From b42e4a9f6ba30ed0ce74018e9548f523e703f8be Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 10 Feb 2015 16:08:33 +0000 Subject: [PATCH] Add dire warnings about the "reuse" capability of the d2i_* functions. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper --- doc/crypto/d2i_X509.pod | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index fea6e868e5..03236769a0 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -30,8 +30,11 @@ successful a pointer to the B structure is returned. If an error occurred then B is returned. If B is not B then the returned structure is written to B<*px>. If B<*px> is not B then it is assumed that B<*px> contains a valid B -structure and an attempt is made to reuse it. If the call is -successful B<*in> is incremented to the byte following the +structure and an attempt is made to reuse it. This "reuse" capability is present +for historical compatibility but its use is B (see BUGS +below, and the discussion in the RETURN VALUES section). + +If the call is successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B into DER format. @@ -87,7 +90,8 @@ can trap the unwary. See the B section for some common errors. The reason for the auto increment behaviour is to reflect a typical -usage of ASN1 functions: after one structure is encoded or decoded +usage of ASN1 functions: after one structure is encoded or decoded if (a != NULL) + (*a) = ret; another will processed after it. =head1 EXAMPLES @@ -209,7 +213,8 @@ of this "reuse" behaviour is strongly discouraged. i2d_X509() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error -then the encoded structure may contain invalid data or omit the +then the encoded structure may contain invalid data or omit the if (a != NULL) + (*a) = ret; fields entirely and will not be parsed by d2i_X509(). This may be fixed in future so code should not assume that i2d_X509() will always succeed. @@ -233,7 +238,10 @@ i2d_re_X509_tbs(). d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +freed in the event of error but may be in a potentially invalid or inconsistent +state. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by -- 2.34.1