[openssl-dev] Getting raw ASN1 data from X509 certificate

[Dr. Stephen Henson]

On Tue, Apr 26, 2016, Kurt Roeckx wrote:

> Hi,
> 
> I'm working on a tool that checks various things related to X509
> certificates.  I want to check that the encoding is actually
> correct DER.  With things like ASN1_TIME is seems easy to get to
> the raw data, it just seems to contain it.  But when I try it with
> an ASN1_INTEGER it doesn't seem to contain all the data.  For
> instance, if it's a number that starts with a byte >= 0x80, the
> encoding should have a 0x00 in front of it.  But in the
> ASN1_INTEGER it already seems to have removed that 0x00.
> 
> Is there a way I can get to raw encoding?  Or do I need to write
> my own parser (or use an other existing one) to be able to get to
> it?
> 

For ASN1_INTEGER you the structure contains the integer value in big endian
format stripping off any padding. If you call the i2d function you'll get the
encoding back but it does that by reencoding the value so it may not match the
original if it's isn't DER.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org