From 81f13278e132b5b48b00ef87562b267dd9f60936 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Mon, 5 Dec 2016 20:39:08 +0000 Subject: Add Copyright and license. Merge documentation of d2i_X509_AUX(3) and i2d_X509_AUX(3) from OpenSSL. Correct the prototype of d2i_X509(3), from OpenSSL. Merge warnings against "reuse" functionality from OpenSSL. --- src/lib/libcrypto/man/d2i_X509.3 | 94 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 91 insertions(+), 3 deletions(-) diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3 index 899a801c44..916fdb8005 100644 --- a/src/lib/libcrypto/man/d2i_X509.3 +++ b/src/lib/libcrypto/man/d2i_X509.3 @@ -1,6 +1,55 @@ -.\" $OpenBSD: d2i_X509.3,v 1.2 2016/11/06 15:52:50 jmc Exp $ +.\" $OpenBSD: d2i_X509.3,v 1.3 2016/12/05 20:39:08 schwarze Exp $ +.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000 .\" -.Dd $Mdocdate: November 6 2016 $ +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 5 2016 $ .Dt D2I_X509 3 .Os .Sh NAME @@ -17,13 +66,24 @@ .Fo d2i_X509 .Fa "X509 **px" .Fa "const unsigned char **in" -.Fa "int len" +.Fa "long len" +.Fc +.Ft X509 * +.Fo d2i_X509_AUX +.Fa "X509 **px" +.Fa "const unsigned char **in" +.Fa "long len" .Fc .Ft int .Fo i2d_X509 .Fa "X509 *x" .Fa "unsigned char **out" .Fc +.Ft int +.Fo i2d_X509_AUX +.Fa "X509 *x" +.Fa "unsigned char **out" +.Fc .Ft X509 * .Fo d2i_X509_bio .Fa "BIO *bp" @@ -75,10 +135,24 @@ then it is assumed that contains a valid .Vt X509 structure and an attempt is made to reuse it. +This "reuse" capability is present for historical compatibility, +but its use is strongly discouraged, see the +.Sx BUGS +and +.Sx RETURN VALUES +sections. If the call is successful, .Pf * Fa in is incremented to the byte following the parsed data. .Pp +.Fn d2i_X509_AUX +is similar to +.Fn d2i_X509 , +but the input is expected to consist of an X.509 certificate followed +by auxiliary trust information. +This is used by the PEM routines to read TRUSTED CERTIFICATE objects. +This function should not be called on untrusted input. +.Pp .Fn i2d_X509 encodes the structure pointed to by .Fa x @@ -102,6 +176,14 @@ In this case .Pf * Fa out is not incremented and it points to the start of the data just written. .Pp +.Fn i2d_X509_AUX +is similar to +.Fn i2d_X509 , +but the encoded output contains both the certificate and any auxiliary +trust information. +This is used by the PEM routines to write TRUSTED CERTIFICATE objects. +Note that this is a non-standard OpenSSL-specific data format. +.Pp .Fn d2i_X509_bio is similar to .Fn d2i_X509 @@ -206,6 +288,12 @@ return 1 for success or 0 if an error occurs. .Pp For all functions, the error code can be obtained by .Xr ERR_get_error 3 . +If the "reuse" capability has been used with a valid +.Vt X509 +structure being passed in via +.Fa px , +then the object is not freed in the event of an error, but may be +in a potentially invalid or inconsistent state. .Sh EXAMPLES Allocate and encode the DER encoding of an X509 structure: .Bd -literal -offset indent -- cgit v1.2.3-55-g6feb