1d2i_X509(3) OpenSSL d2i_X509(3)
2
3
4
6 d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
7 i2d_X509_fp - X509 encode and decode functions
8
10 #include <openssl/x509.h>
11
12 X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
13 int i2d_X509(X509 *x, unsigned char **out);
14
15 X509 *d2i_X509_bio(BIO *bp, X509 **x);
16 X509 *d2i_X509_fp(FILE *fp, X509 **x);
17
18 int i2d_X509_bio(BIO *bp, X509 *x);
19 int i2d_X509_fp(FILE *fp, X509 *x);
20
22 The X509 encode and decode routines encode and parse an X509 structure,
23 which represents an X509 certificate.
24
25 d2i_X509() attempts to decode len bytes at *in. If successful a pointer
26 to the X509 structure is returned. If an error occurred then NULL is
27 returned. If px is not NULL then the returned structure is written to
28 *px. If *px is not NULL then it is assumed that *px contains a valid
29 X509 structure and an attempt is made to reuse it. If the call is
30 successful *in is incremented to the byte following the parsed data.
31
32 i2d_X509() encodes the structure pointed to by x into DER format. If
33 out is not NULL is writes the DER encoded data to the buffer at *out,
34 and increments it to point after the data just written. If the return
35 value is negative an error occurred, otherwise it returns the length of
36 the encoded data.
37
38 For OpenSSL 0.9.7 and later if *out is NULL memory will be allocated
39 for a buffer and the encoded data written to it. In this case *out is
40 not incremented and it points to the start of the data just written.
41
42 d2i_X509_bio() is similar to d2i_X509() except it attempts to parse
43 data from BIO bp.
44
45 d2i_X509_fp() is similar to d2i_X509() except it attempts to parse data
46 from FILE pointer fp.
47
48 i2d_X509_bio() is similar to i2d_X509() except it writes the encoding
49 of the structure x to BIO bp and it returns 1 for success and 0 for
50 failure.
51
52 i2d_X509_fp() is similar to i2d_X509() except it writes the encoding of
53 the structure x to BIO bp and it returns 1 for success and 0 for
54 failure.
55
57 The letters i and d in for example i2d_X509 stand for "internal" (that
58 is an internal C structure) and "DER". So that i2d_X509 converts from
59 internal to DER.
60
61 The functions can also understand BER forms.
62
63 The actual X509 structure passed to i2d_X509() must be a valid
64 populated X509 structure it can not simply be fed with an empty
65 structure such as that returned by X509_new().
66
67 The encoded data is in binary form and may contain embedded zeroes.
68 Therefore any FILE pointers or BIOs should be opened in binary mode.
69 Functions such as strlen() will not return the correct length of the
70 encoded structure.
71
72 The ways that *in and *out are incremented after the operation can trap
73 the unwary. See the WARNINGS section for some common errors.
74
75 The reason for the auto increment behaviour is to reflect a typical
76 usage of ASN1 functions: after one structure is encoded or decoded
77 another will processed after it.
78
80 Allocate and encode the DER encoding of an X509 structure:
81
82 int len;
83 unsigned char *buf, *p;
84
85 len = i2d_X509(x, NULL);
86
87 buf = OPENSSL_malloc(len);
88
89 if (buf == NULL)
90 /* error */
91
92 p = buf;
93
94 i2d_X509(x, &p);
95
96 If you are using OpenSSL 0.9.7 or later then this can be simplified to:
97
98 int len;
99 unsigned char *buf;
100
101 buf = NULL;
102
103 len = i2d_X509(x, &buf);
104
105 if (len < 0)
106 /* error */
107
108 Attempt to decode a buffer:
109
110 X509 *x;
111
112 unsigned char *buf, *p;
113
114 int len;
115
116 /* Something to setup buf and len */
117
118 p = buf;
119
120 x = d2i_X509(NULL, &p, len);
121
122 if (x == NULL)
123 /* Some error */
124
125 Alternative technique:
126
127 X509 *x;
128
129 unsigned char *buf, *p;
130
131 int len;
132
133 /* Something to setup buf and len */
134
135 p = buf;
136
137 x = NULL;
138
139 if(!d2i_X509(&x, &p, len))
140 /* Some error */
141
143 The use of temporary variable is mandatory. A common mistake is to
144 attempt to use a buffer directly as follows:
145
146 int len;
147 unsigned char *buf;
148
149 len = i2d_X509(x, NULL);
150
151 buf = OPENSSL_malloc(len);
152
153 if (buf == NULL)
154 /* error */
155
156 i2d_X509(x, &buf);
157
158 /* Other stuff ... */
159
160 OPENSSL_free(buf);
161
162 This code will result in buf apparently containing garbage because it
163 was incremented after the call to point after the data just written.
164 Also buf will no longer contain the pointer allocated by
165 OPENSSL_malloc() and the subsequent call to OPENSSL_free() may well
166 crash.
167
168 The auto allocation feature (setting buf to NULL) only works on OpenSSL
169 0.9.7 and later. Attempts to use it on earlier versions will typically
170 cause a segmentation violation.
171
172 Another trap to avoid is misuse of the xp argument to d2i_X509():
173
174 X509 *x;
175
176 if (!d2i_X509(&x, &p, len))
177 /* Some error */
178
179 This will probably crash somewhere in d2i_X509(). The reason for this
180 is that the variable x is uninitialized and an attempt will be made to
181 interpret its (invalid) value as an X509 structure, typically causing a
182 segmentation violation. If x is set to NULL first then this will not
183 happen.
184
186 In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
187 *px is valid is broken and some parts of the reused structure may
188 persist if they are not present in the new one. As a result the use of
189 this "reuse" behaviour is strongly discouraged.
190
191 i2d_X509() will not return an error in many versions of OpenSSL, if
192 mandatory fields are not initialized due to a programming error then
193 the encoded structure may contain invalid data or omit the fields
194 entirely and will not be parsed by d2i_X509(). This may be fixed in
195 future so code should not assume that i2d_X509() will always succeed.
196
198 d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid X509
199 structure or NULL if an error occurs. The error code that can be
200 obtained by ERR_get_error(3).
201
202 i2d_X509() returns the number of bytes successfully encoded or a
203 negative value if an error occurs. The error code can be obtained by
204 ERR_get_error(3).
205
206 i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
207 occurs The error code can be obtained by ERR_get_error(3).
208
210 ERR_get_error(3)
211
213 d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and
214 i2d_X509_fp are available in all versions of SSLeay and OpenSSL.
215
216
217
2181.0.1e 2013-02-11 d2i_X509(3)