Two new manual pages OPENSSL_sk_new(3) and STACK_OF(3), written from

scratch, tweaks and OK jsing@ and jmc@.
author: schwarze <> 2018-03-01 19:20:09 +0000
committer: schwarze <> 2018-03-01 19:20:09 +0000
commit: 893043b7af14ee6af7eee004b42062b2c049e457 (patch)
tree: ca4f1bb2e50da9e74f1977f635e2ea2411ef9dfe /src/lib/libcrypto/man/STACK_OF.3
parent: b83b4fa941f2349dbda1f5f85d6e5ee3c31b6eb5 (diff)
download: openbsd-893043b7af14ee6af7eee004b42062b2c049e457.tar.gz
openbsd-893043b7af14ee6af7eee004b42062b2c049e457.tar.bz2
openbsd-893043b7af14ee6af7eee004b42062b2c049e457.zip
1 files changed, 183 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/STACK_OF.3 b/src/lib/libcrypto/man/STACK_OF.3
new file mode 100644
index 0000000000..206d7faec3
--- /dev/null
+++ b/src/lib/libcrypto/man/STACK_OF.3
@@ -0,0 +1,183 @@
+.\" $OpenBSD: STACK_OF.3,v 1.1 2018/03/01 19:20:09 schwarze Exp $
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: March 1 2018 $
+.Dt STACK_OF 3
+.Os
+.Sh NAME
+.Nm STACK_OF
+.Nd variable-sized arrays of pointers, called OpenSSL stacks
+.Sh SYNOPSIS
+.In openssl/safestack.h
+.Fn STACK_OF type
+.Sh DESCRIPTION
+The
+.In openssl/safestack.h
+header provides a fragile, unusually complicated system of
+macro-generated wrappers around the functions described in the
+.Xr OPENSSL_sk_new 3
+manual page.
+It is intended to implement superficially type-safe variable-sized
+arrays of pointers, somewhat misleadingly called
+.Dq stacks
+by OpenSSL.
+Due to the excessive number of API functions, it is impossible to
+properly document this system.
+In particular, calling
+.Xr man 1
+for any of the functions operating on stacks cannot yield any result.
+.Pp
+Unfortunately, application programs can hardly avoid using the concept
+because several important OpenSSL APIs rely on it; see the
+.Sx SEE ALSO
+section for examples.
+Even though both pages are more complicated than any manual page
+ought to be, using the concept safely requires a complete understanding
+of all the details in both this manual page and in
+.Xr OPENSSL_sk_new 3 .
+.Pp
+The
+.Fn STACK_OF
+macro takes a
+.Fa type
+name as its argument, typically the name of a type
+that has been defined as an alias for a specific
+.Vt struct
+type using a
+.Sy typedef
+declaration.
+It expands to an incomplete
+.Vt struct
+type which is intended to represent a
+.Dq stack
+of objects of the given
+.Fa type .
+That type does not actually exist, so it is not possible to define,
+for example, an automatic variable
+.Ql STACK_OF(X509) my_certificates ;
+it is only possible to define pointers to stacks, for example
+.Ql STACK_OF(X509) *my_certificates .
+The only way such pointers can ever be used is by wrapper functions
+casting them to the type
+.Vt _STACK *
+described in
+.Xr OPENSSL_sk_new 3 .
+.Pp
+For a considerable number of types, OpenSSL provides one wrapper
+function for each function described in
+.Xr OPENSSL_sk_new 3 .
+The names of these wrapper functions are usually constructed by
+inserting the name of the type and an underscore after the
+.Sq sk_
+prefix of the function name.
+Usually, where the real functions take
+.Vt void *
+arguments, the wrappers take pointers to the
+.Fa type
+in questions, and where the real functions take
+.Vt _STACK *
+arguments, the wrappers take pointers to
+.Fn STACK_OF type .
+The same applies to return values.
+Various exceptions to all this exist, but the above applies to
+all the types listed below.
+.Pp
+Using the above may make sense for the following types because
+public API functions exist that take stacks of these types as
+arguments or return them:
+.Vt ACCESS_DESCRIPTION ,
+.Vt ASN1_INTEGER ,
+.Vt ASN1_OBJECT ,
+.Vt ASN1_TYPE ,
+.Vt ASN1_UTF8STRING ,
+.Vt CONF_VALUE ,
+.Vt DIST_POINT ,
+.Vt GENERAL_NAME ,
+.Vt GENERAL_SUBTREE ,
+.Vt PKCS12_SAFEBAG ,
+.Vt PKCS7 ,
+.Vt PKCS7_RECIP_INFO ,
+.Vt PKCS7_SIGNER_INFO ,
+.Vt POLICY_MAPPING ,
+.Vt POLICYINFO ,
+.Vt POLICYQUALINFO ,
+.Vt X509 ,
+.Vt X509_ALGOR ,
+.Vt X509_ATTRIBUTE ,
+.Vt X509_CRL ,
+.Vt X509_EXTENSION ,
+.Vt X509_INFO ,
+.Vt X509_OBJECT ,
+.Vt X509_POLICY_NODE ,
+.Vt X509_PURPOSE ,
+.Vt X509_REVOKED .
+.Pp
+Even though the OpenSSL headers declare wrapper functions for many
+more types and even though the OpenSSL documentation says that users
+can declare their own stack types, using
+.Fn STACK_OF
+with any type not listed here is strongly discouraged.
+For other types, there may be subtle, undocumented differences
+in syntax and semantics, and attempting to declare custom stack
+types is very error prone; using plain C arrays of pointers to
+the desired type is much simpler and less dangerous.
+.Sh EXAMPLES
+The following program creates a certificate object, puts two
+pointers to it on a stack, and uses
+.Xr X509_free 3
+to clean up properly:
+.Bd -literal
+#include <err.h>
+#include <stdio.h>
+#include <openssl/x509.h>
+int
+main(void)
+{
+        STACK_OF(X509)  *stack;
+        X509            *x;
+        if ((stack = sk_X509_new_null()) == NULL)
+                err(1, NULL);
+        if ((x = X509_new()) == NULL)
+                err(1, NULL);
+        if (sk_X509_push(stack, x) == 0)
+                err(1, NULL);
+        if (X509_up_ref(x) == 0)
+                errx(1, "X509_up_ref failed");
+        if (sk_X509_push(stack, x) == 0)
+                err(1, NULL);
+        printf("%d pointers: %p, %p\en", sk_X509_num(stack),
+            sk_X509_value(stack, 0), sk_X509_value(stack, 1));
+        sk_X509_pop_free(stack, X509_free);
+        return 0;
+}
+.Ed
+.Pp
+The output looks similar to:
+.Pp
+.Dl 2 pointers: 0x4693ff24c00, 0x4693ff24c00
+.Sh SEE ALSO
+.Xr OCSP_request_sign 3 ,
+.Xr PKCS12_parse 3 ,
+.Xr PKCS7_encrypt 3 ,
+.Xr SSL_CTX_set_client_CA_list 3 ,
+.Xr SSL_get_ciphers 3 ,
+.Xr SSL_get_peer_cert_chain 3 ,
+.Xr SSL_load_client_CA_file 3 ,
+.Xr X509_CRL_get_REVOKED 3 ,
+.Xr X509_STORE_CTX_get0_chain 3
author	schwarze <>	2018-03-01 19:20:09 +0000
committer	schwarze <>	2018-03-01 19:20:09 +0000
commit	893043b7af14ee6af7eee004b42062b2c049e457 (patch)
tree	ca4f1bb2e50da9e74f1977f635e2ea2411ef9dfe /src/lib/libcrypto/man/STACK_OF.3
parent	b83b4fa941f2349dbda1f5f85d6e5ee3c31b6eb5 (diff)
download	openbsd-893043b7af14ee6af7eee004b42062b2c049e457.tar.gz openbsd-893043b7af14ee6af7eee004b42062b2c049e457.tar.bz2 openbsd-893043b7af14ee6af7eee004b42062b2c049e457.zip

diff --git a/src/lib/libcrypto/man/STACK_OF.3 b/src/lib/libcrypto/man/STACK_OF.3 new file mode 100644 index 0000000000..206d7faec3 --- /dev/null +++ b/src/lib/libcrypto/man/STACK_OF.3
@@ -0,0 +1,183 @@
	1	.\" $OpenBSD: STACK_OF.3,v 1.1 2018/03/01 19:20:09 schwarze Exp $
	2	.\"
	3	.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: March 1 2018 $
	18	.Dt STACK_OF 3
	19	.Os
	20	.Sh NAME
	21	.Nm STACK_OF
	22	.Nd variable-sized arrays of pointers, called OpenSSL stacks
	23	.Sh SYNOPSIS
	24	.In openssl/safestack.h
	25	.Fn STACK_OF type
	26	.Sh DESCRIPTION
	27	The
	28	.In openssl/safestack.h
	29	header provides a fragile, unusually complicated system of
	30	macro-generated wrappers around the functions described in the
	31	.Xr OPENSSL_sk_new 3
	32	manual page.
	33	It is intended to implement superficially type-safe variable-sized
	34	arrays of pointers, somewhat misleadingly called
	35	.Dq stacks
	36	by OpenSSL.
	37	Due to the excessive number of API functions, it is impossible to
	38	properly document this system.
	39	In particular, calling
	40	.Xr man 1
	41	for any of the functions operating on stacks cannot yield any result.
	42	.Pp
	43	Unfortunately, application programs can hardly avoid using the concept
	44	because several important OpenSSL APIs rely on it; see the
	45	.Sx SEE ALSO
	46	section for examples.
	47	Even though both pages are more complicated than any manual page
	48	ought to be, using the concept safely requires a complete understanding
	49	of all the details in both this manual page and in
	50	.Xr OPENSSL_sk_new 3 .
	51	.Pp
	52	The
	53	.Fn STACK_OF
	54	macro takes a
	55	.Fa type
	56	name as its argument, typically the name of a type
	57	that has been defined as an alias for a specific
	58	.Vt struct
	59	type using a
	60	.Sy typedef
	61	declaration.
	62	It expands to an incomplete
	63	.Vt struct
	64	type which is intended to represent a
	65	.Dq stack
	66	of objects of the given
	67	.Fa type .
	68	That type does not actually exist, so it is not possible to define,
	69	for example, an automatic variable
	70	.Ql STACK_OF(X509) my_certificates ;
	71	it is only possible to define pointers to stacks, for example
	72	.Ql STACK_OF(X509) *my_certificates .
	73	The only way such pointers can ever be used is by wrapper functions
	74	casting them to the type
	75	.Vt _STACK *
	76	described in
	77	.Xr OPENSSL_sk_new 3 .
	78	.Pp
	79	For a considerable number of types, OpenSSL provides one wrapper
	80	function for each function described in
	81	.Xr OPENSSL_sk_new 3 .
	82	The names of these wrapper functions are usually constructed by
	83	inserting the name of the type and an underscore after the
	84	.Sq sk_
	85	prefix of the function name.
	86	Usually, where the real functions take
	87	.Vt void *
	88	arguments, the wrappers take pointers to the
	89	.Fa type
	90	in questions, and where the real functions take
	91	.Vt _STACK *
	92	arguments, the wrappers take pointers to
	93	.Fn STACK_OF type .
	94	The same applies to return values.
	95	Various exceptions to all this exist, but the above applies to
	96	all the types listed below.
	97	.Pp
	98	Using the above may make sense for the following types because
	99	public API functions exist that take stacks of these types as
	100	arguments or return them:
	101	.Vt ACCESS_DESCRIPTION ,
	102	.Vt ASN1_INTEGER ,
	103	.Vt ASN1_OBJECT ,
	104	.Vt ASN1_TYPE ,
	105	.Vt ASN1_UTF8STRING ,
	106	.Vt CONF_VALUE ,
	107	.Vt DIST_POINT ,
	108	.Vt GENERAL_NAME ,
	109	.Vt GENERAL_SUBTREE ,
	110	.Vt PKCS12_SAFEBAG ,
	111	.Vt PKCS7 ,
	112	.Vt PKCS7_RECIP_INFO ,
	113	.Vt PKCS7_SIGNER_INFO ,
	114	.Vt POLICY_MAPPING ,
	115	.Vt POLICYINFO ,
	116	.Vt POLICYQUALINFO ,
	117	.Vt X509 ,
	118	.Vt X509_ALGOR ,
	119	.Vt X509_ATTRIBUTE ,
	120	.Vt X509_CRL ,
	121	.Vt X509_EXTENSION ,
	122	.Vt X509_INFO ,
	123	.Vt X509_OBJECT ,
	124	.Vt X509_POLICY_NODE ,
	125	.Vt X509_PURPOSE ,
	126	.Vt X509_REVOKED .
	127	.Pp
	128	Even though the OpenSSL headers declare wrapper functions for many
	129	more types and even though the OpenSSL documentation says that users
	130	can declare their own stack types, using
	131	.Fn STACK_OF
	132	with any type not listed here is strongly discouraged.
	133	For other types, there may be subtle, undocumented differences
	134	in syntax and semantics, and attempting to declare custom stack
	135	types is very error prone; using plain C arrays of pointers to
	136	the desired type is much simpler and less dangerous.
	137	.Sh EXAMPLES
	138	The following program creates a certificate object, puts two
	139	pointers to it on a stack, and uses
	140	.Xr X509_free 3
	141	to clean up properly:
	142	.Bd -literal
	143	#include <err.h>
	144	#include <stdio.h>
	145	#include <openssl/x509.h>
	146
	147	int
	148	main(void)
	149	{
	150	STACK_OF(X509) *stack;
	151	X509 *x;
	152
	153	if ((stack = sk_X509_new_null()) == NULL)
	154	err(1, NULL);
	155	if ((x = X509_new()) == NULL)
	156	err(1, NULL);
	157	if (sk_X509_push(stack, x) == 0)
	158	err(1, NULL);
	159	if (X509_up_ref(x) == 0)
	160	errx(1, "X509_up_ref failed");
	161	if (sk_X509_push(stack, x) == 0)
	162	err(1, NULL);
	163	printf("%d pointers: %p, %p\en", sk_X509_num(stack),
	164	sk_X509_value(stack, 0), sk_X509_value(stack, 1));
	165	sk_X509_pop_free(stack, X509_free);
	166
	167	return 0;
	168	}
	169	.Ed
	170	.Pp
	171	The output looks similar to:
	172	.Pp
	173	.Dl 2 pointers: 0x4693ff24c00, 0x4693ff24c00
	174	.Sh SEE ALSO
	175	.Xr OCSP_request_sign 3 ,
	176	.Xr PKCS12_parse 3 ,
	177	.Xr PKCS7_encrypt 3 ,
	178	.Xr SSL_CTX_set_client_CA_list 3 ,
	179	.Xr SSL_get_ciphers 3 ,
	180	.Xr SSL_get_peer_cert_chain 3 ,
	181	.Xr SSL_load_client_CA_file 3 ,
	182	.Xr X509_CRL_get_REVOKED 3 ,
	183	.Xr X509_STORE_CTX_get0_chain 3