NAME

i2s_ASN1_ENUMERATED, i2s_ASN1_ENUMERATED_TABLE, i2s_ASN1_INTEGER, s2i_ASN1_INTEGER, i2s_ASN1_OCTET_STRING, s2i_ASN1_OCTET_STRING — ASN.1 data type conversion utilities for certificate extensions

SYNOPSIS

#include <openssl/asn1.h>
#include <openssl/x509v3.h>

char *
i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a);

char *
i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a);

ASN1_INTEGER *
s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value);

char *
i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *aos);

ASN1_OCTET_STRING *
s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *value);

char *
i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *aenum);

DESCRIPTION

These functions convert to and from ASN1_ENUMERATED, ASN1_INTEGER, and ASN1_OCTET_STRING objects. They are primarily used internally for parsing configuration files and displaying X.509v3 certificate extensions. With the exception of i2s_ASN1_ENUMERATED_TABLE(), these functions ignore the method argument. Any object or string returned by these functions must be freed by the caller.

i2s_ASN1_ENUMERATED() and i2s_ASN1_INTEGER() first convert a into a BIGNUM object with ASN1_ENUMERATED_to_BN(3) or ASN1_INTEGER_to_BN(3) and then derive a string representation using BN_bn2dec(3) or BN_bn2hex(3). Decimal representation is used if the number has less than 128 bits, otherwise hexadecimal representation is used to avoid excessive conversion cost.

s2i_ASN1_INTEGER() converts the NUL-terminated decimal or hexadecimal string representation of an integer in value into an ASN1_INTEGER object. A sign prefix of ‘-’ indicates a negative number and the base prefixes ‘0x’ and ‘0X’ indicate hexadecimal representation, otherwise decimal representation is assumed. After skipping the sign and base prefixes, an intermediate conversion into a BIGNUM is performed using BN_dec2bn(3) or BN_hex2bn(3) and the ASN1_INTEGER is then obtained with BN_to_ASN1_INTEGER(3).

i2s_ASN1_OCTET_STRING() converts the octets in aos into a string where the octets are colon-separated and represented as pairs of uppercase hexadecimal digits.

s2i_ASN1_OCTET_STRING() converts the NUL-terminated string str into an ASN1_OCTET_STRING. The method and ctx arguments are ignored. Every pair of hexadecimal digits is converted into an octet. Colons are ignored if they are at the start, the end or if they separate two pairs of digits.

i2s_ASN1_ENUMERATED_TABLE() uses strings provided in the usr_data field of the non-NULL method to convert the value of a into a string. If no such string is available, a is passed to i2s_ASN1_ENUMERATED(). The method argument can be provided by application programs or it can be a default method obtained from X509V3_EXT_get_nid(3). The default methods corresponding to the following nid arguments have strings configured in their usr_data field:

RETURN VALUES

i2s_ASN1_ENUMERATED(), i2s_ASN1_ENUMERATED_TABLE(), i2s_ASN1_INTEGER(), and i2s_ASN1_OCTET_STRING() return a NUL-terminated string, or NULL on memory allocation failure.

s2i_ASN1_INTEGER() returns an ASN1_INTEGER, or NULL on error. Error conditions are memory allocation failure or if value is not a valid decimal or hexadecimal encoding of an integer.

s2i_ASN1_OCTET_STRING() returns an ASN1_OCTET_STRING, or NULL on error. Error conditions are memory allocation failure or if value contains an odd number of hexadecimal digits or anything except colons at the start, the end or between pairs of hexadecimal digits.

Error codes can sometimes be obtained by ERR_get_error(3).

SEE ALSO

ASN1_INTEGER_new(3), ASN1_INTEGER_to_BN(3), ASN1_OCTET_STRING_new(3), crypto(3), X509V3_get_d2i(3)

HISTORY

These functions first appeared in OpenSSL 0.9.4 and have been available since OpenBSD 2.6.

BUGS

Of these functions at least i2s_ASN1_ENUMERATED_TABLE() can succeed while setting an error and fail without setting an error on the error stack.