openssl-users at dukhovni.org
Tue Apr 2 14:26:46 UTC 2019
On Tue, Apr 02, 2019 at 10:54:43AM +0100, Jeremy Harris wrote:
> > This is incorrect use of the api. You need to provide a NULL
> > buffer, obtain the length, then call again, after allocating
> > a buffer of the requisite size.
> Thanks (again). Perhaps a note of this in the manpage
> would be good? And any other i2d_* pages?
The 1.1.0 (and later) documentation reads:
These functions decode and encode an SSL_SESSION object. For
encoding details see d2i_X509(3).
which leads to:
i2d_TYPE() encodes the structure pointed to by a into DER format.
If ppout is not NULL, it writes the DER encoded data to the
buffer at *ppout, and increments it to point after the data
just written. If the return value is negative an error occurred,
otherwise it returns the length of the encoded data.
If *ppout is NULL memory will be allocated for a buffer and the
encoded data written to it. In this case *ppout is not incremented
and it points to the start of the data just written.
The "1.0.2" version (after running the word-wrapped HTML code
example through "indent") reads:
When using i2d_SSL_SESSION(), the memory location pointed to
by pp must be large enough to hold the binary representation
of the session. There is no known limit on the size of the
created ASN1 representation, so the necessary amount of space
should be obtained by first calling i2d_SSL_SESSION() with
pp=NULL, and obtain the size needed, then allocate the memory
and call i2d_SSL_SESSION() again. Note that this will advance
the value contained in *pp so it is necessary to save a copy
of the original allocation. For example:
int i, j;
char *p, *temp;
i = i2d_SSL_SESSION(sess, NULL);
p = temp = malloc(i);
j = i2d_SSL_SESSION(sess, &temp);
assert(i == j);
assert(p + i == temp);
More information about the openssl-users