 
zpbC9FnUYduAn/1XrFpv4sw=

If you run that through openssl asn1parse -in cms.txt (where cms.txt contains the above) you'll see that it has OID's that represent such things as sha256. The OID that corresponds to sha256 is 2.16.840.1.101.3.4.2.1 in it.

My question is... where in the OpenSSL sources does this association get made?

There's this:

https://android.googlesource.com/platform/external/openssl/+/master/crypto/objects/objects.h

That seems to define a bunch of OIDs but sha256 is not among them so it is not clear to me where it is defined.

Any ideas?

Upvotes: 1

Views: 1942

Answers (2)

Florat
Florat

Reputation: 310

The main entries are defined in the OID Database.

They are encoded in the OBJECT IDENTIFIER encoding defined by ASN.1.

Upvotes: 1

frasertweedale
frasertweedale

Reputation: 5644

OIDs are defined in crypto/objects/objects.txt. The syntax for this file is defined in crypto/objects/objects.README and it is transformed into a header file by the crypto/objects/objects.pl script.

The NIST SHA-2 OIDs are defined thus:

# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1         : SHA256                : sha256
nist_hashalgs 2         : SHA384                : sha384
nist_hashalgs 3         : SHA512                : sha512
nist_hashalgs 4         : SHA224                : sha224

The nistAlgorithms prefix is defined earlier in the file:

!Alias csor 2 16 840 1 101 3
!Alias nistAlgorithms csor 4

Combined, these give the full OID for SHA-256 that appears in the ASN.1 you posted: 2.16.840.1.101.3.4.2.1.

Upvotes: 4

Related Questions