CryptDecodeObjectEx function (wincrypt.h)
The CryptDecodeObjectEx function decodes a structure of the type indicated by the lpszStructType parameter. CryptDecodeObjectEx offers a significant performance improvement over CryptDecodeObject by supporting memory allocation with the CRYPT_DECODE_ALLOC_FLAG value.
Syntax
BOOL CryptDecodeObjectEx(
[in] DWORD dwCertEncodingType,
[in] LPCSTR lpszStructType,
[in] const BYTE *pbEncoded,
[in] DWORD cbEncoded,
[in] DWORD dwFlags,
[in] PCRYPT_DECODE_PARA pDecodePara,
[out] void *pvStructInfo,
[in, out] DWORD *pcbStructInfo
);
Parameters
[in] dwCertEncodingType
The type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them with a bitwise-OR operation as shown in the following example:
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
Currently defined encoding types are:
- X509_ASN_ENCODING
- PKCS_7_ASN_ENCODING
[in] lpszStructType
A pointer to an object identifier (OID) that defines the structure type. If the high-order word of the lpszStructType parameter is zero, the low-order word specifies the integer identifier for the type of the specified structure. Otherwise, this parameter is a long pointer to a null-terminated string.
For more information about object identifier strings, their predefined constants, and corresponding structures, see Constants for CryptEncodeObject and CryptDecodeObject.
[in] pbEncoded
A pointer to the data to be decoded. The structure must be of the type specified by lpszStructType.
[in] cbEncoded
The number of bytes pointed to by pbEncoded. This is the number of bytes to be decoded.
[in] dwFlags
This parameter can be one or more of the following flags. The flags can be combined by using a bitwise-OR operation.
| Value | Meaning |
|---|---|
|
The called decoding function allocates memory for the decoded structure. A pointer to the allocated structure is returned in pvStructInfo.
If pDecodePara or the pfnAlloc member of pDecodePara is NULL, then LocalAlloc is called for the allocation and LocalFree must be called to free the memory. If pDecodePara and the pfnAlloc member of pDecodePara are not NULL, then the function pointed to by pfnAlloc is called for the allocation and the function pointed to by the pfnFree member of pDecodePara must be called to free the memory. |
|
This flag is applicable for enabling Punycode decoding of Unicode string values. For more information, see Remarks.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported. |
|
This flag can be set to enable a "no copy" optimization. This optimization updates the pvStructInfo members to point to content that resides within pbEncoded instead of making a copy of the content and appending it to pvStructInfo. The calling application needs to allocate less memory and execution is faster because a copy is not made. Note that when performing "no copy" decoding, pbEncoded cannot be freed until pvStructInfo is freed. |
|
This flag is applicable when decoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. By default, CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as eight-bit characters. If this flag is set, it skips the initial attempt to decode the value as UTF8 and decodes the value as eight-bit characters. |
|
By default, the contents of the buffer pointed to by pbEncoded included the signed content and the signature. If this flag is set, the buffer includes only the "to be signed" content. This flag is applicable to X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED, X509_CRT_REQUEST_TO_BE_SIGNED, and X509_KEYGEN_REQUEST_TO_BE_SIGNED objects. |
|
When this flag is set, the OID strings are allocated in Crypt32.dll and shared instead of being copied into the returned data structure. This flag can be set if Crypt32.dll is not unloaded before the caller is unloaded. |
|
By default, the signature bytes are reversed. If this flag is set, this byte reversal is inhibited. |
[in] pDecodePara
A pointer to a CRYPT_DECODE_PARA structure that contains decoding paragraph information. If pDecodePara is set to NULL, then LocalAlloc and LocalFree are used to allocate and free memory. If pDecodePara points to a CRYPT_DECODE_PARA structure, that structure passes in callback functions to allocate and free memory. These callback functions override the default memory allocation of LocalAlloc and LocalFree.
[out] pvStructInfo
If the dwFlags CRYPT_ENCODE_ALLOC_FLAG is set, pvStructInfo is not a pointer to a buffer but is the address of a pointer to the buffer. Because memory is allocated inside the function and the pointer is stored at *pvStructInfo, pvStructInfo must never be NULL.
If CRYPT_ENCODE_ALLOC_FLAG is not set, pvStructInfo is a pointer to a buffer that receives the decoded structure. When the buffer that is specified is not large enough to receive the decoded structure, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo.
This parameter can be NULL to retrieve the size of this information for memory allocation purposes. For more information, see Retrieving Data of Unknown Length.
[in, out] pcbStructInfo
A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pvStructInfo parameter. When the function returns, the DWORD value contains the number of bytes stored in the buffer. The size contained in the variable pointed to by pcbStructInfo can indicate a size larger than the decoded structure because the decoded structure can include pointers to auxiliary data. This size is the sum of the size needed by the decoded structure and the auxiliary data.
When CRYPT_DECODE_ALLOC_FLAG is set, the initial value of *pcbStructInfo is not used by the function, and on return, *pcbStructInfo contains the number of bytes allocated for pvStructInfo.
Return value
If the function succeeds, the function returns nonzero (TRUE).
If the function fails, it returns zero (FALSE). For extended error information, call GetLastError. The following table shows some possible error codes.
| Return code | Description |
|---|---|
|
An error was encountered while decoding. |
|
A decoding function could not be found for the specified dwCertEncodingType and lpszStructType. |
|
If the buffer specified by the pvStructInfo parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo. |
If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.
Remarks
When encoding a cryptographic object using the preferred CryptEncodeObjectEx function, the terminating NULL character is included. When decoding, using the preferred CryptDecodeObjectEx function, the terminating NULL character is not retained.
Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure pointed to, directly or indirectly, has a reference to a CERT_ALT_NAME_ENTRY structure.
- X509_ALTERNATE_NAME
- szOID_AUTHORITY_INFO_ACCESS
- X509_AUTHORITY_INFO_ACCESS
- X509_AUTHORITY_KEY_ID2
- szOID_AUTHORITY_KEY_IDENTIFIER2
- szOID_CRL_DIST_POINTS
- X509_CRL_DIST_POINTS
- szOID_CROSS_CERT_DIST_POINTS
- X509_CROSS_CERT_DIST_POINTS
- szOID_ISSUER_ALT_NAME
- szOID_ISSUER_ALT_NAME2
- szOID_ISSUING_DIST_POINT
- X509_ISSUING_DIST_POINT
- X509_NAME_CONSTRAINTS
- szOID_NAME_CONSTRAINTS
- szOID_NEXT_UPDATE_LOCATION
- OCSP_REQUEST
- zOID_SUBJECT_ALT_NAME
- szOID_SUBJECT_ALT_NAME2
| dwAltNameChoice | Effect |
|---|---|
| CERT_ALT_NAME_DNS_NAME | If the host name contains a Punycode encoded IA5String string, it is converted to the Unicode equivalent. |
| CERT_ALT_NAME_RFC822_NAME | If the host name portion of the email address contains a Punycode encoded IA5String string, it is converted to its Unicode equivalent. |
| CERT_ALT_NAME_URL | The URI is decoded. If the server host name of the URI contains a Punycode encoded IA5String string, the host name string is decoded to the Unicode equivalent. |
Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure pointed to, directly or indirectly, has a reference to a CERT_HASHED_URL structure.
- szOID_LOGOTYPE_EXT
- X509_LOGOTYPE_EXT
- szOID_BIOMETRIC_EXT
- X509_BIOMETRIC_EXT
Each X509_UNICODE_NAME constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter.
- X509_UNICODE_NAME
Examples
For an example that uses this function, see Example C Program: ASN.1 Encoding and Decoding.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps | UWP apps] |
| Minimum supported server | Windows Server 2003 [desktop apps | UWP apps] |
| Target Platform | Windows |
| Header | wincrypt.h |
| Library | Crypt32.lib |
| DLL | Crypt32.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for