Also document the weird d2i_ASN1_UINTEGER(3), listed in <openssl/asn1.h>

and in OpenSSL doc/man3/d2i_X509.pod (with wrong prototype).

1 files changed, 16 insertions, 1 deletions

diff --git a/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 b/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3
index 4ea67412d9b..1f76e5fdc11 100644
--- a/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3
+++ b/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.1 2017/01/05 22:38:04 schwarze Exp $
+.\"	$OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.2 2017/01/05 23:13:07 schwarze Exp $
 .\"
 .\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -24,6 +24,7 @@
 .Nm i2d_ASN1_BIT_STRING ,
 .Nm d2i_ASN1_INTEGER ,
 .Nm i2d_ASN1_INTEGER ,
+.Nm d2i_ASN1_UINTEGER ,
 .Nm d2i_ASN1_ENUMERATED ,
 .Nm i2d_ASN1_ENUMERATED ,
 .Nm d2i_ASN1_UTF8STRING ,
@@ -90,6 +91,12 @@
 .Fa "ASN1_INTEGER *val_in"
 .Fa "unsigned char **der_out"
 .Fc
+.Ft ASN1_INTEGER *
+.Fo d2i_ASN1_UINTEGER
+.Fa "ASN1_INTEGER **val_out"
+.Fa "const unsigned char **der_in"
+.Fa "long length"
+.Fc
 .Ft ASN1_ENUMERATED *
 .Fo d2i_ASN1_ENUMERATED
 .Fa "ASN1_ENUMERATED **val_out"
@@ -344,6 +351,14 @@ and also used for certificate revocation lists, see
 .Xr X509_CRL_INFO_new 3 .
 When decoding, it accepts either GeneralizedTime or UTCTime.
 When encoding, it writes out the time type that is actually passed in.
+.Pp
+.Fn d2i_ASN1_UINTEGER
+is similar to
+.Fn d2i_ASN1_INTEGER
+except that it ignores the sign bit in the BER encoding and treats
+all integers as positive.
+It helps to process BER input produced by broken software
+that neglects adding a leading NUL content byte where required.
 .Sh RETURN VALUES
 The
 .Fn d2i_*