From 7781532a7e07551fc711f0c428ef7e10c94c290d Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Thu, 29 Dec 2016 17:42:54 +0000 Subject: Write d2i_ASN1_NULL(3) manual page from scratch. Both functions are listed in and in OpenSSL doc/man3/d2i_X509.pod. After reading the code, i'm not amused. You wouldn't think that it might take eight stack levels to decode a constant sixteen bit value that does not even allow a single content octet, or would you? Nota bene, this is an average of four stack levels for each non-zero bit decoded... :-( --- src/lib/libcrypto/man/Makefile | 3 +- src/lib/libcrypto/man/d2i_ASN1_NULL.3 | 84 +++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 src/lib/libcrypto/man/d2i_ASN1_NULL.3 (limited to 'src/lib') diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 6065762acd..c6443f3e3f 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.108 2016/12/28 20:36:33 schwarze Exp $ +# $OpenBSD: Makefile,v 1.109 2016/12/29 17:42:54 schwarze Exp $ .include @@ -227,6 +227,7 @@ MAN= \ X509_verify_cert.3 \ X509v3_get_ext_by_NID.3 \ crypto.3 \ + d2i_ASN1_NULL.3 \ d2i_ASN1_OBJECT.3 \ d2i_AUTHORITY_KEYID.3 \ d2i_BASIC_CONSTRAINTS.3 \ diff --git a/src/lib/libcrypto/man/d2i_ASN1_NULL.3 b/src/lib/libcrypto/man/d2i_ASN1_NULL.3 new file mode 100644 index 0000000000..8efcee69f3 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ASN1_NULL.3 @@ -0,0 +1,84 @@ +.\" $OpenBSD: d2i_ASN1_NULL.3,v 1.1 2016/12/29 17:42:54 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 29 2016 $ +.Dt D2I_ASN1_NULL 3 +.Os +.Sh NAME +.Nm d2i_ASN1_NULL , +.Nm i2d_ASN1_NULL +.Nd decode and encode an ASN.1 NULL type +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_NULL * +.Fo d2i_ASN1_NULL +.Fa "ASN1_NULL **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_NULL +.Fa "ASN1_NULL *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode the ASN.1 value NULL of type NULL. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_ASN1_NULL +verifies that the BER-encoded value at +.Pf * Fa der_in +is NULL and of type NULL. +It fails if +.Fa length +is less than 2 or if the first two bytes of +.Pf * Fa der_in +differ from 0x05 and 0x00. +In case of success, +.Pf * Fa der_in +is advanced by two bytes and +.Pf * Fa val_out +is set to a specific invalid pointer representing the unique +.Vt ASN1_NULL +object. +.Pp +.Fn i2d_ASN1_NULL +ignores +.Fa val_in +and encodes the ASN.1 value NULL of type NULL using DER. +Specifically, it writes the identifier octet for the type NULL, +0x05, followed by the length octet 0x00, and no content or +end-of-content octets. +.Sh RETURN VALUES +.Fn d2i_ASN1_NULL +returns a specific invalid pointer representing the unique +.Vt ASN1_NULL +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_ASN1_NULL +returns 2 if successful or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_item_new 3 +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.8: Encoding of null value -- cgit v1.2.3-55-g6feb