[openssl-users] Convert a x509 cert with PEM format

paul von paulvon73 at gmail.com
Thu Oct 15 11:51:28 UTC 2015 

Hi All:

      i have met a problem. Now i am wirting a c function that convert a
PEM x509 cert in a buffer (yes, the pem x509 cert is in the buffer, not in
a pem file) into a DER x509 cert in a buffer (not in der file)too. I wrote
the c code:

// inBuff-->IN_BIO-->X509-->outBuff
int buf_cert_convert_pem_to_der(const unsigned char *in, int inLen,
unsigned char *out, int *outLen)
{
int ret = 0;
BIO *bio_in = NULL;
X509 *x509 = NULL;
unsigned char *der_cert_buff = NULL;
int len = 0;

bio_in = BIO_new_mem_buf((void *)in, inLen);
if(bio_in == NULL)
{
printf("BIO_new_mem_buf a bio_in error! \n");
ret = -1;
goto err;
}

if (!PEM_read_bio_X509(bio_in, &x509, NULL, NULL))
{
printf("PEM_read_bio_X509 read x509 cert from bio error! \n");
ret = -1;
goto err;
}

len = i2d_X509(x509, NULL);
if (len <= 0)
{
printf("i2d_X509 read x509 cert length error! \n");
ret = -1;
goto err;
}

if(len > *outLen)
{
printf("the out buff length is not enough for the x509 cert error! \n");
ret = -1;
goto err;
}

der_cert_buff = (unsigned char *)malloc(len);
if(der_cert_buff == NULL)
{
printf("alloc mem error! \n");
ret = -1;
goto err;
}

memset(der_cert_buff, 0, len);
len = i2d_X509(x509, &der_cert_buff);   //????
if (len <= 0)
{
printf("i2d_X509 read x509 cert error! \n");
ret = -1;
goto err;
}
//debug
printf("der file len: %d bytes \n", len);

memcpy(out, der_cert_buff, len);
*outLen = len;
ret = 0;

err:
//  Does der_cert_buff need free manually? when i  free manually, it will
collapse. I donot know why. It always free manually when you use **poiter?
/*
if (der_cert_buff != NULL)
free(der_cert_buff);
*/
if (bio_in != NULL)
BIO_free(bio_in);
if (x509 != NULL)
X509_free(x509);

    return ret;
}

Question:
1. Am i right? when i debug this program i always wrong... I cannot find
out the reason.
2.  In the funtion i2d_X509(x509, &der_cert_buff), Does der_cert_buff  need
to be
free manually? when i free ,it would collapse -:(
thanks.

BTWa: I wrote a test c code bellow:
// test for buf_cert_convert_pem_to_der
#define PEM_CERT_FILE "test_cert.pem"
#define DER_CERT_FILE "test_cert.der"
int test5()
{
int inLen = 0, outLen = DATA_BUFF_LEN;
unsigned char in[DATA_BUFF_LEN], out[DATA_BUFF_LEN];
FILE *pem_f = NULL, *der_f = NULL;
unsigned long fileLen = 0;
int ret = 0;

fileLen = get_file_size(PEM_CERT_FILE);
if(fileLen < 0)
{
printf("get pem file length error\n");
ret = -1;
goto err;
}

if((pem_f = fopen(PEM_CERT_FILE, "r")) == NULL)
    {
        printf("open pem file error! \n");
        ret = -1;
        goto err;
    }

    memset(in, 0, DATA_BUFF_LEN);
    do
    {
    ret = fread(in, DATA_BUFF_LEN, 1, pem_f);
    }while(ret > 0);

if(ret < 0)
{
printf("read pem file error\n");
ret = -1;
goto err;
}
ret = 0;

memset(out, 0, DATA_BUFF_LEN);
ret = buf_cert_convert_pem_to_der(in, fileLen, out, &outLen);
if(ret != 0)
{
printf("buf_cert_convert_pem_to_der error\n");
ret = -1;
goto err;
}

if((der_f = fopen(DER_CERT_FILE, "wb+")) == NULL)
    {
        printf("open der file error! \n");
        ret = -1;
        goto err;
    }

    ret = fwrite(out, outLen, 1, der_f);
if(ret <= 0)
{
printf("write der file error \n");
ret = -1;
goto err;
}
ret = 0;

printf("buf_cert_convert_pem_to_der ok! \n");

err:
if(der_f != NULL)
fclose(der_f);
if(pem_f != NULL)
fclose(pem_f);
return ret;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151015/58e167fa/attachment.html>

More information about the openssl-users mailing list