summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorschwarze <>2021-07-09 12:07:27 +0000
committerschwarze <>2021-07-09 12:07:27 +0000
commit86b940df4e56667bb259c7d37d9a09cc6c1e1925 (patch)
tree22150eb948352dc0baa4d98b98f171d2ba7a3453
parent3aee4c9a971412056e2cb9b110f72945b105b483 (diff)
downloadopenbsd-86b940df4e56667bb259c7d37d9a09cc6c1e1925.tar.gz
openbsd-86b940df4e56667bb259c7d37d9a09cc6c1e1925.tar.bz2
openbsd-86b940df4e56667bb259c7d37d9a09cc6c1e1925.zip
new manual page for X509_keyid_set1(3), X509_keyid_get0(3),
X509_alias_set1(3), X509_alias_get0(3)
-rw-r--r--src/lib/libcrypto/man/Makefile3
-rw-r--r--src/lib/libcrypto/man/PKCS12_create.37
-rw-r--r--src/lib/libcrypto/man/PKCS12_parse.37
-rw-r--r--src/lib/libcrypto/man/X509_CINF_new.35
-rw-r--r--src/lib/libcrypto/man/X509_keyid_set1.3171
5 files changed, 184 insertions, 9 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index ff7fc4fd95..bf76a1ce74 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.174 2021/07/08 12:30:27 schwarze Exp $ 1# $OpenBSD: Makefile,v 1.175 2021/07/09 12:07:27 schwarze Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4 4
@@ -316,6 +316,7 @@ MAN= \
316 X509_get0_notBefore.3 \ 316 X509_get0_notBefore.3 \
317 X509_get0_signature.3 \ 317 X509_get0_signature.3 \
318 X509_get1_email.3 \ 318 X509_get1_email.3 \
319 X509_keyid_set1.3 \
319 X509_new.3 \ 320 X509_new.3 \
320 X509_sign.3 \ 321 X509_sign.3 \
321 X509_signature_dump.3 \ 322 X509_signature_dump.3 \
diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3
index 1b0af646ae..1f44ef9b67 100644
--- a/src/lib/libcrypto/man/PKCS12_create.3
+++ b/src/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: PKCS12_create.3,v 1.9 2019/06/10 09:49:48 schwarze Exp $ 1.\" $OpenBSD: PKCS12_create.3,v 1.10 2021/07/09 12:07:27 schwarze Exp $
2.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 2.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
3.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 3.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
4.\" 4.\"
@@ -49,7 +49,7 @@
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\" 51.\"
52.Dd $Mdocdate: June 10 2019 $ 52.Dd $Mdocdate: July 9 2021 $
53.Dt PKCS12_CREATE 3 53.Dt PKCS12_CREATE 3
54.Os 54.Os
55.Sh NAME 55.Sh NAME
@@ -168,7 +168,8 @@ if an error occurred.
168.Xr PKCS12_new 3 , 168.Xr PKCS12_new 3 ,
169.Xr PKCS12_newpass 3 , 169.Xr PKCS12_newpass 3 ,
170.Xr PKCS12_parse 3 , 170.Xr PKCS12_parse 3 ,
171.Xr PKCS12_SAFEBAG_new 3 171.Xr PKCS12_SAFEBAG_new 3 ,
172.Xr X509_keyid_set1 3
172.Sh HISTORY 173.Sh HISTORY
173.Fn PKCS12_create 174.Fn PKCS12_create
174first appeared in OpenSSL 0.9.3 and has been available since 175first appeared in OpenSSL 0.9.3 and has been available since
diff --git a/src/lib/libcrypto/man/PKCS12_parse.3 b/src/lib/libcrypto/man/PKCS12_parse.3
index 3037c537d2..4e92d303c7 100644
--- a/src/lib/libcrypto/man/PKCS12_parse.3
+++ b/src/lib/libcrypto/man/PKCS12_parse.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: PKCS12_parse.3,v 1.6 2019/06/06 01:06:58 schwarze Exp $ 1.\" $OpenBSD: PKCS12_parse.3,v 1.7 2021/07/09 12:07:27 schwarze Exp $
2.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 2.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3.\" 3.\"
4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49.\" OF THE POSSIBILITY OF SUCH DAMAGE. 49.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50.\" 50.\"
51.Dd $Mdocdate: June 6 2019 $ 51.Dd $Mdocdate: July 9 2021 $
52.Dt PKCS12_PARSE 3 52.Dt PKCS12_PARSE 3
53.Os 53.Os
54.Sh NAME 54.Sh NAME
@@ -121,7 +121,8 @@ The error can be obtained from
121.Sh SEE ALSO 121.Sh SEE ALSO
122.Xr d2i_PKCS12 3 , 122.Xr d2i_PKCS12 3 ,
123.Xr PKCS12_create 3 , 123.Xr PKCS12_create 3 ,
124.Xr PKCS12_new 3 124.Xr PKCS12_new 3 ,
125.Xr X509_keyid_set1 3
125.Sh HISTORY 126.Sh HISTORY
126.Fn PKCS12_parse 127.Fn PKCS12_parse
127first appeared in OpenSSL 0.9.3 and has been available since 128first appeared in OpenSSL 0.9.3 and has been available since
diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3
index 52d5acef6e..94fae2a49d 100644
--- a/src/lib/libcrypto/man/X509_CINF_new.3
+++ b/src/lib/libcrypto/man/X509_CINF_new.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: X509_CINF_new.3,v 1.7 2021/07/08 12:30:27 schwarze Exp $ 1.\" $OpenBSD: X509_CINF_new.3,v 1.8 2021/07/09 12:07:27 schwarze Exp $
2.\" 2.\"
3.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 3.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4.\" 4.\"
@@ -14,7 +14,7 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: July 8 2021 $ 17.Dd $Mdocdate: July 9 2021 $
18.Dt X509_CINF_NEW 3 18.Dt X509_CINF_NEW 3
19.Os 19.Os
20.Sh NAME 20.Sh NAME
@@ -95,6 +95,7 @@ if an error occurs.
95.Sh SEE ALSO 95.Sh SEE ALSO
96.Xr d2i_X509_CINF 3 , 96.Xr d2i_X509_CINF 3 ,
97.Xr X509_add1_trust_object 3 , 97.Xr X509_add1_trust_object 3 ,
98.Xr X509_keyid_set1 3 ,
98.Xr X509_new 3 99.Xr X509_new 3
99.Sh STANDARDS 100.Sh STANDARDS
100RFC 5280: Internet X.509 Public Key Infrastructure Certificate and 101RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
diff --git a/src/lib/libcrypto/man/X509_keyid_set1.3 b/src/lib/libcrypto/man/X509_keyid_set1.3
new file mode 100644
index 0000000000..a7733013bc
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_keyid_set1.3
@@ -0,0 +1,171 @@
1.\" $OpenBSD: X509_keyid_set1.3,v 1.1 2021/07/09 12:07:27 schwarze Exp $
2.\"
3.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: July 9 2021 $
18.Dt X509_KEYID_SET1 3
19.Os
20.Sh NAME
21.Nm X509_keyid_set1 ,
22.Nm X509_keyid_get0 ,
23.Nm X509_alias_set1 ,
24.Nm X509_alias_get0
25.Nd auxiliary certificate data for PKCS#12
26.Sh SYNOPSIS
27.In openssl/x509.h
28.Ft int
29.Fo X509_keyid_set1
30.Fa "X509 *x"
31.Fa "const unsigned char *data"
32.Fa "int len"
33.Fc
34.Ft unsigned char *
35.Fo X509_keyid_get0
36.Fa "X509 *x"
37.Fa "int *plen"
38.Fc
39.Ft int
40.Fo X509_alias_set1
41.Fa "X509 *x"
42.Fa "const unsigned char *data"
43.Fa "int len"
44.Fc
45.Ft unsigned char *
46.Fo X509_alias_get0
47.Fa "X509 *x"
48.Fa "int *plen"
49.Fc
50.Sh DESCRIPTION
51These functions store non-standard auxiliary data in
52.Fa x
53and retrieve it.
54.Pp
55The
56.Fa len
57bytes of
58.Fa data
59stored using
60.Fn X509_keyid_set1
61will be written to the
62.Sy friendlyName
63attribute of the PKCS#12 structure if
64.Xr PKCS12_create 3
65is later called on
66.Fa x ,
67and the
68.Fa data
69stored using
70.Fn X509_alias_set1
71will be written to the
72.Sy localKeyID
73attribute.
74If
75.Fa data
76points to a NUL-terminated string, \-1 can be passed as the
77.Fa len
78argument to let
79.Fa len
80be calculated internally using
81.Xr strlen 3 .
82If a
83.Dv NULL
84pointer is passed as the
85.Fa data
86argument, the respective auxiliary data stored in
87.Fa x ,
88if any, is removed from
89.Fa x
90and freed.
91.Pp
92Conversely,
93.Xr PKCS12_parse 3
94retrieves these attributes from a PKCS#12 structure such that they can
95subsequently be accessed with
96.Fn X509_keyid_get0
97and
98.Fn X509_alias_get0 .
99Unless
100.Dv NULL
101is passed for the
102.Fa plen
103argument, these functions store the size of the returned buffer in bytes in
104.Pf * Fa plen .
105After the call, the returned buffer is not necessarily NUL-terminated,
106but it may contain internal NUL bytes.
107.Pp
108API design is very incomplete; given the complexity of PKCS#12,
109that's probably an asset rather than a defect.
110The PKCS#12 standard defines many attributes that cannot be stored in
111.Vt X509
112objects.
113.Pp
114To associate certificates with alternative names and key identifiers,
115X.509 certificate extensions are more commonly used than PKCS#12
116attributes, for example using
117.Xr X509_EXTENSION_create_by_NID 3
118with
119.Dv NID_subject_alt_name
120or
121.Dv NID_subject_key_identifier .
122.Sh RETURN VALUES
123.Fn X509_keyid_set1
124and
125.Fn X509_alias_set1
126return 1 if
127.Fa data
128is
129.Dv NULL
130or if the input
131.Fa data
132was successfully copied into
133.Fa x ,
134or 0 if
135.Fa data
136is not
137.Dv NULL
138but could not be copied because
139.Fa x
140is
141.Dv NULL
142or memory allocation failed.
143.Pp
144.Fn X509_keyid_get0
145and
146.Fn X509_alias_get0
147return an internal pointer to an array of bytes or
148.Dv NULL
149if
150.Fa x
151does not contain auxiliary data of the requested kind.
152.Sh SEE ALSO
153.Xr ASN1_STRING_set 3 ,
154.Xr X509_CERT_AUX_new 3 ,
155.Xr X509_EXTENSION_new 3 ,
156.Xr X509_new 3 ,
157.Xr X509V3_get_d2i 3
158.Sh HISTORY
159.Fn X509_alias_set1
160and
161.Fn X509_alias_get0
162first appeared in OpenSSL 0.9.5 and have been available since
163.Ox 2.7 .
164.Pp
165.Fn X509_keyid_set1
166first appeared in OpenSSL 0.9.6 and has been available since
167.Ox 2.9 .
168.Pp
169.Fn X509_keyid_get0
170first appeared in OpenSSL 0.9.8 and has been available since
171.Ox 4.5 .