Amodhini U wrote:
> Does OpenSSL already have a function to pack an
> X.509v3 structure into a contiguous array-block? And
> to unpack it back afterwards? If so, could you please
> point me to those functions? And to any sample code
> that uses them?
OpenSSL does indeed have such a function, which is part of the ASN.1 DER
encoding/decoding
code. In general, when serializing an OpenSSL type, look for functions named i2d_*
(internal
to DER) and d2i_* (DER to internal).
In the case of X.509 certificates, the data type in question is X509 and the functions
in
question are:
X509* d2i_X509(X509*, unsigned char**, int);
int i2d_X509(X509*, unsigned char**);
Please find below a quick sample snippet.
Regards,
//oscar
<snip>
#include "openssl/x509.h"
#include <cassert>
#include <cstring>
// generated using 'openssl x509 -C -noout'
unsigned char DERCert[]={
0x30,0x82,0x02,0x6B,0x30,0x82,0x01,0xD4,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,0x05,0x00,0x30,
0x2E,0x31,0x17,0x30,0x15,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,
0x19,0x13,0x07,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x31,0x13,0x30,0x11,0x06,0x0A,
0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,0x13,0x03,0x63,0x61,0x31,0x30,
0x1E,0x17,0x0D,0x30,0x31,0x30,0x39,0x30,0x38,0x31,0x32,0x34,0x31,0x34,0x35,0x5A,
0x17,0x0D,0x30,0x31,0x31,0x30,0x30,0x38,0x31,0x32,0x34,0x31,0x34,0x35,0x5A,0x30,
0x2E,0x31,0x17,0x30,0x15,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,
0x19,0x13,0x07,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x31,0x13,0x30,0x11,0x06,0x0A,
0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,0x13,0x03,0x63,0x61,0x31,0x30,
0x81,0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,
0x00,0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xBC,0x66,0x51,0xFB,
0x5F,0xFA,0x62,0x0E,0x9B,0xD1,0xB0,0x7C,0x9A,0x94,0x7D,0x09,0x73,0x06,0xB6,0xBD,
0x7D,0x08,0xEA,0x25,0xBF,0x26,0xD4,0x13,0x2A,0x31,0xBA,0x1D,0xC0,0x2C,0xBB,0x5A,
0x0D,0xC6,0xA9,0x73,0x75,0xE5,0x8F,0x59,0x89,0x84,0x22,0xBD,0xBD,0x50,0x6B,0x33,
0x27,0xDC,0x55,0x8F,0x02,0x23,0x5B,0xDE,0x38,0x94,0xD8,0xAA,0xEC,0x5F,0x60,0x94,
0x2A,0x15,0x67,0x30,0x63,0xE0,0xF9,0x5A,0x35,0x9F,0x24,0x40,0x49,0xF3,0x7E,0xEC,
0x40,0xB9,0xF9,0x6B,0x1A,0x92,0x39,0x43,0x9F,0xEE,0x49,0xE0,0x9B,0xBA,0xAD,0x92,
0x31,0x84,0x8D,0x52,0xB7,0x29,0xA9,0x74,0xE7,0xDD,0xBC,0x19,0xA8,0xC7,0xA1,0x21,
0x87,0x8B,0x7E,0x2E,0x8F,0x0D,0xA4,0x63,0xEB,0x13,0x7D,0x07,0x02,0x03,0x01,0x00,
0x01,0xA3,0x81,0x98,0x30,0x81,0x95,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,
0x04,0x14,0x0F,0x2F,0xC5,0x6D,0x2D,0x4A,0xAD,0xE7,0xE3,0x69,0x72,0xE4,0xC5,0xDA,
0x9D,0xE4,0xDF,0x99,0x25,0x26,0x30,0x56,0x06,0x03,0x55,0x1D,0x23,0x04,0x4F,0x30,
0x4D,0x80,0x14,0x0F,0x2F,0xC5,0x6D,0x2D,0x4A,0xAD,0xE7,0xE3,0x69,0x72,0xE4,0xC5,
0xDA,0x9D,0xE4,0xDF,0x99,0x25,0x26,0xA1,0x32,0xA4,0x30,0x30,0x2E,0x31,0x17,0x30,
0x15,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,0x13,0x07,0x65,
0x78,0x61,0x6D,0x70,0x6C,0x65,0x31,0x13,0x30,0x11,0x06,0x0A,0x09,0x92,0x26,0x89,
0x93,0xF2,0x2C,0x64,0x01,0x19,0x13,0x03,0x63,0x61,0x31,0x82,0x01,0x00,0x30,0x0F,
0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,
0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x49,
0xE6,0x5B,0x71,0x70,0x53,0x21,0x78,0xC5,0xFB,0x79,0xAA,0xC5,0x03,0xF8,0x4C,0xBE,
0x34,0x21,0xF3,0xC9,0x48,0xCC,0x00,0x1C,0x9F,0xD4,0x45,0x8F,0xF4,0x9F,0x79,0xC3,
0x0C,0x04,0xB7,0x5A,0xD1,0xEA,0x46,0xE4,0x69,0x41,0x89,0x1E,0x44,0xD1,0x42,0x9C,
0x30,0x86,0x25,0x31,0xCF,0x04,0x0F,0x14,0x2D,0x15,0xD4,0x40,0xDE,0x7D,0x03,0xF9,
0x10,0x3A,0xF5,0x36,0x2F,0xDD,0x30,0xEE,0x3A,0x0A,0xA1,0x9A,0x90,0x08,0x1B,0xD7,
0xC2,0xEF,0x28,0x91,0xBF,0xD9,0x81,0xE7,0x4C,0x36,0x3F,0x3F,0x81,0xE5,0xFC,0xC6,
0xD2,0x44,0xCF,0x65,0x62,0x10,0xC6,0xF2,0x65,0x28,0x23,0x7B,0xEA,0x83,0xB9,0x21,
0x4D,0xD9,0xC0,0xE9,0x86,0x70,0xA7,0xC8,0x2B,0x8A,0x66,0xC8,0x67,0x7B,0x5F,
};
int main(int argc, char*argv[])
{
// code for de-serializing certificate from DER byte stream
//
// de-serialize pre-generated certificate
unsigned char *pDERCert = DERCert;
X509 *myCert = d2i_X509(0, &pDERCert, sizeof(DERCert));
assert(myCert != 0);
// ... code for using certificate goes here ...
//
// code for serializing certificate to DER byte stream
//
// calculate DER size in bytes
int newDERSize = i2d_X509(myCert, 0);
assert(newDERSize == sizeof(DERCert));
// allocate buffer memory
unsigned char *pNewDERCert = new unsigned char[newDERSize];
// serialize certificate back to DER
i2d_X509(myCert, &pNewDERCert);
assert(pNewDERCert != 0);
pNewDERCert -= newDERSize; // i2d_* advances pointer, so reset
// Make sure result matches original
assert(memcmp(DERCert, pNewDERCert, newDERSize) == 0);
// free memory and return
//
delete [] pNewDERCert;
return 0;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
