OpenBSD manual page server

Manual Page Search Parameters

OBJ_NID2OBJ(3) Library Functions Manual OBJ_NID2OBJ(3)

OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_txt2nid, OBJ_txt2obj, OBJ_obj2txt, OBJ_cmp, OBJ_dup, OBJ_create, OBJ_cleanup, i2t_ASN1_OBJECTinspect and create ASN.1 object identifiers

#include <openssl/objects.h>

ASN1_OBJECT *
OBJ_nid2obj(int n);

const char *
OBJ_nid2ln(int n);

const char *
OBJ_nid2sn(int n);

int
OBJ_obj2nid(const ASN1_OBJECT *o);

int
OBJ_ln2nid(const char *ln);

int
OBJ_sn2nid(const char *sn);

int
OBJ_txt2nid(const char *s);

ASN1_OBJECT *
OBJ_txt2obj(const char *s, int no_name);

int
OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);

int
OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);

ASN1_OBJECT *
OBJ_dup(const ASN1_OBJECT *o);

int
OBJ_create(const char *oid, const char *sn, const char *ln);

void
OBJ_cleanup(void);

#include <openssl/asn1.h>

int
i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);

The ASN.1 object utility functions process ASN1_OBJECT structures which are a representation of the ASN.1 OBJECT IDENTIFIER (OID) type. For convenience, OIDs are usually represented in source code as numeric identifiers, or NIDs. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values — OIDs, NIDs, or names — as constants.

(), (), and () convert the NID n to an ASN1_OBJECT structure, its long name, and its short name, respectively, or return NULL if an error occurred.

(), (), and () return the corresponding NID for the object o, the long name ln, or the short name sn, respectively, or NID_undef if an error occurred.

() returns the NID corresponding to text string s. s can be a long name, a short name, or the numerical representation of an object.

() converts the text string s into an ASN1_OBJECT structure. If no_name is 0 then long names and short names will be interpreted as well as numerical forms. If no_name is 1 only the numerical form is acceptable.

() converts the ASN1_OBJECT a into a textual representation. The representation is written as a NUL terminated string to buf. At most buf_len bytes are written, truncating the result if necessary. The total amount of space required is returned. If no_name is 0 and the object has a long or short name, then that will be used, otherwise the numerical form will be used.

() is the same as OBJ_obj2txt() with no_name set to 0.

() compares a to b. If the two are identical, 0 is returned.

() returns a deep copy of o if o is marked as dynamically allocated. The new object and all data contained in it is marked as dynamically allocated. If o is not marked as dynamically allocated, OBJ_dup() just returns o itself.

() adds a new object to the internal table. oid is the numerical form of the object, sn the short name and ln the long name. A new NID is returned for the created object.

The new object added to the internal table and all the data contained in it is marked as not dynamically allocated. Consequently, retrieving it with () or a similar function and then calling ASN1_OBJECT_free(3) on the returned pointer will have no effect.

() cleans up the internal object table: this should be called before an application exits if any new objects were added using OBJ_create().

Objects can have a short name, a long name, and a numerical identifier (NID) associated with them. A standard set of objects is represented in an internal table. The appropriate values are defined in the header file <openssl/objects.h>.

For example, the OID for commonName has the following definitions:

#define SN_commonName                   "CN"
#define LN_commonName                   "commonName"
#define NID_commonName                  13

New objects can be added by calling ().

Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. They are also static constant structures which are shared: that is there is only a single constant structure for each table object.

Objects which are not in the table have the NID value NID_undef.

Objects do not need to be in the internal tables to be processed: the functions () and OBJ_obj2txt() can process the numerical form of an OID.

OBJ_nid2obj() and OBJ_dup() return an ASN1_OBJECT object or NULL if an error occurs.

OBJ_nid2ln() and OBJ_nid2sn() return a valid string or NULL on error.

OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid(), and OBJ_txt2nid() return a NID or NID_undef on error.

OBJ_create() returns the new NID or NID_undef if an error occurs.

In some cases of failure of OBJ_nid2obj(), OBJ_nid2ln(), OBJ_nid2sn(), OBJ_txt2nid(), OBJ_txt2obj(), OBJ_obj2txt(), OBJ_dup(), OBJ_create(), and i2t_ASN1_OBJECT(), the reason can be determined with ERR_get_error(3).

Create an object for commonName:

ASN1_OBJECT *o;
o = OBJ_nid2obj(NID_commonName);

Check if an object is commonName:

if (OBJ_obj2nid(obj) == NID_commonName)
	/* Do something */

Create a new NID and initialize an object from it:

int new_nid;
ASN1_OBJECT *obj;
new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
obj = OBJ_nid2obj(new_nid);

Create a new object directly:

obj = OBJ_txt2obj("1.2.3.4", 1);

ASN1_OBJECT_new(3), d2i_ASN1_OBJECT(3)

OBJ_nid2obj(), OBJ_nid2ln(), OBJ_nid2sn(), OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid(), OBJ_txt2nid(), OBJ_cmp(), and OBJ_dup() first appeared in SSLeay 0.5.1. OBJ_cleanup() first appeared in SSLeay 0.8.0. OBJ_create() and i2t_ASN1_OBJECT() first appeared in SSLeay 0.9.0. All these functions have been available since OpenBSD 2.4.

OBJ_txt2obj() first appeared in OpenSSL 0.9.2b. OBJ_obj2txt() first appeared in OpenSSL 0.9.4. Both functions have been available since OpenBSD 2.6.

OBJ_obj2txt() is awkward and messy to use: it doesn't follow the convention of other OpenSSL functions where the buffer can be set to NULL to determine the amount of data that should be written. Instead buf must point to a valid buffer and buf_len should be set to a positive value. A buffer length of 80 should be more than enough to handle any OID encountered in practice.

June 14, 2019 OpenBSD-6.7