diff options
Diffstat (limited to 'secure/lib/libcrypto/man/d2i_X509.3')
| -rw-r--r-- | secure/lib/libcrypto/man/d2i_X509.3 | 398 |
1 files changed, 398 insertions, 0 deletions
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 new file mode 100644 index 0000000..5ad3dd2 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -0,0 +1,398 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "d2i_X509 3" +.TH d2i_X509 3 "2015-12-03" "1.0.2e" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, +i2d_X509_fp \- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& X509 *d2i_X509(X509 **px, const unsigned char **in, int len); +\& int i2d_X509(X509 *x, unsigned char **out); +\& +\& X509 *d2i_X509_bio(BIO *bp, X509 **x); +\& X509 *d2i_X509_fp(FILE *fp, X509 **x); +\& +\& int i2d_X509_bio(BIO *bp, X509 *x); +\& int i2d_X509_fp(FILE *fp, X509 *x); +\& +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If +successful a pointer to the \fBX509\fR structure is returned. If an error +occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the +returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR +then it is assumed that \fB*px\fR contains a valid \fBX509\fR +structure and an attempt is made to reuse it. This \*(L"reuse\*(R" capability is present +for historical compatibility but its use is \fBstrongly discouraged\fR (see \s-1BUGS\s0 +below, and the discussion in the \s-1RETURN VALUES\s0 section). +.PP +If the call is successful \fB*in\fR is incremented to the byte following the +parsed data. +.PP +\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. +If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer +at \fB*out\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +For OpenSSL 0.9.7 and later if \fB*out\fR is \fB\s-1NULL\s0\fR memory will be +allocated for a buffer and the encoded data written to it. In this +case \fB*out\fR is not incremented and it points to the start of the +data just written. +.PP +\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1BIO \s0\fBbp\fR. +.PP +\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509()\fR except it encodes +only the TBSCertificate portion of the certificate. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for +\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So +\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0 The \*(L"re\*(R" in +\&\fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", and ensures that a fresh +encoding is generated in case the object has been modified after +creation (see the \s-1BUGS\s0 section). +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual X509 structure passed to \fIi2d_X509()\fR must be a valid +populated \fBX509\fR structure it can \fBnot\fR simply be fed with an +empty structure such as that returned by \fIX509_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*in\fR and \fB*out\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +.PP +The reason for the auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will processed after it. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf, *p; +\& +\& len = i2d_X509(x, NULL); +\& +\& buf = OPENSSL_malloc(len); +\& +\& if (buf == NULL) +\& /* error */ +\& +\& p = buf; +\& +\& i2d_X509(x, &p); +.Ve +.PP +If you are using OpenSSL 0.9.7 or later then this can be +simplified to: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& buf = NULL; +\& +\& len = i2d_X509(x, &buf); +\& +\& if (len < 0) +\& /* error */ +.Ve +.PP +Attempt to decode a buffer: +.PP +.Vb 1 +\& X509 *x; +\& +\& unsigned char *buf, *p; +\& +\& int len; +\& +\& /* Something to setup buf and len */ +\& +\& p = buf; +\& +\& x = d2i_X509(NULL, &p, len); +\& +\& if (x == NULL) +\& /* Some error */ +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& X509 *x; +\& +\& unsigned char *buf, *p; +\& +\& int len; +\& +\& /* Something to setup buf and len */ +\& +\& p = buf; +\& +\& x = NULL; +\& +\& if(!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +The use of temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& len = i2d_X509(x, NULL); +\& +\& buf = OPENSSL_malloc(len); +\& +\& if (buf == NULL) +\& /* error */ +\& +\& i2d_X509(x, &buf); +\& +\& /* Other stuff ... */ +\& +\& OPENSSL_free(buf); +.Ve +.PP +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BIOPENSSL_malloc()\fB\fR +and the subsequent call to \fB\f(BIOPENSSL_free()\fB\fR may well crash. +.PP +The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL +0.9.7 and later. Attempts to use it on earlier versions will typically +cause a segmentation violation. +.PP +Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR: +.PP +.Vb 1 +\& X509 *x; +\& +\& if (!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +.PP +This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when +\&\fB*px\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. As a result the use +of this \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fId2i_X509()\fR. This may be +fixed in future so code should not assume that \fIi2d_X509()\fR will +always succeed. +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +Any function which encodes an X509 structure such as \fIi2d_X509()\fR, +\&\fIi2d_X509_fp()\fR or \fIi2d_X509_bio()\fR may return a stale encoding if the +\&\fBX509\fR structure has been modified after deserialization or previous +serialization. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fIi2d_re_X509_tbs()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by +\&\fIERR_get_error\fR\|(3). If the \*(L"reuse\*(R" capability has been used +with a valid X509 structure being passed in via \fBpx\fR then the object is not +freed in the event of error but may be in a potentially invalid or inconsistent +state. +.PP +\&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative +value if an error occurs. The error code can be obtained by +\&\fIERR_get_error\fR\|(3). +.PP +\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return 1 for success and 0 if an error +occurs The error code can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp +are available in all versions of SSLeay and OpenSSL. |
