Fix use of pem_read_buffer() in PK, DHM and X509
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 4d16619..caa630d 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -269,11 +269,12 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
/** \ingroup x509_module */
/**
- * \brief Parse DHM parameters
+ * \brief Parse DHM parameters in PEM or DER format
*
* \param dhm DHM context to be initialized
* \param dhmin input buffer
* \param dhminlen size of the buffer
+ * (including the terminating null byte for PEM data)
*
* \return 0 if successful, or a specific DHM or PEM error code
*/
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index ef94529..f826abd 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -73,7 +73,7 @@
* \param ctx context to use
* \param header header string to seek and expect
* \param footer footer string to seek and expect
- * \param data source data to look in
+ * \param data source data to look in (must be nul-terminated)
* \param pwd password for decryption (can be NULL)
* \param pwdlen length of password
* \param use_len destination for total length used (set after header is
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 44efef0..3ed8b5e 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -427,11 +427,12 @@
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
/**
- * \brief Parse a private key
+ * \brief Parse a private key in PEM or DER format
*
* \param ctx key to be initialized
* \param key input buffer
* \param keylen size of the buffer
+ * (including the terminating null byte for PEM data)
* \param pwd password for decryption (optional)
* \param pwdlen size of the password
*
@@ -449,11 +450,12 @@
/** \ingroup pk_module */
/**
- * \brief Parse a public key
+ * \brief Parse a public key in PEM or DER format
*
* \param ctx key to be initialized
* \param key input buffer
* \param keylen size of the buffer
+ * (including the terminating null byte for PEM data)
*
* \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 395c1b3..7b40739 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -101,7 +101,7 @@
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in DER format
- * \param buflen size of the buffer
+ * (including the terminating null byte for PEM data)
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
@@ -115,6 +115,7 @@
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in PEM or DER format
* \param buflen size of the buffer
+ * (including the terminating null byte for PEM data)
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index e184dee..aced7eb 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -141,8 +141,9 @@
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
- * \param buf buffer holding the certificate data
+ * \param buf buffer holding the certificate data in PEM or DER format
* \param buflen size of the buffer
+ * (including the terminating null byte for PEM data)
*
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index c46bc61..0082ada 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -99,6 +99,7 @@
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
+ * (including the terminating null byte for PEM data)
*
* \return 0 if successful, or a specific X509 or PEM error code
*/