— decode and encode ASN.1 object
**val_out, unsigned char **der_in,
*val_in, unsigned char **der_out);
const unsigned char *
These functions decode and encode ASN.1 object identifiers. For details about the semantics, examples, caveats, and bugs, see ASN1_item_d2i(3).
The LibreSSL implementation of
ASN1_OBJECT_free(3) if an existing object is passed in via
val_out and it always creates a new object from
scratch. Other implementations may attempt to reuse an existing object,
which is fragile and prone to bugs. Consequently, always passing
NULL for the val_out argument
The objects returned from
and the data contained in them are always marked as dynamically allocated,
so when they are no longer needed,
ASN1_OBJECT_free(3) can be called on them.
encodes the object identifier pointed to by val_in
into DER format.
only deal with the content octets of that DER encoding, without taking the
identifier and length octets into account.
d2i_ASN1_OBJECT() returns a pointer to the
new ASN1_OBJECT object or
if an error occurs. With other implementations, it might return a pointer to
the reused ASN1_OBJECT.
i2d_ASN1_OBJECT() returns the number of
octets successfully encoded or a value <= 0 if an error occurs.
OBJ_get0_data() returns an internal
pointer to the first content octet of the DER encoding of
val_in. The other content octets follow the returned
OBJ_length() returns the
number of content octets contained in the DER encoding of
val_in. This number is always smaller than the total
length of the encoding returned by
If val_in is a
pointer or points to an empty object, for example one freshly created with
a2d_ASN1_OBJECT(3), ASN1_item_d2i(3), ASN1_OBJECT_new(3), ASN1_put_object(3), OBJ_nid2obj(3)
ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), section 8.19: Encoding of an object identifier value
i2d_ASN1_OBJECT() first appeared in SSLeay 0.5.1 and
have been available since OpenBSD 2.4.
OBJ_length() first appeared in OpenSSL 1.1.0 and
have been available since OpenBSD 7.1.
d2i_ASN1_OBJECT() never sets the long and
short names of the object, not even if the object identifier matches one
that is built into the library. To find the names of an object identifier
parsed from DER or BER input, call
OBJ_obj2nid(3) on the returned object, and then
OBJ_nid2ln(3) on the result.
OBJ_get0_data() and then accessing
memory in front of the returned pointer results in undefined behaviour. In
particular, it is not possible to find the identifier or length octets in
that way; use