Write d2i_ASN1_NULL(3) manual page from scratch.

Both functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.

After reading the code, i'm not amused.  You wouldn't think that
it might take eight stack levels to decode a constant sixteen bit
value that does not even allow a single content octet, or would
you?  Nota bene, this is an average of four stack levels for each
non-zero bit decoded...  :-(

2 files changed, 86 insertions, 1 deletions

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 6065762acd..c6443f3e3f 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.108 2016/12/28 20:36:33 schwarze Exp $
+# $OpenBSD: Makefile,v 1.109 2016/12/29 17:42:54 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -227,6 +227,7 @@ MAN=	\
         X509_verify_cert.3 \
         X509v3_get_ext_by_NID.3 \
         crypto.3 \
+        d2i_ASN1_NULL.3 \
         d2i_ASN1_OBJECT.3 \
         d2i_AUTHORITY_KEYID.3 \
         d2i_BASIC_CONSTRAINTS.3 \
diff --git a/src/lib/libcrypto/man/d2i_ASN1_NULL.3 b/src/lib/libcrypto/man/d2i_ASN1_NULL.3
new file mode 100644
index 0000000000..8efcee69f3
--- /dev/null
+++ b/src/lib/libcrypto/man/d2i_ASN1_NULL.3
@@ -0,0 +1,84 @@
+.\"     $OpenBSD: d2i_ASN1_NULL.3,v 1.1 2016/12/29 17:42:54 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 29 2016 $
+.Dt D2I_ASN1_NULL 3
+.Os
+.Sh NAME
+.Nm d2i_ASN1_NULL ,
+.Nm i2d_ASN1_NULL
+.Nd decode and encode an ASN.1 NULL type
+.Sh SYNOPSIS
+.In openssl/asn1.h
+.Ft ASN1_NULL *
+.Fo d2i_ASN1_NULL
+.Fa "ASN1_NULL **val_out"
+.Fa "const unsigned char **der_in"
+.Fa "long length"
+.Fc
+.Ft int
+.Fo i2d_ASN1_NULL
+.Fa "ASN1_NULL *val_in"
+.Fa "unsigned char **der_out"
+.Fc
+.Sh DESCRIPTION
+These functions decode and encode the ASN.1 value NULL of type NULL.
+For details about the semantics, examples, caveats, and bugs, see
+.Xr ASN1_item_d2i 3 .
+.Pp
+.Fn d2i_ASN1_NULL
+verifies that the BER-encoded value at
+.Pf * Fa der_in
+is NULL and of type NULL.
+It fails if
+.Fa length
+is less than 2 or if the first two bytes of
+.Pf * Fa der_in
+differ from 0x05 and 0x00.
+In case of success,
+.Pf * Fa der_in
+is advanced by two bytes and
+.Pf * Fa val_out
+is set to a specific invalid pointer representing the unique
+.Vt ASN1_NULL
+object.
+.Pp
+.Fn i2d_ASN1_NULL
+ignores
+.Fa val_in
+and encodes the ASN.1 value NULL of type NULL using DER.
+Specifically, it writes the identifier octet for the type NULL,
+0x05, followed by the length octet 0x00, and no content or
+end-of-content octets.
+.Sh RETURN VALUES
+.Fn d2i_ASN1_NULL
+returns a specific invalid pointer representing the unique
+.Vt ASN1_NULL
+object or
+.Dv NULL
+if an error occurs.
+.Pp
+.Fn i2d_ASN1_NULL
+returns 2 if successful or 0 if an error occurs.
+.Sh SEE ALSO
+.Xr ASN1_item_d2i 3 ,
+.Xr ASN1_item_new 3
+.Sh STANDARDS
+ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:
+Information technology - ASN.1 encoding rules:
+Specification of Basic Encoding Rules (BER), Canonical Encoding
+Rules (CER) and Distinguished Encoding Rules (DER),
+section 8.8: Encoding of null value