diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-05-02 14:46:51 -0400 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-05-11 01:46:06 -0400 |
commit | fde2257f055f187e8e78542ea6d64ad6c206d10b (patch) | |
tree | 8255a3511f0df776420218852273595f75fd5bcb /doc | |
parent | 9b5164ce7788d6985b005e410bb7b53bd553c99e (diff) | |
download | openssl-fde2257f055f187e8e78542ea6d64ad6c206d10b.tar.gz |
Fix i2d_X509_AUX, update docs and add tests
When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/crypto/d2i_X509.pod | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 3cd2509d8b..14b84f24ab 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions #include <openssl/x509.h> - X509 *d2i_X509(X509 **px, const unsigned char **in, int len); + X509 *d2i_X509(X509 **px, const unsigned char **in, long len); + X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); int i2d_X509(X509 *x, unsigned char **out); + int i2d_X509_AUX(X509 *x, unsigned char **out); X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); @@ -37,6 +39,11 @@ below, and the discussion in the RETURN VALUES section). If the call is successful B<*in> is incremented to the byte following the parsed data. +d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of +an X509 certificate followed by auxiliary trust information. +This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. +This function should not be called on untrusted input. + i2d_X509() encodes the structure pointed to by B<x> into DER format. If B<out> is not B<NULL> is writes the DER encoded data to the buffer at B<*out>, and increments it to point after the data just written. @@ -48,6 +55,11 @@ allocated for a buffer and the encoded data written to it. In this case B<*out> is not incremented and it points to the start of the data just written. +i2d_X509_AUX() is similar to i2d_X509(), but the encoded output contains both +the certificate and any auxiliary trust information. +This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. +Note, this is a non-standard OpenSSL-specific data format. + d2i_X509_bio() is similar to d2i_X509() except it attempts to parse data from BIO B<bp>. |