From ed29a5f72e0d43526e9e5e7e9ff7de478ee99a50 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 12 Jun 2019 12:12:07 +0100 Subject: [PATCH] Update the d2i docs to reflect reality The d2i docs state that if an error occurs then |*a| is not freed. This is not correct. On error it is freed and set to NULL. We update the docs to say this, and also discuss the fact that this behaviour was inconsistent prior to OpenSSL 1.1.0. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9146) (cherry picked from commit b1d14c412a0ff06d191ef5640bd90bbcd590035c) --- doc/man3/d2i_X509.pod | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 3d50f5d908..747be16f29 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -500,8 +500,8 @@ Represents the B structure defined in PKCS#1 and PKCS#7. d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B structure or B if an error occurs. If the "reuse" capability has been used with -a valid structure being passed in via B, then the object is not freed in -the event of error but may be in a potentially invalid or inconsistent state. +a valid structure being passed in via B, then the object is freed in +the event of error and B<*a> is set to NULL. i2d_TYPE() returns the number of bytes successfully encoded or a negative value if an error occurs. @@ -582,9 +582,13 @@ happen. =head1 BUGS In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when -B<*px> is valid is broken and some parts of the reused structure may -persist if they are not present in the new one. As a result the use -of this "reuse" behaviour is strongly discouraged. +B<*a> is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free B<*a> on error and did not set B<*a> to NULL. + +As a result of the above issues the "reuse" behaviour is strongly discouraged. i2d_TYPE() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error -- 2.25.1