1 files changed, 91 insertions, 3 deletions
diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3
index 899a801c44..916fdb8005 100644
--- a/src/lib/libcrypto/man/d2i_X509.3
+++ b/src/lib/libcrypto/man/d2i_X509.3
@@ -1,6 +1,55 @@
-.\"     $OpenBSD: d2i_X509.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"     $OpenBSD: d2i_X509.3,v 1.3 2016/12/05 20:39:08 schwarze Exp $
+.\"     OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 5 2016 $
 .Dt D2I_X509 3
 .Os
 .Sh NAME
@@ -17,13 +66,24 @@
 .Fo d2i_X509
 .Fa "X509 **px"
 .Fa "const unsigned char **in"
-.Fa "int len"
+.Fa "long len"
+.Fc
+.Ft X509 *
+.Fo d2i_X509_AUX
+.Fa "X509 **px"
+.Fa "const unsigned char **in"
+.Fa "long len"
 .Fc
 .Ft int
 .Fo i2d_X509
 .Fa "X509 *x"
 .Fa "unsigned char **out"
 .Fc
+.Ft int
+.Fo i2d_X509_AUX
+.Fa "X509 *x"
+.Fa "unsigned char **out"
+.Fc
 .Ft X509 *
 .Fo d2i_X509_bio
 .Fa "BIO *bp"
@@ -75,10 +135,24 @@ then it is assumed that
 contains a valid
 .Vt X509
 structure and an attempt is made to reuse it.
+This "reuse" capability is present for historical compatibility,
+but its use is strongly discouraged, see the
+.Sx BUGS
+and
+.Sx RETURN VALUES
+sections.
 If the call is successful,
 .Pf * Fa in
 is incremented to the byte following the parsed data.
 .Pp
+.Fn d2i_X509_AUX
+is similar to
+.Fn d2i_X509 ,
+but the input is expected to consist of an X.509 certificate followed
+by auxiliary trust information.
+This is used by the PEM routines to read TRUSTED CERTIFICATE objects.
+This function should not be called on untrusted input.
+.Pp
 .Fn i2d_X509
 encodes the structure pointed to by
 .Fa x
@@ -102,6 +176,14 @@ In this case
 .Pf * Fa out
 is not incremented and it points to the start of the data just written.
 .Pp
+.Fn i2d_X509_AUX
+is similar to
+.Fn i2d_X509 ,
+but the encoded output contains both the certificate and any auxiliary
+trust information.
+This is used by the PEM routines to write TRUSTED CERTIFICATE objects.
+Note that this is a non-standard OpenSSL-specific data format.
+.Pp
 .Fn d2i_X509_bio
 is similar to
 .Fn d2i_X509
@@ -206,6 +288,12 @@ return 1 for success or 0 if an error occurs.
 .Pp
 For all functions, the error code can be obtained by
 .Xr ERR_get_error 3 .
+If the "reuse" capability has been used with a valid
+.Vt X509
+structure being passed in via
+.Fa px ,
+then the object is not freed in the event of an error, but may be
+in a potentially invalid or inconsistent state.
 .Sh EXAMPLES
 Allocate and encode the DER encoding of an X509 structure:
 .Bd -literal -offset indent

diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3 index 899a801c44..916fdb8005 100644 --- a/src/lib/libcrypto/man/d2i_X509.3 +++ b/src/lib/libcrypto/man/d2i_X509.3
@@ -1,6 +1,55 @@
1	.\" $OpenBSD: d2i_X509.3,v 1.2 2016/11/06 15:52:50 jmc Exp $	1	.\" $OpenBSD: d2i_X509.3,v 1.3 2016/12/05 20:39:08 schwarze Exp $
		2	.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000
2	.\"	3	.\"
3	.Dd $Mdocdate: November 6 2016 $	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
		5	.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.
		6	.\" All rights reserved.
		7	.\"
		8	.\" Redistribution and use in source and binary forms, with or without
		9	.\" modification, are permitted provided that the following conditions
		10	.\" are met:
		11	.\"
		12	.\" 1. Redistributions of source code must retain the above copyright
		13	.\" notice, this list of conditions and the following disclaimer.
		14	.\"
		15	.\" 2. Redistributions in binary form must reproduce the above copyright
		16	.\" notice, this list of conditions and the following disclaimer in
		17	.\" the documentation and/or other materials provided with the
		18	.\" distribution.
		19	.\"
		20	.\" 3. All advertising materials mentioning features or use of this
		21	.\" software must display the following acknowledgment:
		22	.\" "This product includes software developed by the OpenSSL Project
		23	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		24	.\"
		25	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		26	.\" endorse or promote products derived from this software without
		27	.\" prior written permission. For written permission, please contact
		28	.\" openssl-core@openssl.org.
		29	.\"
		30	.\" 5. Products derived from this software may not be called "OpenSSL"
		31	.\" nor may "OpenSSL" appear in their names without prior written
		32	.\" permission of the OpenSSL Project.
		33	.\"
		34	.\" 6. Redistributions of any form whatsoever must retain the following
		35	.\" acknowledgment:
		36	.\" "This product includes software developed by the OpenSSL Project
		37	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		38	.\"
		39	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		40	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		41	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		42	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		43	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		44	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		45	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		46	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		47	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		48	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		51	.\"
		52	.Dd $Mdocdate: December 5 2016 $
4	.Dt D2I_X509 3	53	.Dt D2I_X509 3
5	.Os	54	.Os
6	.Sh NAME	55	.Sh NAME
@@ -17,13 +66,24 @@
17	.Fo d2i_X509	66	.Fo d2i_X509
18	.Fa "X509 **px"	67	.Fa "X509 **px"
19	.Fa "const unsigned char **in"	68	.Fa "const unsigned char **in"
20	.Fa "int len"	69	.Fa "long len"
		70	.Fc
		71	.Ft X509 *
		72	.Fo d2i_X509_AUX
		73	.Fa "X509 **px"
		74	.Fa "const unsigned char **in"
		75	.Fa "long len"
21	.Fc	76	.Fc
22	.Ft int	77	.Ft int
23	.Fo i2d_X509	78	.Fo i2d_X509
24	.Fa "X509 *x"	79	.Fa "X509 *x"
25	.Fa "unsigned char **out"	80	.Fa "unsigned char **out"
26	.Fc	81	.Fc
		82	.Ft int
		83	.Fo i2d_X509_AUX
		84	.Fa "X509 *x"
		85	.Fa "unsigned char **out"
		86	.Fc
27	.Ft X509 *	87	.Ft X509 *
28	.Fo d2i_X509_bio	88	.Fo d2i_X509_bio
29	.Fa "BIO *bp"	89	.Fa "BIO *bp"
@@ -75,10 +135,24 @@ then it is assumed that
75	contains a valid	135	contains a valid
76	.Vt X509	136	.Vt X509
77	structure and an attempt is made to reuse it.	137	structure and an attempt is made to reuse it.
		138	This "reuse" capability is present for historical compatibility,
		139	but its use is strongly discouraged, see the
		140	.Sx BUGS
		141	and
		142	.Sx RETURN VALUES
		143	sections.
78	If the call is successful,	144	If the call is successful,
79	.Pf * Fa in	145	.Pf * Fa in
80	is incremented to the byte following the parsed data.	146	is incremented to the byte following the parsed data.
81	.Pp	147	.Pp
		148	.Fn d2i_X509_AUX
		149	is similar to
		150	.Fn d2i_X509 ,
		151	but the input is expected to consist of an X.509 certificate followed
		152	by auxiliary trust information.
		153	This is used by the PEM routines to read TRUSTED CERTIFICATE objects.
		154	This function should not be called on untrusted input.
		155	.Pp
82	.Fn i2d_X509	156	.Fn i2d_X509
83	encodes the structure pointed to by	157	encodes the structure pointed to by
84	.Fa x	158	.Fa x
@@ -102,6 +176,14 @@ In this case
102	.Pf * Fa out	176	.Pf * Fa out
103	is not incremented and it points to the start of the data just written.	177	is not incremented and it points to the start of the data just written.
104	.Pp	178	.Pp
		179	.Fn i2d_X509_AUX
		180	is similar to
		181	.Fn i2d_X509 ,
		182	but the encoded output contains both the certificate and any auxiliary
		183	trust information.
		184	This is used by the PEM routines to write TRUSTED CERTIFICATE objects.
		185	Note that this is a non-standard OpenSSL-specific data format.
		186	.Pp
105	.Fn d2i_X509_bio	187	.Fn d2i_X509_bio
106	is similar to	188	is similar to
107	.Fn d2i_X509	189	.Fn d2i_X509
@@ -206,6 +288,12 @@ return 1 for success or 0 if an error occurs.
206	.Pp	288	.Pp
207	For all functions, the error code can be obtained by	289	For all functions, the error code can be obtained by
208	.Xr ERR_get_error 3 .	290	.Xr ERR_get_error 3 .
		291	If the "reuse" capability has been used with a valid
		292	.Vt X509
		293	structure being passed in via
		294	.Fa px ,
		295	then the object is not freed in the event of an error, but may be
		296	in a potentially invalid or inconsistent state.
209	.Sh EXAMPLES	297	.Sh EXAMPLES
210	Allocate and encode the DER encoding of an X509 structure:	298	Allocate and encode the DER encoding of an X509 structure:
211	.Bd -literal -offset indent	299	.Bd -literal -offset indent