strip back asn1parse; ok beck jsing

description of -out altered on jsing's advice
author: jmc <> 2016-07-17 16:33:17 +0000
committer: jmc <> 2016-07-17 16:33:17 +0000
commit: 00c5500ecd078240623477d09383d42a2d706a69 (patch)
tree: c865c0e7c11fa09e56da2939f0b6eee8d96deb05
parent: 8109af5f2daf46b062aa3ffda9db6ff7889f818f (diff)
download: openbsd-00c5500ecd078240623477d09383d42a2d706a69.tar.gz
openbsd-00c5500ecd078240623477d09383d42a2d706a69.tar.bz2
openbsd-00c5500ecd078240623477d09383d42a2d706a69.zip
1 files changed, 27 insertions, 108 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index cad60f2670..08769c56e4 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.33 2016/07/16 07:27:53 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.34 2016/07/17 16:33:17 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: July 16 2016 $
+.Dd $Mdocdate: July 17 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -207,27 +207,22 @@ is not able to detect pseudo-commands such as
 or
 .Cm no- Ns Ar XXX
 itself.
-.\"
-.\" ASN1PARSE
-.\"
 .Sh ASN1PARSE
 .nr nS 1
 .Nm "openssl asn1parse"
-.Bk -words
 .Op Fl i
 .Op Fl dlimit Ar number
 .Op Fl dump
 .Op Fl genconf Ar file
 .Op Fl genstr Ar str
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM | TXT
+.Op Fl inform Cm der | pem | txt
 .Op Fl length Ar number
 .Op Fl noout
 .Op Fl offset Ar number
 .Op Fl oid Ar file
 .Op Fl out Ar file
 .Op Fl strparse Ar offset
-.Ek
 .nr nS 0
 .Pp
 The
@@ -248,9 +243,8 @@ Generate encoded data based on string
 .Ar str ,
 file
 .Ar file ,
-or both using
+or both, using the format described in
-.Xr ASN1_generate_nconf 3
+.Xr ASN1_generate_nconf 3 .
-format.
 If only
 .Ar file
 is present then the string is obtained from the default section
@@ -262,134 +256,59 @@ the contents can thus be examined and written to a file using the
 .Fl out
 option.
 .It Fl i
-Indents the output according to the
+Indent the output according to the
 .Qq depth
 of the structures.
 .It Fl in Ar file
-The input file; default is standard input.
+The input file; the default is standard input.
-.It Fl inform Ar DER | PEM | TXT
+.It Fl inform Cm der | pem | txt
 The input format.
-.Ar DER
+.Cm der
 .Pq Distinguished Encoding Rules
 is binary format and
-.Ar PEM
+.Cm pem
 .Pq Privacy Enhanced Mail ,
 the default, is base64-encoded.
-.Ar TXT
+.Cm txt
 is plain text.
 .It Fl length Ar number
-Number of bytes to parse; default is until end of file.
+Number of bytes to parse; the default is until end of file.
 .It Fl noout
 Don't output the parsed version of the input file.
 .It Fl offset Ar number
-Starting offset to begin parsing; default is start of file.
+Starting offset to begin parsing; the default is start of file.
 .It Fl oid Ar file
 A file containing additional object identifiers
 .Pq OIDs .
-The format of this file is described in the
-.Sx ASN1PARSE NOTES
-section below.
-.It Fl out Ar file
-Output file to place the DER-encoded data into.
-If this option is not present, no encoded data will be output.
-This is most useful when combined with the
-.Fl strparse
-option.
-.It Fl strparse Ar offset
-Parse the content octets of the ASN.1 object starting at
-.Ar offset .
-This option can be used multiple times to
-.Qq drill down
-into a nested structure.
-.El
-.Sh ASN1PARSE OUTPUT
-The output will typically contain lines like this:
-.Bd -literal -offset 2n
-0:d=0  hl=4 l= 681 cons: SEQUENCE
-\&.....
-229:d=3  hl=3 l= 141 prim: BIT STRING
-373:d=2  hl=3 l= 162 cons: cont [ 3 ]
-376:d=3  hl=3 l= 159 cons: SEQUENCE
-379:d=4  hl=2 l=  29 cons: SEQUENCE
-381:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Subject Key Identifier
-386:d=5  hl=2 l=  22 prim: OCTET STRING
-410:d=4  hl=2 l= 112 cons: SEQUENCE
-412:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Authority Key Identifier
-417:d=5  hl=2 l= 105 prim: OCTET STRING
-524:d=4  hl=2 l=  12 cons: SEQUENCE
-\&.....
-.Ed
-.Pp
-This example is part of a self-signed certificate.
-Each line starts with the offset in decimal.
-.Cm d=XX
-specifies the current depth.
-The depth is increased within the scope of any SET or SEQUENCE.
-.Cm hl=XX
-gives the header length
-.Pq tag and length octets
-of the current type.
-.Cm l=XX
-gives the length of the content octets.
-.Pp
-The
-.Fl i
-option can be used to make the output more readable.
-.Pp
-Some knowledge of the ASN.1 structure is needed to interpret the output.
-.Pp
-In this example, the BIT STRING at offset 229 is the certificate public key.
-The content octets of this will contain the public key information.
-This can be examined using the option
-.Fl strparse Cm 229
-to yield:
-.Bd -literal
-    0:d=0  hl=3 l= 137 cons: SEQUENCE
-    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FA
-F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A
-9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58
-BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9
-  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
-.Ed
-.Sh ASN1PARSE NOTES
 If an OID
 .Pq object identifier
 is not part of
-.Nm OpenSSL Ns Li 's
+.Nm openssl Ns 's
 internal table it will be represented in
 numerical form
 .Pq for example 1.2.3.4 .
-The file passed to the
+.Pp
-.Fl oid
-option allows additional OIDs to be included.
 Each line consists of three columns:
 the first column is the OID in numerical format and should be followed by
 whitespace.
 The second column is the
-.Qq short name
+.Qq short name ,
 which is a single word followed by whitespace.
 The final column is the rest of the line and is the
 .Qq long name .
 .Nm asn1parse
 displays the long name.
-Example:
+.It Fl out Ar file
-.Pp
+The DER-encoded output file; the default is no encoded output
-.Dl \&"1.2.3.4  shortname       A long name\&"
+(useful when combined with
-.Sh ASN1 EXAMPLES
+.Fl strparse ) .
-Parse a file:
+.It Fl strparse Ar offset
-.Pp
+Parse the content octets of the ASN.1 object starting at
-.Dl $ openssl asn1parse -in file.pem
+.Ar offset .
-.Pp
+This option can be used multiple times to
-Parse a DER file:
+.Qq drill down
-.Pp
+into a nested structure.
-.Dl $ openssl asn1parse -inform DER -in file.der
+.El
-.Sh ASN1PARSE BUGS
-There should be options to change the format of output lines.
-The output of some ASN.1 types is not well handled
-.Pq if at all .
 .\"
 .\" CA
 .\"
author	jmc <>	2016-07-17 16:33:17 +0000
committer	jmc <>	2016-07-17 16:33:17 +0000
commit	00c5500ecd078240623477d09383d42a2d706a69 (patch)
tree	c865c0e7c11fa09e56da2939f0b6eee8d96deb05
parent	8109af5f2daf46b062aa3ffda9db6ff7889f818f (diff)
download	openbsd-00c5500ecd078240623477d09383d42a2d706a69.tar.gz openbsd-00c5500ecd078240623477d09383d42a2d706a69.tar.bz2 openbsd-00c5500ecd078240623477d09383d42a2d706a69.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index cad60f2670..08769c56e4 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.33 2016/07/16 07:27:53 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.34 2016/07/17 16:33:17 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: July 16 2016 $	115	.Dd $Mdocdate: July 17 2016 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -207,27 +207,22 @@ is not able to detect pseudo-commands such as
207	or	207	or
208	.Cm no- Ns Ar XXX	208	.Cm no- Ns Ar XXX
209	itself.	209	itself.
210	.\"
211	.\" ASN1PARSE
212	.\"
213	.Sh ASN1PARSE	210	.Sh ASN1PARSE
214	.nr nS 1	211	.nr nS 1
215	.Nm "openssl asn1parse"	212	.Nm "openssl asn1parse"
216	.Bk -words
217	.Op Fl i	213	.Op Fl i
218	.Op Fl dlimit Ar number	214	.Op Fl dlimit Ar number
219	.Op Fl dump	215	.Op Fl dump
220	.Op Fl genconf Ar file	216	.Op Fl genconf Ar file
221	.Op Fl genstr Ar str	217	.Op Fl genstr Ar str
222	.Op Fl in Ar file	218	.Op Fl in Ar file
223	.Op Fl inform Ar DER \| PEM \| TXT	219	.Op Fl inform Cm der \| pem \| txt
224	.Op Fl length Ar number	220	.Op Fl length Ar number
225	.Op Fl noout	221	.Op Fl noout
226	.Op Fl offset Ar number	222	.Op Fl offset Ar number
227	.Op Fl oid Ar file	223	.Op Fl oid Ar file
228	.Op Fl out Ar file	224	.Op Fl out Ar file
229	.Op Fl strparse Ar offset	225	.Op Fl strparse Ar offset
230	.Ek
231	.nr nS 0	226	.nr nS 0
232	.Pp	227	.Pp
233	The	228	The
@@ -248,9 +243,8 @@ Generate encoded data based on string
248	.Ar str ,	243	.Ar str ,
249	file	244	file
250	.Ar file ,	245	.Ar file ,
251	or both using	246	or both, using the format described in
252	.Xr ASN1_generate_nconf 3	247	.Xr ASN1_generate_nconf 3 .
253	format.
254	If only	248	If only
255	.Ar file	249	.Ar file
256	is present then the string is obtained from the default section	250	is present then the string is obtained from the default section
@@ -262,134 +256,59 @@ the contents can thus be examined and written to a file using the
262	.Fl out	256	.Fl out
263	option.	257	option.
264	.It Fl i	258	.It Fl i
265	Indents the output according to the	259	Indent the output according to the
266	.Qq depth	260	.Qq depth
267	of the structures.	261	of the structures.
268	.It Fl in Ar file	262	.It Fl in Ar file
269	The input file; default is standard input.	263	The input file; the default is standard input.
270	.It Fl inform Ar DER \| PEM \| TXT	264	.It Fl inform Cm der \| pem \| txt
271	The input format.	265	The input format.
272	.Ar DER	266	.Cm der
273	.Pq Distinguished Encoding Rules	267	.Pq Distinguished Encoding Rules
274	is binary format and	268	is binary format and
275	.Ar PEM	269	.Cm pem
276	.Pq Privacy Enhanced Mail ,	270	.Pq Privacy Enhanced Mail ,
277	the default, is base64-encoded.	271	the default, is base64-encoded.
278	.Ar TXT	272	.Cm txt
279	is plain text.	273	is plain text.
280	.It Fl length Ar number	274	.It Fl length Ar number
281	Number of bytes to parse; default is until end of file.	275	Number of bytes to parse; the default is until end of file.
282	.It Fl noout	276	.It Fl noout
283	Don't output the parsed version of the input file.	277	Don't output the parsed version of the input file.
284	.It Fl offset Ar number	278	.It Fl offset Ar number
285	Starting offset to begin parsing; default is start of file.	279	Starting offset to begin parsing; the default is start of file.
286	.It Fl oid Ar file	280	.It Fl oid Ar file
287	A file containing additional object identifiers	281	A file containing additional object identifiers
288	.Pq OIDs .	282	.Pq OIDs .
289	The format of this file is described in the
290	.Sx ASN1PARSE NOTES
291	section below.
292	.It Fl out Ar file
293	Output file to place the DER-encoded data into.
294	If this option is not present, no encoded data will be output.
295	This is most useful when combined with the
296	.Fl strparse
297	option.
298	.It Fl strparse Ar offset
299	Parse the content octets of the ASN.1 object starting at
300	.Ar offset .
301	This option can be used multiple times to
302	.Qq drill down
303	into a nested structure.
304	.El
305	.Sh ASN1PARSE OUTPUT
306	The output will typically contain lines like this:
307	.Bd -literal -offset 2n
308	0:d=0 hl=4 l= 681 cons: SEQUENCE
309
310	\&.....
311
312	229:d=3 hl=3 l= 141 prim: BIT STRING
313	373:d=2 hl=3 l= 162 cons: cont [ 3 ]
314	376:d=3 hl=3 l= 159 cons: SEQUENCE
315	379:d=4 hl=2 l= 29 cons: SEQUENCE
316	381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
317	386:d=5 hl=2 l= 22 prim: OCTET STRING
318	410:d=4 hl=2 l= 112 cons: SEQUENCE
319	412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
320	417:d=5 hl=2 l= 105 prim: OCTET STRING
321	524:d=4 hl=2 l= 12 cons: SEQUENCE
322
323	\&.....
324	.Ed
325	.Pp
326	This example is part of a self-signed certificate.
327	Each line starts with the offset in decimal.
328	.Cm d=XX
329	specifies the current depth.
330	The depth is increased within the scope of any SET or SEQUENCE.
331	.Cm hl=XX
332	gives the header length
333	.Pq tag and length octets
334	of the current type.
335	.Cm l=XX
336	gives the length of the content octets.
337	.Pp
338	The
339	.Fl i
340	option can be used to make the output more readable.
341	.Pp
342	Some knowledge of the ASN.1 structure is needed to interpret the output.
343	.Pp
344	In this example, the BIT STRING at offset 229 is the certificate public key.
345	The content octets of this will contain the public key information.
346	This can be examined using the option
347	.Fl strparse Cm 229
348	to yield:
349	.Bd -literal
350	0:d=0 hl=3 l= 137 cons: SEQUENCE
351	3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA
352	F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A
353	9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58
354	BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9
355	135:d=1 hl=2 l= 3 prim: INTEGER :010001
356	.Ed
357	.Sh ASN1PARSE NOTES
358	If an OID	283	If an OID
359	.Pq object identifier	284	.Pq object identifier
360	is not part of	285	is not part of
361	.Nm OpenSSL Ns Li 's	286	.Nm openssl Ns 's
362	internal table it will be represented in	287	internal table it will be represented in
363	numerical form	288	numerical form
364	.Pq for example 1.2.3.4 .	289	.Pq for example 1.2.3.4 .
365	The file passed to the	290	.Pp
366	.Fl oid
367	option allows additional OIDs to be included.
368	Each line consists of three columns:	291	Each line consists of three columns:
369	the first column is the OID in numerical format and should be followed by	292	the first column is the OID in numerical format and should be followed by
370	whitespace.	293	whitespace.
371	The second column is the	294	The second column is the
372	.Qq short name	295	.Qq short name ,
373	which is a single word followed by whitespace.	296	which is a single word followed by whitespace.
374	The final column is the rest of the line and is the	297	The final column is the rest of the line and is the
375	.Qq long name .	298	.Qq long name .
376	.Nm asn1parse	299	.Nm asn1parse
377	displays the long name.	300	displays the long name.
378	Example:	301	.It Fl out Ar file
379	.Pp	302	The DER-encoded output file; the default is no encoded output
380	.Dl \&"1.2.3.4 shortname A long name\&"	303	(useful when combined with
381	.Sh ASN1 EXAMPLES	304	.Fl strparse ) .
382	Parse a file:	305	.It Fl strparse Ar offset
383	.Pp	306	Parse the content octets of the ASN.1 object starting at
384	.Dl $ openssl asn1parse -in file.pem	307	.Ar offset .
385	.Pp	308	This option can be used multiple times to
386	Parse a DER file:	309	.Qq drill down
387	.Pp	310	into a nested structure.
388	.Dl $ openssl asn1parse -inform DER -in file.der	311	.El
389	.Sh ASN1PARSE BUGS
390	There should be options to change the format of output lines.
391	The output of some ASN.1 types is not well handled
392	.Pq if at all .
393	.\"	312	.\"
394	.\" CA	313	.\" CA
395	.\"	314	.\"