using System; using System.Runtime.InteropServices; using Vanara.InteropServices; namespace Vanara.PInvoke { ///

Methods and data types found in Crypt32.dll.

public static partial class Crypt32 { ///

Decoding options.

[PInvokeData("wincrypt.h", MSDNShortId = "7d5ed4f4-9d76-4a16-9059-27b0edd83459")] [Flags] public enum CryptDecodeFlags { ///

/// This flag can be set to indicate that "no copy" optimization is enabled. This optimization, where applicable, updates the /// pvStructInfo parameter to point to content residing within pbEncoded instead of making a copy of the content and appending /// it to pvStructInfo. For applicable cases, less memory needs to be allocated by the calling application and execution is /// faster because a copy is not being made. Note that the trade-off when performing a "no copy" decoding is that pbEncoded /// cannot be freed until pvStructInfo is freed. ///

CRYPT_DECODE_NOCOPY_FLAG = 0x1, ///

/// By default, the contents of the buffer pointed to by pbEncoded included the signed content and the signature. If this flag /// is set, the buffer includes only the "to be signed" content. This flag is applicable to X509_CERT_TO_BE_SIGNED, /// X509_CERT_CRL_TO_BE_SIGNED, X509_CRT_REQUEST_TO_BE_SIGNED, and X509_KEYGEN_REQUEST_TO_BE_SIGNED objects. ///

CRYPT_DECODE_TO_BE_SIGNED_FLAG = 0x2, ///

/// When this flag is set, the OID stings are allocated in Crypt32.dll and shared instead of being copied into the returned data /// structure. This flag can be set if Crypt32.dll is not unloaded before the caller is unloaded. ///

CRYPT_DECODE_SHARE_OID_STRING_FLAG = 0x4, ///

By default, the signature bytes are reversed. If this flag is set, this byte reversal is inhibited.

CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG = 0x8, ///

/// The called decoding function allocates memory for the decoded structure. A pointer to the allocated structure is returned in pvStructInfo. /// /// If pDecodePara or the pfnAlloc member of pDecodePara is NULL, then LocalAlloc is called for the allocation and LocalFree /// must be called to free the memory. /// /// /// If pDecodePara and the pfnAlloc member of pDecodePara are not NULL, then the function pointed to by pfnAlloc is called for /// the allocation and the function pointed to by the pfnFree member of pDecodePara must be called to free the memory. /// ///

CRYPT_DECODE_ALLOC_FLAG = 0x8000, ///

/// This flag is applicable when decoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. By default, /// CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as /// eight-bit characters. If this flag is set, it skips the initial attempt to decode the value as UTF8 and decodes the value as /// eight-bit characters. ///

CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG = 0x01000000, ///

/// This flag is applicable for enabling Punycode decoding of Unicode string values. For more information, see Remarks. /// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported. ///

CRYPT_DECODE_ENABLE_PUNYCODE_FLAG = 0x02000000, ///

CRYPT_DECODE_ENABLE_UTF8PERCENT_FLAG = 0x04000000, ///

CRYPT_DECODE_ENABLE_IA5CONVERSION_FLAG = CRYPT_DECODE_ENABLE_PUNYCODE_FLAG | CRYPT_DECODE_ENABLE_UTF8PERCENT_FLAG, } ///

Specifies options for the encoding.

[PInvokeData("wincrypt.h", MSDNShortId = "45134db8-059b-43d3-90c2-9b6cc970fca0")] [Flags] public enum CryptEncodeFlags : uint { ///

CRYPT_ENCODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG = 0x8, ///

/// The called encoding function allocates memory for the encoded bytes. A pointer to the allocated bytes is returned in pvEncoded. ///

CRYPT_ENCODE_ALLOC_FLAG = 0x8000, ///

This flag is applicable when encoding X509_UNICODE_NAME. If this flag is set and all the Unicode characters are <= /// 0xFF, the CERT_RDN_T61_STRING is selected instead of the CERT_RDN_UNICODE_STRING.

CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG = 0x80000000, ///

/// This flag is applicable when encoding an X509_UNICODE_NAME. When set, CERT_RDN_UTF8_STRING is selected instead of CERT_RDN_UNICODE_STRING. ///

CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG = 0x20000000, ///

/// This flag is applicable when encoding an X509_UNICODE_NAME. When set, CERT_RDN_UTF8_STRING is selected instead of /// CERT_RDN_PRINTABLE_STRING for directory string types. Also, this flag enables CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG. ///

CRYPT_UNICODE_NAME_ENCODE_FORCE_UTF8_UNICODE_FLAG = 0x10000000, ///

/// This flag is applicable when encoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. If this flag /// is set, the characters are not checked to determine whether they are valid for the specified value type. ///

CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG = 0x40000000, ///

CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG = 0x10000, ///

/// This flag is applicable for enabling Punycode encoding of Unicode string values. For more information, see Remarks. /// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported. ///

CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG = 0x20000, ///

CRYPT_ENCODE_ENABLE_UTF8PERCENT_FLAG = 0x40000, ///

CRYPT_ENCODE_ENABLE_IA5CONVERSION_FLAG = CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG | CRYPT_ENCODE_ENABLE_UTF8PERCENT_FLAG, } ///

/// The CryptDecodeObject function decodes a structure of the type indicated by the lpszStructType parameter. The use of /// CryptDecodeObjectEx is recommended as an API that performs the same function with significant performance improvements. ///

/// /// /// Type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them with /// a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING /// Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// Note Either a certificate or message encoding type is required. X509_ASN_ENCODING is the default. If that type is /// indicated, it is used. Otherwise, if the PKCS7_ASN_ENCODING type is indicated, it is used. /// /// /// /// /// A pointer to an OID defining the structure type. If the high-order word of the lpszStructType parameter is zero, the low-order /// word specifies the integer identifier for the type of the specified structure. Otherwise, this parameter is a long pointer to a /// null-terminated string. /// /// /// For more information about object identifier strings, their predefined constants and corresponding structures, see Constants for /// CryptEncodeObject and CryptDecodeObject. /// /// /// A pointer to the encoded structure to be decoded. /// Number of bytes pointed to by pbEncoded. /// /// The following flags are defined. They can be combined with a bitwise- OR operation. /// /// /// Value /// Meaning /// /// /// CRYPT_DECODE_NOCOPY_FLAG /// /// This flag can be set to indicate that "no copy" optimization is enabled. This optimization, where applicable, updates the /// pvStructInfo parameter to point to content residing within pbEncoded instead of making a copy of the content and appending it to /// pvStructInfo. For applicable cases, less memory needs to be allocated by the calling application and execution is faster because /// a copy is not being made. Note that the trade-off when performing a "no copy" decoding is that pbEncoded cannot be freed until /// pvStructInfo is freed. /// /// /// /// CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG /// /// This flag is applicable when decoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. By default, /// CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as /// eight-bit characters. If this flag is set, it skips the initial attempt to decode the value as UTF8 and decodes the value as /// eight-bit characters. /// /// /// /// CRYPT_DECODE_TO_BE_SIGNED_FLAG /// /// By default, the contents of the buffer pointed to by pbEncoded included the signed content and the signature. If this flag is /// set, the buffer includes only the "to be signed" content. This flag is applicable to X509_CERT_TO_BE_SIGNED, /// X509_CERT_CRL_TO_BE_SIGNED, X509_CRT_REQUEST_TO_BE_SIGNED, and X509_KEYGEN_REQUEST_TO_BE_SIGNED objects. /// /// /// /// CRYPT_DECODE_SHARE_OID_STRING_FLAG /// /// When this flag is set, the OID stings are allocated in Crypt32.dll and shared instead of being copied into the returned data /// structure. This flag can be set if Crypt32.dll is not unloaded before the caller is unloaded. /// /// /// /// CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG /// By default, the signature bytes are reversed. If this flag is set, this byte reversal is inhibited. /// /// /// /// /// /// A pointer to a buffer to receive the decoded structure. When the buffer that is specified is not large enough to receive the /// decoded structure, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable /// pointed to by pcbStructInfo. /// /// /// This parameter can be NULL to retrieve the size of this information for memory allocation purposes. For more information, /// see Retrieving Data of Unknown Length. /// /// /// /// /// A pointer to a DWORD value specifying the size, in bytes, of the buffer pointed to by the pvStructInfo parameter. When /// the function returns, this DWORD value contains the size of the decoded data copied to pvStructInfo. The size contained /// in the variable pointed to by pcbStructInfo can indicate a size larger than the decoded structure, as the decoded structure can /// include pointers to other structures. This size is the sum of the size needed by the decoded structure and other structures /// pointed to. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually /// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to /// by this parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// /// If the function succeeds, the return value is nonzero ( TRUE). /// /// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError. Some /// possible error codes are listed in the following table. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_BAD_ENCODE /// An error was encountered while decoding. /// /// /// ERROR_FILE_NOT_FOUND /// A decoding function could not be found for the specified dwCertEncodingType and lpszStructType /// /// /// ERROR_MORE_DATA /// /// If the buffer specified by the pvStructInfo parameter is not large enough to hold the returned data, the function sets the /// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo. /// /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// /// /// /// When encoding a cryptographic object using the preferred CryptEncodeObjectEx function, the terminating NULL character is /// included. When decoding, using the preferred CryptDecodeObjectEx function, the terminating NULL character is not retained. /// /// Examples /// For an example that uses this function, see Example C Program: ASN.1 Encoding and Decoding. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecodeobject BOOL CryptDecodeObject( DWORD // dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD // *pcbStructInfo ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "7d5ed4f4-9d76-4a16-9059-27b0edd83459")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptDecodeObject(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded, CryptDecodeFlags dwFlags, [Out] IntPtr pvStructInfo, ref uint pcbStructInfo); ///

/// The CryptDecodeObjectEx function decodes a structure of the type indicated by the lpszStructType parameter. /// CryptDecodeObjectEx offers a significant performance improvement over CryptDecodeObject by supporting memory allocation /// with the CRYPT_DECODE_ALLOC_FLAG value. ///

/// /// /// The type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them /// with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING /// Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// Note Either a certificate or message encoding type is required. X509_ASN_ENCODING is the default. If that type is /// indicated, it is used. Otherwise, if the PKCS7_ASN_ENCODING type is indicated, it is used. /// /// /// /// /// A pointer to an object identifier (OID) that defines the structure type. If the high-order word of the lpszStructType parameter /// is zero, the low-order word specifies the integer identifier for the type of the specified structure. Otherwise, this parameter /// is a long pointer to a null-terminated string. /// /// /// For more information about object identifier strings, their predefined constants, and corresponding structures, see Constants /// for CryptEncodeObject and CryptDecodeObject. /// /// /// A pointer to the data to be decoded. The structure must be of the type specified by lpszStructType. /// The number of bytes pointed to by pbEncoded. This is the number of bytes to be decoded. /// /// This parameter can be one or more of the following flags. The flags can be combined by using a bitwise- OR operation. /// /// /// Value /// Meaning /// /// /// CRYPT_DECODE_ALLOC_FLAG /// /// The called decoding function allocates memory for the decoded structure. A pointer to the allocated structure is returned in /// pvStructInfo. If pDecodePara or the pfnAlloc member of pDecodePara is NULL, then LocalAlloc is called for the allocation and /// LocalFree must be called to free the memory. If pDecodePara and the pfnAlloc member of pDecodePara are not NULL, then the /// function pointed to by pfnAlloc is called for the allocation and the function pointed to by the pfnFree member of pDecodePara /// must be called to free the memory. /// /// /// /// CRYPT_DECODE_ENABLE_PUNYCODE_FLAG 33554432 (0x2000000) /// /// This flag is applicable for enabling Punycode decoding of Unicode string values. For more information, see Remarks. Windows /// Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported. /// /// /// /// CRYPT_DECODE_NOCOPY_FLAG /// /// This flag can be set to enable a "no copy" optimization. This optimization updates the pvStructInfo members to point to content /// that resides within pbEncoded instead of making a copy of the content and appending it to pvStructInfo. The calling application /// needs to allocate less memory and execution is faster because a copy is not made. Note that when performing "no copy" decoding, /// pbEncoded cannot be freed until pvStructInfo is freed. /// /// /// /// CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG /// /// This flag is applicable when decoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. By default, /// CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as /// eight-bit characters. If this flag is set, it skips the initial attempt to decode the value as UTF8 and decodes the value as /// eight-bit characters. /// /// /// /// CRYPT_DECODE_TO_BE_SIGNED_FLAG /// /// By default, the contents of the buffer pointed to by pbEncoded included the signed content and the signature. If this flag is /// set, the buffer includes only the "to be signed" content. This flag is applicable to X509_CERT_TO_BE_SIGNED, /// X509_CERT_CRL_TO_BE_SIGNED, X509_CRT_REQUEST_TO_BE_SIGNED, and X509_KEYGEN_REQUEST_TO_BE_SIGNED objects. /// /// /// /// CRYPT_DECODE_SHARE_OID_STRING_FLAG /// /// When this flag is set, the OID strings are allocated in Crypt32.dll and shared instead of being copied into the returned data /// structure. This flag can be set if Crypt32.dll is not unloaded before the caller is unloaded. /// /// /// /// CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG /// By default, the signature bytes are reversed. If this flag is set, this byte reversal is inhibited. /// /// /// /// /// A pointer to a CRYPT_DECODE_PARA structure that contains decoding paragraph information. If pDecodePara is set to NULL, /// then LocalAlloc and LocalFree are used to allocate and free memory. If pDecodePara points to a CRYPT_DECODE_PARA /// structure, that structure passes in callback functions to allocate and free memory. These callback functions override the /// default memory allocation of LocalAlloc and LocalFree. /// /// /// /// If the dwFlags CRYPT_ENCODE_ALLOC_FLAG is set, pvStructInfo is not a pointer to a buffer but is the address of a pointer to the /// buffer. Because memory is allocated inside the function and the pointer is stored at *pvStructInfo, pvStructInfo must never be NULL. /// /// /// If CRYPT_ENCODE_ALLOC_FLAG is not set, pvStructInfo is a pointer to a buffer that receives the decoded structure. When the /// buffer that is specified is not large enough to receive the decoded structure, the function sets the ERROR_MORE_DATA code and /// stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo. /// /// /// This parameter can be NULL to retrieve the size of this information for memory allocation purposes. For more information, /// see Retrieving Data of Unknown Length. /// /// /// /// /// A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pvStructInfo parameter. /// When the function returns, the DWORD value contains the number of bytes stored in the buffer. The size contained in the /// variable pointed to by pcbStructInfo can indicate a size larger than the decoded structure because the decoded structure can /// include pointers to auxiliary data. This size is the sum of the size needed by the decoded structure and the auxiliary data. /// /// /// When CRYPT_DECODE_ALLOC_FLAG is set, the initial value of *pcbStructInfo is not used by the function, and on return, /// *pcbStructInfo contains the number of bytes allocated for pvStructInfo. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually /// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to /// by this parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// /// If the function succeeds, the function returns nonzero ( TRUE). /// /// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError. The following table /// shows some possible error codes. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_BAD_ENCODE /// An error was encountered while decoding. /// /// /// ERROR_FILE_NOT_FOUND /// A decoding function could not be found for the specified dwCertEncodingType and lpszStructType. /// /// /// ERROR_MORE_DATA /// /// If the buffer specified by the pvStructInfo parameter is not large enough to hold the returned data, the function sets the /// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo. /// /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// /// /// /// When encoding a cryptographic object using the preferred CryptEncodeObjectEx function, the terminating NULL character is /// included. When decoding, using the preferred CryptDecodeObjectEx function, the terminating NULL character is not retained. /// /// /// Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure /// pointed to, directly or indirectly, has a reference to a CERT_ALT_NAME_ENTRY structure. /// /// /// /// X509_ALTERNATE_NAME /// /// /// szOID_AUTHORITY_INFO_ACCESS /// /// /// X509_AUTHORITY_INFO_ACCESS /// /// /// X509_AUTHORITY_KEY_ID2 /// /// /// szOID_AUTHORITY_KEY_IDENTIFIER2 /// /// /// szOID_CRL_DIST_POINTS /// /// /// X509_CRL_DIST_POINTS /// /// /// szOID_CROSS_CERT_DIST_POINTS /// /// /// X509_CROSS_CERT_DIST_POINTS /// /// /// szOID_ISSUER_ALT_NAME /// /// /// szOID_ISSUER_ALT_NAME2 /// /// /// szOID_ISSUING_DIST_POINT /// /// /// X509_ISSUING_DIST_POINT /// /// /// X509_NAME_CONSTRAINTS /// /// /// szOID_NAME_CONSTRAINTS /// /// /// szOID_NEXT_UPDATE_LOCATION /// /// /// OCSP_REQUEST /// /// /// zOID_SUBJECT_ALT_NAME /// /// /// szOID_SUBJECT_ALT_NAME2 /// /// /// /// The CRYPT_DECODE_ENABLE_PUNYCODE_FLAG flag, in conjunction with the value of the dwAltNameChoice member of the /// CERT_ALT_NAME_ENTRY structure, determines the manner in which strings are encoded. /// /// /// /// dwAltNameChoice /// Effect /// /// /// CERT_ALT_NAME_DNS_NAME /// If the host name contains a Punycode encoded IA5String string, it is converted to the Unicode equivalent. /// /// /// CERT_ALT_NAME_RFC822_NAME /// /// If the host name portion of the email address contains a Punycode encoded IA5String string, it is converted to its Unicode equivalent. /// /// /// /// CERT_ALT_NAME_URL /// /// The URI is decoded. If the server host name of the URI contains a Punycode encoded IA5String string, the host name string is /// decoded to the Unicode equivalent. /// /// /// /// /// Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure /// pointed to, directly or indirectly, has a reference to a CERT_HASHED_URL structure. /// /// /// /// szOID_LOGOTYPE_EXT /// /// /// X509_LOGOTYPE_EXT /// /// /// szOID_BIOMETRIC_EXT /// /// /// X509_BIOMETRIC_EXT /// /// /// /// When decoding the CERT_HASHED_URL structure value, the URI is decoded. If the host name contains a Punycode encoded host name, /// it is converted to the Unicode equivalent. /// /// /// Each X509_UNICODE_NAME constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. /// /// /// /// X509_UNICODE_NAME /// /// /// /// If the pszObjId member of the CERT_RDN_ATTR structure is set to szOID_RSA_emailAddr and the email address in the /// Value member contains Punycode encoded string, it is converted to the Unicode equivalent. /// /// Examples /// For an example that uses this function, see Example C Program: ASN.1 Encoding and Decoding. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecodeobjectex BOOL CryptDecodeObjectEx( DWORD // dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, // void *pvStructInfo, DWORD *pcbStructInfo ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "bf1935f0-1ab0-4068-9ed5-8fbb2c286b8a")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptDecodeObjectEx(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded, CryptDecodeFlags dwFlags, in CRYPT_DECODE_PARA pDecodePara, [Out] IntPtr pvStructInfo, ref uint pcbStructInfo); ///

/// /// /// The type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them /// with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING /// Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// Note Either a certificate or message encoding type is required. X509_ASN_ENCODING is the default. If that type is /// indicated, it is used. Otherwise, if the PKCS7_ASN_ENCODING type is indicated, it is used. /// /// /// /// /// A pointer to an object identifier (OID) that defines the structure type. If the high-order word of the lpszStructType parameter /// is zero, the low-order word specifies the integer identifier for the type of the specified structure. Otherwise, this parameter /// is a long pointer to a null-terminated string. /// /// /// For more information about object identifier strings, their predefined constants, and corresponding structures, see Constants /// for CryptEncodeObject and CryptDecodeObject. /// /// /// A pointer to the data to be decoded. The structure must be of the type specified by lpszStructType. /// The number of bytes pointed to by pbEncoded. This is the number of bytes to be decoded. /// /// This parameter can be one or more of the following flags. The flags can be combined by using a bitwise- OR operation. /// /// /// Value /// Meaning /// /// /// CRYPT_DECODE_ALLOC_FLAG /// /// The called decoding function allocates memory for the decoded structure. A pointer to the allocated structure is returned in /// pvStructInfo. If pDecodePara or the pfnAlloc member of pDecodePara is NULL, then LocalAlloc is called for the allocation and /// LocalFree must be called to free the memory. If pDecodePara and the pfnAlloc member of pDecodePara are not NULL, then the /// function pointed to by pfnAlloc is called for the allocation and the function pointed to by the pfnFree member of pDecodePara /// must be called to free the memory. /// /// /// /// CRYPT_DECODE_ENABLE_PUNYCODE_FLAG 33554432 (0x2000000) /// /// This flag is applicable for enabling Punycode decoding of Unicode string values. For more information, see Remarks. Windows /// Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported. /// /// /// /// CRYPT_DECODE_NOCOPY_FLAG /// /// This flag can be set to enable a "no copy" optimization. This optimization updates the pvStructInfo members to point to content /// that resides within pbEncoded instead of making a copy of the content and appending it to pvStructInfo. The calling application /// needs to allocate less memory and execution is faster because a copy is not made. Note that when performing "no copy" decoding, /// pbEncoded cannot be freed until pvStructInfo is freed. /// /// /// /// CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG /// /// This flag is applicable when decoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. By default, /// CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as /// eight-bit characters. If this flag is set, it skips the initial attempt to decode the value as UTF8 and decodes the value as /// eight-bit characters. /// /// /// /// CRYPT_DECODE_TO_BE_SIGNED_FLAG /// /// By default, the contents of the buffer pointed to by pbEncoded included the signed content and the signature. If this flag is /// set, the buffer includes only the "to be signed" content. This flag is applicable to X509_CERT_TO_BE_SIGNED, /// X509_CERT_CRL_TO_BE_SIGNED, X509_CRT_REQUEST_TO_BE_SIGNED, and X509_KEYGEN_REQUEST_TO_BE_SIGNED objects. /// /// /// /// CRYPT_DECODE_SHARE_OID_STRING_FLAG /// /// When this flag is set, the OID strings are allocated in Crypt32.dll and shared instead of being copied into the returned data /// structure. This flag can be set if Crypt32.dll is not unloaded before the caller is unloaded. /// /// /// /// CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG /// By default, the signature bytes are reversed. If this flag is set, this byte reversal is inhibited. /// /// /// /// /// A pointer to a CRYPT_DECODE_PARA structure that contains decoding paragraph information. If pDecodePara is set to NULL, /// then LocalAlloc and LocalFree are used to allocate and free memory. If pDecodePara points to a CRYPT_DECODE_PARA /// structure, that structure passes in callback functions to allocate and free memory. These callback functions override the /// default memory allocation of LocalAlloc and LocalFree. /// /// /// /// If the dwFlags CRYPT_ENCODE_ALLOC_FLAG is set, pvStructInfo is not a pointer to a buffer but is the address of a pointer to the /// buffer. Because memory is allocated inside the function and the pointer is stored at *pvStructInfo, pvStructInfo must never be NULL. /// /// /// If CRYPT_ENCODE_ALLOC_FLAG is not set, pvStructInfo is a pointer to a buffer that receives the decoded structure. When the /// buffer that is specified is not large enough to receive the decoded structure, the function sets the ERROR_MORE_DATA code and /// stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo. /// /// /// This parameter can be NULL to retrieve the size of this information for memory allocation purposes. For more information, /// see Retrieving Data of Unknown Length. /// /// /// /// /// A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pvStructInfo parameter. /// When the function returns, the DWORD value contains the number of bytes stored in the buffer. The size contained in the /// variable pointed to by pcbStructInfo can indicate a size larger than the decoded structure because the decoded structure can /// include pointers to auxiliary data. This size is the sum of the size needed by the decoded structure and the auxiliary data. /// /// /// When CRYPT_DECODE_ALLOC_FLAG is set, the initial value of *pcbStructInfo is not used by the function, and on return, /// *pcbStructInfo contains the number of bytes allocated for pvStructInfo. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually /// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to /// by this parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// /// If the function succeeds, the function returns nonzero ( TRUE). /// /// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError. The following table /// shows some possible error codes. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_BAD_ENCODE /// An error was encountered while decoding. /// /// /// ERROR_FILE_NOT_FOUND /// A decoding function could not be found for the specified dwCertEncodingType and lpszStructType. /// /// /// ERROR_MORE_DATA /// /// If the buffer specified by the pvStructInfo parameter is not large enough to hold the returned data, the function sets the /// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo. /// /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// /// /// /// When encoding a cryptographic object using the preferred CryptEncodeObjectEx function, the terminating NULL character is /// included. When decoding, using the preferred CryptDecodeObjectEx function, the terminating NULL character is not retained. /// /// /// Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure /// pointed to, directly or indirectly, has a reference to a CERT_ALT_NAME_ENTRY structure. /// /// /// /// X509_ALTERNATE_NAME /// /// /// szOID_AUTHORITY_INFO_ACCESS /// /// /// X509_AUTHORITY_INFO_ACCESS /// /// /// X509_AUTHORITY_KEY_ID2 /// /// /// szOID_AUTHORITY_KEY_IDENTIFIER2 /// /// /// szOID_CRL_DIST_POINTS /// /// /// X509_CRL_DIST_POINTS /// /// /// szOID_CROSS_CERT_DIST_POINTS /// /// /// X509_CROSS_CERT_DIST_POINTS /// /// /// szOID_ISSUER_ALT_NAME /// /// /// szOID_ISSUER_ALT_NAME2 /// /// /// szOID_ISSUING_DIST_POINT /// /// /// X509_ISSUING_DIST_POINT /// /// /// X509_NAME_CONSTRAINTS /// /// /// szOID_NAME_CONSTRAINTS /// /// /// szOID_NEXT_UPDATE_LOCATION /// /// /// OCSP_REQUEST /// /// /// zOID_SUBJECT_ALT_NAME /// /// /// szOID_SUBJECT_ALT_NAME2 /// /// /// /// The CRYPT_DECODE_ENABLE_PUNYCODE_FLAG flag, in conjunction with the value of the dwAltNameChoice member of the /// CERT_ALT_NAME_ENTRY structure, determines the manner in which strings are encoded. /// /// /// /// dwAltNameChoice /// Effect /// /// /// CERT_ALT_NAME_DNS_NAME /// If the host name contains a Punycode encoded IA5String string, it is converted to the Unicode equivalent. /// /// /// CERT_ALT_NAME_RFC822_NAME /// /// If the host name portion of the email address contains a Punycode encoded IA5String string, it is converted to its Unicode equivalent. /// /// /// /// CERT_ALT_NAME_URL /// /// The URI is decoded. If the server host name of the URI contains a Punycode encoded IA5String string, the host name string is /// decoded to the Unicode equivalent. /// /// /// /// /// Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure /// pointed to, directly or indirectly, has a reference to a CERT_HASHED_URL structure. /// /// /// /// szOID_LOGOTYPE_EXT /// /// /// X509_LOGOTYPE_EXT /// /// /// szOID_BIOMETRIC_EXT /// /// /// X509_BIOMETRIC_EXT /// /// /// /// When decoding the CERT_HASHED_URL structure value, the URI is decoded. If the host name contains a Punycode encoded host name, /// it is converted to the Unicode equivalent. /// /// /// Each X509_UNICODE_NAME constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. /// /// /// /// X509_UNICODE_NAME /// /// /// /// If the pszObjId member of the CERT_RDN_ATTR structure is set to szOID_RSA_emailAddr and the email address in the /// Value member contains Punycode encoded string, it is converted to the Unicode equivalent. /// /// Examples /// For an example that uses this function, see Example C Program: ASN.1 Encoding and Decoding. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecodeobjectex BOOL CryptDecodeObjectEx( DWORD // dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, // void *pvStructInfo, DWORD *pcbStructInfo ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "bf1935f0-1ab0-4068-9ed5-8fbb2c286b8a")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptDecodeObjectEx(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded, CryptDecodeFlags dwFlags, [In, Optional] IntPtr pDecodePara, [Out] IntPtr pvStructInfo, ref uint pcbStructInfo); ///

/// The CryptEncodeObject function encodes a structure of the type indicated by the value of the lpszStructType parameter. /// The use of CryptEncodeObjectEx is recommended as an API that performs the same function with significant performance improvements. ///

/// The CryptEncodeObjectEx function encodes a structure of the type indicated by the value of the lpszStructType parameter. /// This function offers a significant performance improvement over CryptEncodeObject by supporting memory allocation with the /// CRYPT_ENCODE_ALLOC_FLAG value. ///

/// /// /// The certificate encoding type and message encoding type to use to encode the object. This parameter can be a combination of one /// or more of the following values. /// /// /// /// Value /// Meaning /// /// /// PKCS_7_ASN_ENCODING 65536 (0x10000) /// Specifies PKCS 7 message encoding. /// /// /// X509_ASN_ENCODING 1 (0x1) /// Specifies X.509 certificate encoding. /// /// /// /// /// /// A pointer to an object identifier (OID) that defines the structure type. If the high-order word of the lpszStructType parameter /// is zero, the low-order word specifies an integer identifier for the type of the specified structure. Otherwise, this parameter /// is a pointer to a null-terminated string that contains the string representation of the OID. /// /// /// For more information about object identifier strings, their predefined constants and corresponding structures, see Constants for /// CryptEncodeObject and CryptDecodeObject. /// /// /// A pointer to the structure to be encoded. The structure must be of the type specified by lpszStructType. /// /// Specifies options for the encoding. This parameter can be zero or a combination of one or more of the following values. /// /// /// Value /// Meaning /// /// /// CRYPT_ENCODE_ALLOC_FLAG 32768 (0x8000) /// The called encoding function allocates memory for the encoded bytes. A pointer to the allocated bytes is returned in pvEncoded. /// /// /// CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG 131072 (0x20000) /// /// This flag is applicable for enabling Punycode encoding of Unicode string values. For more information, see Remarks. Windows /// Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported. /// /// /// /// CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG 1073741824 (0x40000000) /// /// This flag is applicable when encoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. If this flag is /// set, the characters are not checked to determine whether they are valid for the specified value type. /// /// /// /// CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG 2147483648 (0x80000000) /// /// This flag is applicable when encoding X509_UNICODE_NAME. If this flag is set and all the Unicode characters are <= 0xFF, the /// CERT_RDN_T61_STRING is selected instead of the CERT_RDN_UNICODE_STRING. /// /// /// /// CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG 536870912 (0x20000000) /// This flag is applicable when encoding an X509_UNICODE_NAME. When set, CERT_RDN_UTF8_STRING is selected instead of CERT_RDN_UNICODE_STRING. /// /// /// CRYPT_UNICODE_NAME_ENCODE_FORCE_UTF8_UNICODE_FLAG 268435456 (0x10000000) /// /// This flag is applicable when encoding an X509_UNICODE_NAME. When set, CERT_RDN_UTF8_STRING is selected instead of /// CERT_RDN_PRINTABLE_STRING for directory string types. Also, this flag enables CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG. /// /// /// /// /// /// A pointer to a CRYPT_ENCODE_PARA structure that contains encoding information. This parameter can be NULL. /// /// If either pEncodePara or the pfnAlloc member of pEncodePara is NULL, then LocalAlloc is used for the allocation /// and LocalFree must be called to free the memory. /// /// /// If both pEncodePara and the pfnAlloc member of pEncodePara are not NULL, then the function pointed to by the /// pfnAlloc member of the CRYPT_ENCODE_PARA structure pointed to by pEncodePara is called for the allocation. The function /// pointed to by the pfnFree member of pEncodePara must be called to free the memory. /// /// /// /// /// A pointer to a buffer to receive the encoded structure. The size of this buffer is specified in the pcbEncoded parameter. When /// the buffer that is specified is not large enough to receive the decoded structure, the function sets the ERROR_MORE_DATA /// code and stores the required buffer size, in bytes, in the variable pointed to by pcbEncoded. /// /// /// This parameter can be NULL to retrieve the size of the buffer for memory allocation purposes. For more information, see /// Retrieving Data of Unknown Length. /// /// /// If dwFlags contains the CRYPT_ENCODE_ALLOC_FLAG flag, pvEncoded is not a pointer to a buffer but is the address of a /// pointer to the buffer. Because memory is allocated inside the function and the pointer is stored in pvEncoded, pvEncoded cannot /// be NULL. /// /// /// /// /// A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pvEncoded parameter. When /// the function returns, the variable pointed to by the pcbEncoded parameter contains the number of allocated, encoded bytes stored /// in the buffer. /// /// /// When dwFlags contains the CRYPT_ENCODE_ALLOC_FLAG flag, pcbEncoded is the address of a pointer to the DWORD value /// that is updated. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually /// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to /// by this parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// /// Returns nonzero if successful or zero otherwise. /// /// For extended error information, call GetLastError. The following table shows some possible error codes that can be returned from /// GetLastError when CryptEncodeObjectEx fails. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_BAD_ENCODE /// An error was encountered while encoding. /// /// /// ERROR_FILE_NOT_FOUND /// An encoding function could not be found for the specified dwCertEncodingType and lpszStructType. /// /// /// ERROR_MORE_DATA /// /// If the buffer specified by the pvEncoded parameter is not large enough to hold the returned data, the function sets the /// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbEncoded. /// /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// /// /// /// When encoding a cryptographic object using the preferred CryptEncodeObjectEx function, the terminating NULL /// character is included. When decoding, using the preferred CryptDecodeObjectEx function, the terminating NULL character is /// not retained. /// /// /// CryptEncodeObjectEx first looks for an installable extended encoding function. If no extended encoding function is found, /// the old, nonextended, installable function is located. /// /// /// When direct IA5String encoding of the object is not possible, you can specify Punycode encoding by setting the dwFlag parameter /// to the CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG value. Setting the CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG flag has different /// effects based on the structure type being encoded as specified by the value of the lpszStructType parameter. /// /// /// Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure /// pointed to, directly or indirectly, has a reference to a CERT_ALT_NAME_ENTRY structure. /// /// /// /// X509_ALTERNATE_NAME /// /// /// szOID_AUTHORITY_INFO_ACCESS /// /// /// X509_AUTHORITY_INFO_ACCESS /// /// /// X509_AUTHORITY_KEY_ID2 /// /// /// szOID_AUTHORITY_KEY_IDENTIFIER2 /// /// /// szOID_CRL_DIST_POINTS /// /// /// X509_CRL_DIST_POINTS /// /// /// szOID_CROSS_CERT_DIST_POINTS /// /// /// X509_CROSS_CERT_DIST_POINTS /// /// /// szOID_ISSUER_ALT_NAME /// /// /// szOID_ISSUER_ALT_NAME2 /// /// /// szOID_ISSUING_DIST_POINT /// /// /// X509_ISSUING_DIST_POINT /// /// /// szOID_NAME_CONSTRAINTS /// /// /// X509_NAME_CONSTRAINTS /// /// /// szOID_NEXT_UPDATE_LOCATION /// /// /// OCSP_REQUEST /// /// /// zOID_SUBJECT_ALT_NAME /// /// /// szOID_SUBJECT_ALT_NAME2 /// /// /// /// The CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG flag, in conjunction with the value of the dwAltNameChoice member of the /// CERT_ALT_NAME_ENTRY structure, determines the manner in which strings are encoded. /// /// /// /// dwAltNameChoice /// Effect /// /// /// CERT_ALT_NAME_DNS_NAME /// /// If the host name contains Unicode characters outside of the ASCII character set, the host name is first encoded in Punycode and /// then encoded as an IA5String string. /// /// /// /// CERT_ALT_NAME_RFC822_NAME /// /// If the host name portion of the email address contains Unicode characters outside of the ASCII character set, the host name /// portion of the email address is encoded in Punycode. The resultant email address is then encoded as an IA5String string. /// /// /// /// CERT_ALT_NAME_URL /// /// If the server host name of the URI contains Unicode characters outside of the ASCII character set, then the host name portion of /// URI is encoded in Punycode. Then the resultant URI is escaped, and the URL is then encoded as an IA5String string. /// /// /// /// /// Each constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. The structure /// pointed to, directly or indirectly, has a reference to a CERT_HASHED_URL structure. /// /// /// /// szOID_BIOMETRIC_EXT /// /// /// X509_BIOMETRIC_EXT /// /// /// szOID_LOGOTYPE_EXT /// /// /// X509_LOGOTYPE_EXT /// /// /// /// When encoding the CERT_HASHED_URL structure value, if the server host name of the URI contains Unicode characters outside of the /// ASCII character set, and the CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG is set, the host name portion of URI is encoded in /// Punycode. Then the resultant URI is escaped, and the URL is then encoded as an IA5String string. /// /// /// Each X509_UNICODE_NAME constant in the list below has an associated structure type that is pointed to by the pvStructInfo parameter. /// /// /// /// X509_UNICODE_NAME /// /// /// /// If the pszObjId member of the CERT_RDN_ATTR structure is set to szOID_RSA_emailAddr and the email address in the /// Value member contains Unicode characters outside of the ASCII character set, the host name portion of the email address /// is encoded in Punycode. Then the resultant email address is then encoded as an IA5String string. /// /// In all cases, the Punycode encoding of the host name is performed on a label-by-label basis. /// Examples /// /// The following example shows initializing and encoding an X509_NAME structure using CryptEncodeObjectEx. For an example /// that includes the complete context for this example, see Example C Program: ASN.1 Encoding and Decoding. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptencodeobjectex BOOL CryptEncodeObjectEx( DWORD // dwCertEncodingType, LPCSTR lpszStructType, const void *pvStructInfo, DWORD dwFlags, PCRYPT_ENCODE_PARA pEncodePara, void // *pvEncoded, DWORD *pcbEncoded ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "45134db8-059b-43d3-90c2-9b6cc970fca0")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptEncodeObjectEx(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, CryptEncodeFlags dwFlags, in CRYPT_ENCODE_PARA pEncodePara, [Out] IntPtr pvEncoded, ref uint pcbEncoded); ///

/// The CRYPT_DECODE_PARA structure is used by the CryptDecodeObjectEx function to provide access to memory allocation and /// memory freeing callback functions. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_decode_para typedef struct _CRYPT_DECODE_PARA { // DWORD cbSize; PFN_CRYPT_ALLOC pfnAlloc; PFN_CRYPT_FREE pfnFree; } CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA; [PInvokeData("wincrypt.h", MSDNShortId = "08ed4627-8cbf-415f-b0d0-2c4b9ed9aed1")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_DECODE_PARA { ///

The size, in bytes, of this structure.

public uint cbSize; ///

This member is an optional pointer to a callback function used to allocate memory.

[MarshalAs(UnmanagedType.FunctionPtr)] public PFN_CRYPT_ALLOC pfnAlloc; ///

/// This member is an optional pointer to a callback function used to free memory allocated by the allocate callback function. ///

[MarshalAs(UnmanagedType.FunctionPtr)] public PFN_CRYPT_FREE pfnFree; ///

Gets an instance which uses the CoTaskMem... methods for allocating and freeing memory.

public static readonly CRYPT_DECODE_PARA CoTaskMemInstance = new CRYPT_DECODE_PARA { cbSize = (uint)Marshal.SizeOf(typeof(CRYPT_DECODE_PARA)), pfnAlloc = s => Marshal.AllocCoTaskMem(s), pfnFree = Marshal.FreeCoTaskMem }; } ///

/// The CRYPT_ENCODE_PARA structure is used by the CryptEncodeObjectEx function to provide access to memory allocation and /// memory freeing callback functions. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_encode_para typedef struct _CRYPT_ENCODE_PARA { // DWORD cbSize; PFN_CRYPT_ALLOC pfnAlloc; PFN_CRYPT_FREE pfnFree; } CRYPT_ENCODE_PARA, *PCRYPT_ENCODE_PARA; [PInvokeData("wincrypt.h", MSDNShortId = "330af6ac-f1db-4cee-81fd-d3c2c341d493")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_ENCODE_PARA { ///