[openssl-users] Convert a x509 cert with PEM format

paul von paulvon73 at gmail.com
Thu Oct 15 12:08:27 UTC 2015


i write a c function which convert a pem cert file to a der cert file, it
is ok.

On Thu, Oct 15, 2015 at 7:51 PM, paul von <paulvon73 at gmail.com> wrote:

> Hi All:
>
>       i have met a problem. Now i am wirting a c function that convert a
> PEM x509 cert in a buffer (yes, the pem x509 cert is in the buffer, not in
> a pem file) into a DER x509 cert in a buffer (not in der file)too. I wrote
> the c code:
>
> // inBuff-->IN_BIO-->X509-->outBuff
> int buf_cert_convert_pem_to_der(const unsigned char *in, int inLen,
> unsigned char *out, int *outLen)
> {
> int ret = 0;
> BIO *bio_in = NULL;
> X509 *x509 = NULL;
> unsigned char *der_cert_buff = NULL;
> int len = 0;
>
> bio_in = BIO_new_mem_buf((void *)in, inLen);
> if(bio_in == NULL)
> {
> printf("BIO_new_mem_buf a bio_in error! \n");
> ret = -1;
> goto err;
> }
>
> if (!PEM_read_bio_X509(bio_in, &x509, NULL, NULL))
> {
> printf("PEM_read_bio_X509 read x509 cert from bio error! \n");
> ret = -1;
> goto err;
> }
>
> len = i2d_X509(x509, NULL);
> if (len <= 0)
> {
> printf("i2d_X509 read x509 cert length error! \n");
> ret = -1;
> goto err;
> }
>
> if(len > *outLen)
> {
> printf("the out buff length is not enough for the x509 cert error! \n");
> ret = -1;
> goto err;
> }
>
> der_cert_buff = (unsigned char *)malloc(len);
> if(der_cert_buff == NULL)
> {
> printf("alloc mem error! \n");
> ret = -1;
> goto err;
> }
>
> memset(der_cert_buff, 0, len);
> len = i2d_X509(x509, &der_cert_buff);   //????
> if (len <= 0)
> {
> printf("i2d_X509 read x509 cert error! \n");
> ret = -1;
> goto err;
> }
> //debug
> printf("der file len: %d bytes \n", len);
>
> memcpy(out, der_cert_buff, len);
> *outLen = len;
> ret = 0;
>
> err:
> //  Does der_cert_buff need free manually? when i  free manually, it will
> collapse. I donot know why. It always free manually when you use **poiter?
> /*
> if (der_cert_buff != NULL)
> free(der_cert_buff);
> */
> if (bio_in != NULL)
> BIO_free(bio_in);
> if (x509 != NULL)
> X509_free(x509);
>
>     return ret;
> }
>
> Question:
> 1. Am i right? when i debug this program i always wrong... I cannot find
> out the reason.
> 2.  In the funtion i2d_X509(x509, &der_cert_buff), Does der_cert_buff
>  need to be
> free manually? when i free ,it would collapse -:(
> thanks.
>
> BTWa: I wrote a test c code bellow:
> // test for buf_cert_convert_pem_to_der
> #define PEM_CERT_FILE "test_cert.pem"
> #define DER_CERT_FILE "test_cert.der"
> int test5()
> {
> int inLen = 0, outLen = DATA_BUFF_LEN;
> unsigned char in[DATA_BUFF_LEN], out[DATA_BUFF_LEN];
> FILE *pem_f = NULL, *der_f = NULL;
> unsigned long fileLen = 0;
> int ret = 0;
>
> fileLen = get_file_size(PEM_CERT_FILE);
> if(fileLen < 0)
> {
> printf("get pem file length error\n");
> ret = -1;
> goto err;
> }
>
> if((pem_f = fopen(PEM_CERT_FILE, "r")) == NULL)
>     {
>         printf("open pem file error! \n");
>         ret = -1;
>         goto err;
>     }
>
>     memset(in, 0, DATA_BUFF_LEN);
>     do
>     {
>     ret = fread(in, DATA_BUFF_LEN, 1, pem_f);
>     }while(ret > 0);
>
> if(ret < 0)
> {
> printf("read pem file error\n");
> ret = -1;
> goto err;
> }
> ret = 0;
>
> memset(out, 0, DATA_BUFF_LEN);
> ret = buf_cert_convert_pem_to_der(in, fileLen, out, &outLen);
> if(ret != 0)
> {
> printf("buf_cert_convert_pem_to_der error\n");
> ret = -1;
> goto err;
> }
>
> if((der_f = fopen(DER_CERT_FILE, "wb+")) == NULL)
>     {
>         printf("open der file error! \n");
>         ret = -1;
>         goto err;
>     }
>
>     ret = fwrite(out, outLen, 1, der_f);
> if(ret <= 0)
> {
> printf("write der file error \n");
> ret = -1;
> goto err;
> }
> ret = 0;
>
> printf("buf_cert_convert_pem_to_der ok! \n");
>
> err:
> if(der_f != NULL)
> fclose(der_f);
> if(pem_f != NULL)
> fclose(pem_f);
> return ret;
> }
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151015/540b4d27/attachment-0001.html>


More information about the openssl-users mailing list