1 files changed, 295 insertions, 21 deletions
diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
index 86cbadc46b..7cf8f6377c 100644
--- a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,5 +1,5 @@
-.\"     $OpenBSD: CRYPTO_set_ex_data.3,v 1.4 2016/11/23 16:28:23 schwarze Exp $
+.\"     $OpenBSD: CRYPTO_set_ex_data.3,v 1.5 2016/11/28 22:25:51 schwarze Exp $
-.\"     OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500
+.\"     OpenSSL CRYPTO_get_ex_new_index.pod 35cb565a Nov 19 15:49:30 2015 -0500
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2000, 2006 The OpenSSL Project.  All rights reserved.
@@ -47,17 +47,115 @@
 .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"     OpenSSL
 .\"
-.Dd $Mdocdate: November 23 2016 $
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" and by Rich Salz <rsalz@akamai.com>.
+.\" Copyright (c) 2000, 2006, 2015, 2016 The OpenSSL Project.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 28 2016 $
 .Dt CRYPTO_SET_EX_DATA 3
 .Os
 .Sh NAME
+.Nm CRYPTO_EX_new ,
+.Nm CRYPTO_EX_free ,
+.Nm CRYPTO_EX_dup ,
+.Nm CRYPTO_get_ex_new_index ,
 .Nm CRYPTO_set_ex_data ,
-.Nm CRYPTO_get_ex_data
+.Nm CRYPTO_get_ex_data ,
-.Nd internal application specific data functions
+.Nm CRYPTO_free_ex_data ,
+.Nm CRYPTO_new_ex_data
+.Nd functions supporting application-specific data
 .Sh SYNOPSIS
 .In openssl/crypto.h
 .Ft int
+.Fo CRYPTO_get_ex_new_index
+.Fa "int class_index"
+.Fa "long argl"
+.Fa "void *argp"
+.Fa "CRYPTO_EX_new *new_func"
+.Fa "CRYPTO_EX_dup *dup_func"
+.Fa "CRYPTO_EX_free *free_func"
+.Fc
+.Ft typedef int
+.Fo CRYPTO_EX_new
+.Fa "void *parent"
+.Fa "void *ptr"
+.Fa "CRYPTO_EX_DATA *ad"
+.Fa "int idx"
+.Fa "long argl"
+.Fa "void *argp"
+.Fc
+.Ft typedef void
+.Fo CRYPTO_EX_free
+.Fa "void *parent"
+.Fa "void *ptr"
+.Fa "CRYPTO_EX_DATA *ad"
+.Fa "int idx"
+.Fa "long argl"
+.Fa "void *argp"
+.Fc
+.Ft typedef int
+.Fo CRYPTO_EX_dup
+.Fa "CRYPTO_EX_DATA *to"
+.Fa "const CRYPTO_EX_DATA *from"
+.Fa "void *from_d"
+.Fa "int idx"
+.Fa "long argl"
+.Fa "void *argp"
+.Fc
+.Ft int
+.Fo CRYPTO_new_ex_data
+.Fa "int class_index"
+.Fa "void *obj"
+.Fa "CRYPTO_EX_DATA *ad"
+.Fc
+.Ft int
 .Fo CRYPTO_set_ex_data
 .Fa "CRYPTO_EX_DATA *r"
 .Fa "int idx"
@@ -68,22 +166,191 @@
 .Fa "CRYPTO_EX_DATA *r"
 .Fa "int idx"
 .Fc
+.Ft void
+.Fo CRYPTO_free_ex_data
+.Fa "int class_index"
+.Fa "void *obj"
+.Fa "CRYPTO_EX_DATA *r"
+.Fc
 .Sh DESCRIPTION
 Several OpenSSL structures can have application specific data attached
-to them.
+to them, known as "exdata."
-These functions are used internally by OpenSSL to manipulate application
+The specific structures are:
-specific data attached to a specific structure.
+.Bd -literal
+    SSL
+    SSL_CTX
+    SSL_SESSION
+    X509
+    X509_STORE
+    X509_STORE_CTX
+    DH
+    DSA
+    RSA
+    ENGINE
+    UI
+    BIO
+.Ed
 .Pp
-These functions should only be used by applications to manipulate
+Each is identified by a
+.Dv CRYPTO_EX_INDEX_*
+constant defined in the
+.In openssl/crypto.h
+header file.
+.Pp
+The API described here is used by OpenSSL to manipulate exdata for
+specific structures.
+Since the application data can be anything at all it is passed and
+retrieved as a
+.Vt void *
+type.
+.Pp
+The
 .Vt CRYPTO_EX_DATA
-structures passed to the
+type is opaque.
-.Fn new_func ,
+To initialize the exdata part of a structure, call
-.Fn free_func ,
+.Fn CRYPTO_new_ex_data .
+.Pp
+Exdata types are identified by an index, an integer guaranteed to
+be unique within structures for the lifetime of the program.
+Applications using exdata typically call
+.Fn CRYPTO_get_ex_new_index
+at startup and store the result in a global variable, or write a
+wrapper function to provide lazy evaluation.
+The
+.Fa class_index
+should be one of the
+.Dv CRYPTO_EX_INDEX_*
+values.
+The
+.Fa argl
 and
-.Fn dup_func
+.Fa argp
-callbacks, as passed to
+parameters are saved to be passed to the callbacks but are otherwise not
-.Xr RSA_get_ex_new_index 3 ,
+used.
-for example.
+In order to transparently manipulate exdata, three callbacks must be
+provided.
+The semantics of those callbacks are described below.
+.Pp
+When copying or releasing objects with exdata, the callback functions
+are called in increasing order of their index value.
+.Pp
+To set or get the exdata on an object, the appropriate type-specific
+routine must be used.
+This is because the containing structure is opaque and the
+.Vt CRYPTO_EX_DATA
+field is not accessible.
+In both APIs, the
+.Fa idx
+parameter should be an already-created index value.
+.Pp
+When setting exdata, the pointer specified with a particular index is
+saved, and returned on a subsequent "get" call.
+If the application is going to release the data, it must make sure to
+set a
+.Dv NULL
+value at the index, to avoid likely double-free crashes.
+.Pp
+The function
+.Fn CRYPTO_free_ex_data
+is used to free all exdata attached to a structure.
+The appropriate type-specific routine must be used.
+The
+.Fa class_index
+identifies the structure type, the
+.Fa obj
+is be the pointer to the actual structure, and
+.Fa r
+is a pointer to the structure's exdata field.
+.Pp
+The callback functions are used as follows.
+.Pp
+When a structure is initially allocated (such as by
+.Xr RSA_new 3 ) ,
+then
+.Fa new_func
+is called for every defined index.
+There is no requirement that the entire parent, or containing, structure
+has been set up.
+The
+.Fa new_func
+is typically used only to allocate memory to store the
+exdata, and perhaps an "initialized" flag within that memory.
+The exdata value should be set by calling
+.Fn CRYPTO_set_ex_data .
+.Pp
+When a structure is free'd (such as by
+.Xr SSL_CTX_free 3 ) ,
+then the
+.Fa free_func
+is called for every defined index.
+Again, the state of the parent structure is not guaranteed.
+The
+.Fa free_func
+may be called with a
+.Dv NULL
+pointer.
+.Pp
+Both
+.Fa new_func
+and
+.Fa free_func
+take the same parameters.
+The
+.Fa parent
+is the pointer to the structure that contains the exdata.
+The
+.Fa ptr
+is the current exdata item; for
+.Fa new_func
+this will typically be
+.Dv NULL .
+The
+.Fa r
+parameter is a pointer to the exdata field of the object.
+The
+.Fa idx
+is the index and is the value returned when the callbacks were initially
+registered via
+.Fn CRYPTO_get_ex_new_index
+and can be used if the same callback handles different types of exdata.
+.Pp
+.Fa dup_func
+is called when a structure is being copied.
+This is only done for
+.Vt SSL
+and
+.Vt SSL_SESSION
+objects.
+The
+.Fa to
+and
+.Fa from
+parameters are pointers to the destination and source
+.Vt CRYPTO_EX_DATA
+structures, respectively.
+The
+.Fa from_d
+parameter is a pointer to the source exdata.
+When
+.Fa dup_func
+returns, the value in
+.Fa from_d
+is copied to the destination ex_data.
+If the pointer contained in
+.Fa from_d
+is not modified by the
+.Fa dup_func ,
+then both
+.Fa to
+and
+.Fa from
+will point to the same data.
+The
+.Fa idx ,
+.Fa argl
+and
+.Fa argp
+parameters are as described for the other two callbacks.
 .Pp
 .Fn CRYPTO_set_ex_data
 is used to set application specific data.
@@ -98,15 +365,22 @@ supplied to a previous
 .Fn CRYPTO_set_ex_data
 call.
 .Sh RETURN VALUES
+.Fn CRYPTO_get_ex_new_index
+returns a new index or -1 on failure; the value 0 is reserved for
+the legacy "app_data" APIs.
+.Pp
 .Fn CRYPTO_set_ex_data
 returns 1 on success or 0 on failure.
 .Pp
 .Fn CRYPTO_get_ex_data
-returns the application data or 0 on failure.
+returns the application data or
-0 may also be valid application data but currently it can only fail if
+.Dv NULL
-given an invalid
+on failure; note that
-.Fa idx
+.Dv NULL
-parameter.
+may be a valid value.
+.Pp
+.Fa dup_func
+should return 0 for failure and 1 for success.
 .Pp
 On failure an error code can be obtained from
 .Xr ERR_get_error 3 .

diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 index 86cbadc46b..7cf8f6377c 100644 --- a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,5 +1,5 @@
1	.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.4 2016/11/23 16:28:23 schwarze Exp $	1	.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.5 2016/11/28 22:25:51 schwarze Exp $
2	.\" OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500	2	.\" OpenSSL CRYPTO_get_ex_new_index.pod 35cb565a Nov 19 15:49:30 2015 -0500
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
5	.\" Copyright (c) 2000, 2006 The OpenSSL Project. All rights reserved.	5	.\" Copyright (c) 2000, 2006 The OpenSSL Project. All rights reserved.
@@ -47,17 +47,115 @@
47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		50	.\" OpenSSL
50	.\"	51	.\"
51	.Dd $Mdocdate: November 23 2016 $	52	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
		53	.\" and by Rich Salz <rsalz@akamai.com>.
		54	.\" Copyright (c) 2000, 2006, 2015, 2016 The OpenSSL Project.
		55	.\" All rights reserved.
		56	.\"
		57	.\" Redistribution and use in source and binary forms, with or without
		58	.\" modification, are permitted provided that the following conditions
		59	.\" are met:
		60	.\"
		61	.\" 1. Redistributions of source code must retain the above copyright
		62	.\" notice, this list of conditions and the following disclaimer.
		63	.\"
		64	.\" 2. Redistributions in binary form must reproduce the above copyright
		65	.\" notice, this list of conditions and the following disclaimer in
		66	.\" the documentation and/or other materials provided with the
		67	.\" distribution.
		68	.\"
		69	.\" 3. All advertising materials mentioning features or use of this
		70	.\" software must display the following acknowledgment:
		71	.\" "This product includes software developed by the OpenSSL Project
		72	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		73	.\"
		74	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		75	.\" endorse or promote products derived from this software without
		76	.\" prior written permission. For written permission, please contact
		77	.\" openssl-core@openssl.org.
		78	.\"
		79	.\" 5. Products derived from this software may not be called "OpenSSL"
		80	.\" nor may "OpenSSL" appear in their names without prior written
		81	.\" permission of the OpenSSL Project.
		82	.\"
		83	.\" 6. Redistributions of any form whatsoever must retain the following
		84	.\" acknowledgment:
		85	.\" "This product includes software developed by the OpenSSL Project
		86	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		87	.\"
		88	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		89	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		90	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		91	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		92	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		93	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		94	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		95	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		96	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		97	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		98	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		99	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		100	.\"
		101	.Dd $Mdocdate: November 28 2016 $
52	.Dt CRYPTO_SET_EX_DATA 3	102	.Dt CRYPTO_SET_EX_DATA 3
53	.Os	103	.Os
54	.Sh NAME	104	.Sh NAME
		105	.Nm CRYPTO_EX_new ,
		106	.Nm CRYPTO_EX_free ,
		107	.Nm CRYPTO_EX_dup ,
		108	.Nm CRYPTO_get_ex_new_index ,
55	.Nm CRYPTO_set_ex_data ,	109	.Nm CRYPTO_set_ex_data ,
56	.Nm CRYPTO_get_ex_data	110	.Nm CRYPTO_get_ex_data ,
57	.Nd internal application specific data functions	111	.Nm CRYPTO_free_ex_data ,
		112	.Nm CRYPTO_new_ex_data
		113	.Nd functions supporting application-specific data
58	.Sh SYNOPSIS	114	.Sh SYNOPSIS
59	.In openssl/crypto.h	115	.In openssl/crypto.h
60	.Ft int	116	.Ft int
		117	.Fo CRYPTO_get_ex_new_index
		118	.Fa "int class_index"
		119	.Fa "long argl"
		120	.Fa "void *argp"
		121	.Fa "CRYPTO_EX_new *new_func"
		122	.Fa "CRYPTO_EX_dup *dup_func"
		123	.Fa "CRYPTO_EX_free *free_func"
		124	.Fc
		125	.Ft typedef int
		126	.Fo CRYPTO_EX_new
		127	.Fa "void *parent"
		128	.Fa "void *ptr"
		129	.Fa "CRYPTO_EX_DATA *ad"
		130	.Fa "int idx"
		131	.Fa "long argl"
		132	.Fa "void *argp"
		133	.Fc
		134	.Ft typedef void
		135	.Fo CRYPTO_EX_free
		136	.Fa "void *parent"
		137	.Fa "void *ptr"
		138	.Fa "CRYPTO_EX_DATA *ad"
		139	.Fa "int idx"
		140	.Fa "long argl"
		141	.Fa "void *argp"
		142	.Fc
		143	.Ft typedef int
		144	.Fo CRYPTO_EX_dup
		145	.Fa "CRYPTO_EX_DATA *to"
		146	.Fa "const CRYPTO_EX_DATA *from"
		147	.Fa "void *from_d"
		148	.Fa "int idx"
		149	.Fa "long argl"
		150	.Fa "void *argp"
		151	.Fc
		152	.Ft int
		153	.Fo CRYPTO_new_ex_data
		154	.Fa "int class_index"
		155	.Fa "void *obj"
		156	.Fa "CRYPTO_EX_DATA *ad"
		157	.Fc
		158	.Ft int
61	.Fo CRYPTO_set_ex_data	159	.Fo CRYPTO_set_ex_data
62	.Fa "CRYPTO_EX_DATA *r"	160	.Fa "CRYPTO_EX_DATA *r"
63	.Fa "int idx"	161	.Fa "int idx"
@@ -68,22 +166,191 @@
68	.Fa "CRYPTO_EX_DATA *r"	166	.Fa "CRYPTO_EX_DATA *r"
69	.Fa "int idx"	167	.Fa "int idx"
70	.Fc	168	.Fc
		169	.Ft void
		170	.Fo CRYPTO_free_ex_data
		171	.Fa "int class_index"
		172	.Fa "void *obj"
		173	.Fa "CRYPTO_EX_DATA *r"
		174	.Fc
71	.Sh DESCRIPTION	175	.Sh DESCRIPTION
72	Several OpenSSL structures can have application specific data attached	176	Several OpenSSL structures can have application specific data attached
73	to them.	177	to them, known as "exdata."
74	These functions are used internally by OpenSSL to manipulate application	178	The specific structures are:
75	specific data attached to a specific structure.	179	.Bd -literal
		180	SSL
		181	SSL_CTX
		182	SSL_SESSION
		183	X509
		184	X509_STORE
		185	X509_STORE_CTX
		186	DH
		187	DSA
		188	RSA
		189	ENGINE
		190	UI
		191	BIO
		192	.Ed
76	.Pp	193	.Pp
77	These functions should only be used by applications to manipulate	194	Each is identified by a
		195	.Dv CRYPTO_EX_INDEX_*
		196	constant defined in the
		197	.In openssl/crypto.h
		198	header file.
		199	.Pp
		200	The API described here is used by OpenSSL to manipulate exdata for
		201	specific structures.
		202	Since the application data can be anything at all it is passed and
		203	retrieved as a
		204	.Vt void *
		205	type.
		206	.Pp
		207	The
78	.Vt CRYPTO_EX_DATA	208	.Vt CRYPTO_EX_DATA
79	structures passed to the	209	type is opaque.
80	.Fn new_func ,	210	To initialize the exdata part of a structure, call
81	.Fn free_func ,	211	.Fn CRYPTO_new_ex_data .
		212	.Pp
		213	Exdata types are identified by an index, an integer guaranteed to
		214	be unique within structures for the lifetime of the program.
		215	Applications using exdata typically call
		216	.Fn CRYPTO_get_ex_new_index
		217	at startup and store the result in a global variable, or write a
		218	wrapper function to provide lazy evaluation.
		219	The
		220	.Fa class_index
		221	should be one of the
		222	.Dv CRYPTO_EX_INDEX_*
		223	values.
		224	The
		225	.Fa argl
82	and	226	and
83	.Fn dup_func	227	.Fa argp
84	callbacks, as passed to	228	parameters are saved to be passed to the callbacks but are otherwise not
85	.Xr RSA_get_ex_new_index 3 ,	229	used.
86	for example.	230	In order to transparently manipulate exdata, three callbacks must be
		231	provided.
		232	The semantics of those callbacks are described below.
		233	.Pp
		234	When copying or releasing objects with exdata, the callback functions
		235	are called in increasing order of their index value.
		236	.Pp
		237	To set or get the exdata on an object, the appropriate type-specific
		238	routine must be used.
		239	This is because the containing structure is opaque and the
		240	.Vt CRYPTO_EX_DATA
		241	field is not accessible.
		242	In both APIs, the
		243	.Fa idx
		244	parameter should be an already-created index value.
		245	.Pp
		246	When setting exdata, the pointer specified with a particular index is
		247	saved, and returned on a subsequent "get" call.
		248	If the application is going to release the data, it must make sure to
		249	set a
		250	.Dv NULL
		251	value at the index, to avoid likely double-free crashes.
		252	.Pp
		253	The function
		254	.Fn CRYPTO_free_ex_data
		255	is used to free all exdata attached to a structure.
		256	The appropriate type-specific routine must be used.
		257	The
		258	.Fa class_index
		259	identifies the structure type, the
		260	.Fa obj
		261	is be the pointer to the actual structure, and
		262	.Fa r
		263	is a pointer to the structure's exdata field.
		264	.Pp
		265	The callback functions are used as follows.
		266	.Pp
		267	When a structure is initially allocated (such as by
		268	.Xr RSA_new 3 ) ,
		269	then
		270	.Fa new_func
		271	is called for every defined index.
		272	There is no requirement that the entire parent, or containing, structure
		273	has been set up.
		274	The
		275	.Fa new_func
		276	is typically used only to allocate memory to store the
		277	exdata, and perhaps an "initialized" flag within that memory.
		278	The exdata value should be set by calling
		279	.Fn CRYPTO_set_ex_data .
		280	.Pp
		281	When a structure is free'd (such as by
		282	.Xr SSL_CTX_free 3 ) ,
		283	then the
		284	.Fa free_func
		285	is called for every defined index.
		286	Again, the state of the parent structure is not guaranteed.
		287	The
		288	.Fa free_func
		289	may be called with a
		290	.Dv NULL
		291	pointer.
		292	.Pp
		293	Both
		294	.Fa new_func
		295	and
		296	.Fa free_func
		297	take the same parameters.
		298	The
		299	.Fa parent
		300	is the pointer to the structure that contains the exdata.
		301	The
		302	.Fa ptr
		303	is the current exdata item; for
		304	.Fa new_func
		305	this will typically be
		306	.Dv NULL .
		307	The
		308	.Fa r
		309	parameter is a pointer to the exdata field of the object.
		310	The
		311	.Fa idx
		312	is the index and is the value returned when the callbacks were initially
		313	registered via
		314	.Fn CRYPTO_get_ex_new_index
		315	and can be used if the same callback handles different types of exdata.
		316	.Pp
		317	.Fa dup_func
		318	is called when a structure is being copied.
		319	This is only done for
		320	.Vt SSL
		321	and
		322	.Vt SSL_SESSION
		323	objects.
		324	The
		325	.Fa to
		326	and
		327	.Fa from
		328	parameters are pointers to the destination and source
		329	.Vt CRYPTO_EX_DATA
		330	structures, respectively.
		331	The
		332	.Fa from_d
		333	parameter is a pointer to the source exdata.
		334	When
		335	.Fa dup_func
		336	returns, the value in
		337	.Fa from_d
		338	is copied to the destination ex_data.
		339	If the pointer contained in
		340	.Fa from_d
		341	is not modified by the
		342	.Fa dup_func ,
		343	then both
		344	.Fa to
		345	and
		346	.Fa from
		347	will point to the same data.
		348	The
		349	.Fa idx ,
		350	.Fa argl
		351	and
		352	.Fa argp
		353	parameters are as described for the other two callbacks.
87	.Pp	354	.Pp
88	.Fn CRYPTO_set_ex_data	355	.Fn CRYPTO_set_ex_data
89	is used to set application specific data.	356	is used to set application specific data.
@@ -98,15 +365,22 @@ supplied to a previous
98	.Fn CRYPTO_set_ex_data	365	.Fn CRYPTO_set_ex_data
99	call.	366	call.
100	.Sh RETURN VALUES	367	.Sh RETURN VALUES
		368	.Fn CRYPTO_get_ex_new_index
		369	returns a new index or -1 on failure; the value 0 is reserved for
		370	the legacy "app_data" APIs.
		371	.Pp
101	.Fn CRYPTO_set_ex_data	372	.Fn CRYPTO_set_ex_data
102	returns 1 on success or 0 on failure.	373	returns 1 on success or 0 on failure.
103	.Pp	374	.Pp
104	.Fn CRYPTO_get_ex_data	375	.Fn CRYPTO_get_ex_data
105	returns the application data or 0 on failure.	376	returns the application data or
106	0 may also be valid application data but currently it can only fail if	377	.Dv NULL
107	given an invalid	378	on failure; note that
108	.Fa idx	379	.Dv NULL
109	parameter.	380	may be a valid value.
		381	.Pp
		382	.Fa dup_func
		383	should return 0 for failure and 1 for success.
110	.Pp	384	.Pp
111	On failure an error code can be obtained from	385	On failure an error code can be obtained from
112	.Xr ERR_get_error 3 .	386	.Xr ERR_get_error 3 .