diff options
| author | cvs2svn <admin@example.com> | 2012-07-13 17:49:56 +0000 |
|---|---|---|
| committer | cvs2svn <admin@example.com> | 2012-07-13 17:49:56 +0000 |
| commit | ee04221ea8063435416c7e6369e6eae76843aa71 (patch) | |
| tree | 821921a1dd0a5a3cece91121e121cc63c4b68128 /src/lib/libcrypto/doc/d2i_X509.pod | |
| parent | adf6731f6e1d04718aee00cb93435143046aee9a (diff) | |
| download | openbsd-eric_g2k12.tar.gz openbsd-eric_g2k12.tar.bz2 openbsd-eric_g2k12.zip | |
This commit was manufactured by cvs2git to create tag 'eric_g2k12'.eric_g2k12
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/doc/d2i_X509.pod | 231 |
1 files changed, 0 insertions, 231 deletions
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod deleted file mode 100644 index 298ec54a4c..0000000000 --- a/src/lib/libcrypto/doc/d2i_X509.pod +++ /dev/null | |||
| @@ -1,231 +0,0 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, | ||
| 6 | i2d_X509_fp - X509 encode and decode functions | ||
| 7 | |||
| 8 | =head1 SYNOPSIS | ||
| 9 | |||
| 10 | #include <openssl/x509.h> | ||
| 11 | |||
| 12 | X509 *d2i_X509(X509 **px, const unsigned char **in, int len); | ||
| 13 | int i2d_X509(X509 *x, unsigned char **out); | ||
| 14 | |||
| 15 | X509 *d2i_X509_bio(BIO *bp, X509 **x); | ||
| 16 | X509 *d2i_X509_fp(FILE *fp, X509 **x); | ||
| 17 | |||
| 18 | int i2d_X509_bio(BIO *bp, X509 *x); | ||
| 19 | int i2d_X509_fp(FILE *fp, X509 *x); | ||
| 20 | |||
| 21 | =head1 DESCRIPTION | ||
| 22 | |||
| 23 | The X509 encode and decode routines encode and parse an | ||
| 24 | B<X509> structure, which represents an X509 certificate. | ||
| 25 | |||
| 26 | d2i_X509() attempts to decode B<len> bytes at B<*in>. If | ||
| 27 | successful a pointer to the B<X509> structure is returned. If an error | ||
| 28 | occurred then B<NULL> is returned. If B<px> is not B<NULL> then the | ||
| 29 | returned structure is written to B<*px>. If B<*px> is not B<NULL> | ||
| 30 | then it is assumed that B<*px> contains a valid B<X509> | ||
| 31 | structure and an attempt is made to reuse it. If the call is | ||
| 32 | successful B<*in> is incremented to the byte following the | ||
| 33 | parsed data. | ||
| 34 | |||
| 35 | i2d_X509() encodes the structure pointed to by B<x> into DER format. | ||
| 36 | If B<out> is not B<NULL> is writes the DER encoded data to the buffer | ||
| 37 | at B<*out>, and increments it to point after the data just written. | ||
| 38 | If the return value is negative an error occurred, otherwise it | ||
| 39 | returns the length of the encoded data. | ||
| 40 | |||
| 41 | For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be | ||
| 42 | allocated for a buffer and the encoded data written to it. In this | ||
| 43 | case B<*out> is not incremented and it points to the start of the | ||
| 44 | data just written. | ||
| 45 | |||
| 46 | d2i_X509_bio() is similar to d2i_X509() except it attempts | ||
| 47 | to parse data from BIO B<bp>. | ||
| 48 | |||
| 49 | d2i_X509_fp() is similar to d2i_X509() except it attempts | ||
| 50 | to parse data from FILE pointer B<fp>. | ||
| 51 | |||
| 52 | i2d_X509_bio() is similar to i2d_X509() except it writes | ||
| 53 | the encoding of the structure B<x> to BIO B<bp> and it | ||
| 54 | returns 1 for success and 0 for failure. | ||
| 55 | |||
| 56 | i2d_X509_fp() is similar to i2d_X509() except it writes | ||
| 57 | the encoding of the structure B<x> to BIO B<bp> and it | ||
| 58 | returns 1 for success and 0 for failure. | ||
| 59 | |||
| 60 | =head1 NOTES | ||
| 61 | |||
| 62 | The letters B<i> and B<d> in for example B<i2d_X509> stand for | ||
| 63 | "internal" (that is an internal C structure) and "DER". So that | ||
| 64 | B<i2d_X509> converts from internal to DER. | ||
| 65 | |||
| 66 | The functions can also understand B<BER> forms. | ||
| 67 | |||
| 68 | The actual X509 structure passed to i2d_X509() must be a valid | ||
| 69 | populated B<X509> structure it can B<not> simply be fed with an | ||
| 70 | empty structure such as that returned by X509_new(). | ||
| 71 | |||
| 72 | The encoded data is in binary form and may contain embedded zeroes. | ||
| 73 | Therefore any FILE pointers or BIOs should be opened in binary mode. | ||
| 74 | Functions such as B<strlen()> will B<not> return the correct length | ||
| 75 | of the encoded structure. | ||
| 76 | |||
| 77 | The ways that B<*in> and B<*out> are incremented after the operation | ||
| 78 | can trap the unwary. See the B<WARNINGS> section for some common | ||
| 79 | errors. | ||
| 80 | |||
| 81 | The reason for the auto increment behaviour is to reflect a typical | ||
| 82 | usage of ASN1 functions: after one structure is encoded or decoded | ||
| 83 | another will processed after it. | ||
| 84 | |||
| 85 | =head1 EXAMPLES | ||
| 86 | |||
| 87 | Allocate and encode the DER encoding of an X509 structure: | ||
| 88 | |||
| 89 | int len; | ||
| 90 | unsigned char *buf, *p; | ||
| 91 | |||
| 92 | len = i2d_X509(x, NULL); | ||
| 93 | |||
| 94 | buf = OPENSSL_malloc(len); | ||
| 95 | |||
| 96 | if (buf == NULL) | ||
| 97 | /* error */ | ||
| 98 | |||
| 99 | p = buf; | ||
| 100 | |||
| 101 | i2d_X509(x, &p); | ||
| 102 | |||
| 103 | If you are using OpenSSL 0.9.7 or later then this can be | ||
| 104 | simplified to: | ||
| 105 | |||
| 106 | |||
| 107 | int len; | ||
| 108 | unsigned char *buf; | ||
| 109 | |||
| 110 | buf = NULL; | ||
| 111 | |||
| 112 | len = i2d_X509(x, &buf); | ||
| 113 | |||
| 114 | if (len < 0) | ||
| 115 | /* error */ | ||
| 116 | |||
| 117 | Attempt to decode a buffer: | ||
| 118 | |||
| 119 | X509 *x; | ||
| 120 | |||
| 121 | unsigned char *buf, *p; | ||
| 122 | |||
| 123 | int len; | ||
| 124 | |||
| 125 | /* Something to setup buf and len */ | ||
| 126 | |||
| 127 | p = buf; | ||
| 128 | |||
| 129 | x = d2i_X509(NULL, &p, len); | ||
| 130 | |||
| 131 | if (x == NULL) | ||
| 132 | /* Some error */ | ||
| 133 | |||
| 134 | Alternative technique: | ||
| 135 | |||
| 136 | X509 *x; | ||
| 137 | |||
| 138 | unsigned char *buf, *p; | ||
| 139 | |||
| 140 | int len; | ||
| 141 | |||
| 142 | /* Something to setup buf and len */ | ||
| 143 | |||
| 144 | p = buf; | ||
| 145 | |||
| 146 | x = NULL; | ||
| 147 | |||
| 148 | if(!d2i_X509(&x, &p, len)) | ||
| 149 | /* Some error */ | ||
| 150 | |||
| 151 | |||
| 152 | =head1 WARNINGS | ||
| 153 | |||
| 154 | The use of temporary variable is mandatory. A common | ||
| 155 | mistake is to attempt to use a buffer directly as follows: | ||
| 156 | |||
| 157 | int len; | ||
| 158 | unsigned char *buf; | ||
| 159 | |||
| 160 | len = i2d_X509(x, NULL); | ||
| 161 | |||
| 162 | buf = OPENSSL_malloc(len); | ||
| 163 | |||
| 164 | if (buf == NULL) | ||
| 165 | /* error */ | ||
| 166 | |||
| 167 | i2d_X509(x, &buf); | ||
| 168 | |||
| 169 | /* Other stuff ... */ | ||
| 170 | |||
| 171 | OPENSSL_free(buf); | ||
| 172 | |||
| 173 | This code will result in B<buf> apparently containing garbage because | ||
| 174 | it was incremented after the call to point after the data just written. | ||
| 175 | Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()> | ||
| 176 | and the subsequent call to B<OPENSSL_free()> may well crash. | ||
| 177 | |||
| 178 | The auto allocation feature (setting buf to NULL) only works on OpenSSL | ||
| 179 | 0.9.7 and later. Attempts to use it on earlier versions will typically | ||
| 180 | cause a segmentation violation. | ||
| 181 | |||
| 182 | Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>: | ||
| 183 | |||
| 184 | X509 *x; | ||
| 185 | |||
| 186 | if (!d2i_X509(&x, &p, len)) | ||
| 187 | /* Some error */ | ||
| 188 | |||
| 189 | This will probably crash somewhere in B<d2i_X509()>. The reason for this | ||
| 190 | is that the variable B<x> is uninitialized and an attempt will be made to | ||
| 191 | interpret its (invalid) value as an B<X509> structure, typically causing | ||
| 192 | a segmentation violation. If B<x> is set to NULL first then this will not | ||
| 193 | happen. | ||
| 194 | |||
| 195 | =head1 BUGS | ||
| 196 | |||
| 197 | In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when | ||
| 198 | B<*px> is valid is broken and some parts of the reused structure may | ||
| 199 | persist if they are not present in the new one. As a result the use | ||
| 200 | of this "reuse" behaviour is strongly discouraged. | ||
| 201 | |||
| 202 | i2d_X509() will not return an error in many versions of OpenSSL, | ||
| 203 | if mandatory fields are not initialized due to a programming error | ||
| 204 | then the encoded structure may contain invalid data or omit the | ||
| 205 | fields entirely and will not be parsed by d2i_X509(). This may be | ||
| 206 | fixed in future so code should not assume that i2d_X509() will | ||
| 207 | always succeed. | ||
| 208 | |||
| 209 | =head1 RETURN VALUES | ||
| 210 | |||
| 211 | d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure | ||
| 212 | or B<NULL> if an error occurs. The error code that can be obtained by | ||
| 213 | L<ERR_get_error(3)|ERR_get_error(3)>. | ||
| 214 | |||
| 215 | i2d_X509() returns the number of bytes successfully encoded or a negative | ||
| 216 | value if an error occurs. The error code can be obtained by | ||
| 217 | L<ERR_get_error(3)|ERR_get_error(3)>. | ||
| 218 | |||
| 219 | i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error | ||
| 220 | occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. | ||
| 221 | |||
| 222 | =head1 SEE ALSO | ||
| 223 | |||
| 224 | L<ERR_get_error(3)|ERR_get_error(3)> | ||
| 225 | |||
| 226 | =head1 HISTORY | ||
| 227 | |||
| 228 | d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp | ||
| 229 | are available in all versions of SSLeay and OpenSSL. | ||
| 230 | |||
| 231 | =cut | ||