Remove misinformation, reason had nothing to do with efficiency

"Failure to re-encode on modification is a bug not a feature." OK jsing@
author: job <> 2023-04-28 15:51:18 +0000
committer: job <> 2023-04-28 15:51:18 +0000
commit: a81c6b203cc45b0823f01aa70872017a83e763b4 (patch)
tree: 63bcca20d755dcb620e79a86c2321023b21e9022
parent: bc545104dfe0b8815d85b21c01aa74a9f558e99e (diff)
download: openbsd-a81c6b203cc45b0823f01aa70872017a83e763b4.tar.gz
openbsd-a81c6b203cc45b0823f01aa70872017a83e763b4.tar.bz2
openbsd-a81c6b203cc45b0823f01aa70872017a83e763b4.zip
2 files changed, 4 insertions, 17 deletions
diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3
index 1e86d0b5c6..a95950d749 100644
--- a/src/lib/libcrypto/man/ASN1_item_d2i.3
+++ b/src/lib/libcrypto/man/ASN1_item_d2i.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_item_d2i.3,v 1.16 2022/04/27 08:06:37 tb Exp $
+.\" $OpenBSD: ASN1_item_d2i.3,v 1.17 2023/04/28 15:51:18 job Exp $
 .\" selective merge up to:
 .\" OpenSSL doc/man3/d2i_X509.pod 256989ce Jun 19 15:00:32 2020 +0200
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 27 2022 $
+.Dd $Mdocdate: April 28 2023 $
 .Dt ASN1_ITEM_D2I 3
 .Os
 .Sh NAME
@@ -508,8 +508,3 @@ some fields may be missing entirely, such that trying to parse it
 with
 .Fn ASN1_item_d2i
 may fail.
-.Pp
-Any function which encodes an object may return a stale encoding
-if the object has been modified after deserialization or previous
-serialization.
-This is because some objects cache the encoding for efficiency reasons.
diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3
index eb69874cdc..52890207fb 100644
--- a/src/lib/libcrypto/man/X509_sign.3
+++ b/src/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_sign.3,v 1.9 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: April 28 2023 $
 .Dt X509_SIGN 3
 .Os
 .Sh NAME
@@ -159,14 +159,6 @@ callback function instead of performing the default action.
 is used where the default parameters for the corresponding public key
 and digest are not suitable.
 It can be used to sign keys using RSA-PSS for example.
-.Pp
-For efficiency reasons and to work around ASN.1 encoding issues, the
-encoding of the signed portion of a certificate, certificate request,
-and CRL is cached internally.
-If the signed portion of the structure is modified, the encoding is not
-always updated, meaning a stale version is sometimes used.
-This is not normally a problem because modifying the signed portion will
-invalidate the signature and signing will always update the encoding.
 .Sh RETURN VALUES
 .Fn X509_sign ,
 .Fn X509_sign_ctx ,
author	job <>	2023-04-28 15:51:18 +0000
committer	job <>	2023-04-28 15:51:18 +0000
commit	a81c6b203cc45b0823f01aa70872017a83e763b4 (patch)
tree	63bcca20d755dcb620e79a86c2321023b21e9022
parent	bc545104dfe0b8815d85b21c01aa74a9f558e99e (diff)
download	openbsd-a81c6b203cc45b0823f01aa70872017a83e763b4.tar.gz openbsd-a81c6b203cc45b0823f01aa70872017a83e763b4.tar.bz2 openbsd-a81c6b203cc45b0823f01aa70872017a83e763b4.zip

diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3 index 1e86d0b5c6..a95950d749 100644 --- a/src/lib/libcrypto/man/ASN1_item_d2i.3 +++ b/src/lib/libcrypto/man/ASN1_item_d2i.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ASN1_item_d2i.3,v 1.16 2022/04/27 08:06:37 tb Exp $	1	.\" $OpenBSD: ASN1_item_d2i.3,v 1.17 2023/04/28 15:51:18 job Exp $
2	.\" selective merge up to:	2	.\" selective merge up to:
3	.\" OpenSSL doc/man3/d2i_X509.pod 256989ce Jun 19 15:00:32 2020 +0200	3	.\" OpenSSL doc/man3/d2i_X509.pod 256989ce Jun 19 15:00:32 2020 +0200
4	.\"	4	.\"
@@ -66,7 +66,7 @@
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"	68	.\"
69	.Dd $Mdocdate: April 27 2022 $	69	.Dd $Mdocdate: April 28 2023 $
70	.Dt ASN1_ITEM_D2I 3	70	.Dt ASN1_ITEM_D2I 3
71	.Os	71	.Os
72	.Sh NAME	72	.Sh NAME
@@ -508,8 +508,3 @@ some fields may be missing entirely, such that trying to parse it
508	with	508	with
509	.Fn ASN1_item_d2i	509	.Fn ASN1_item_d2i
510	may fail.	510	may fail.
511	.Pp
512	Any function which encodes an object may return a stale encoding
513	if the object has been modified after deserialization or previous
514	serialization.
515	This is because some objects cache the encoding for efficiency reasons.


diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3 index eb69874cdc..52890207fb 100644 --- a/src/lib/libcrypto/man/X509_sign.3 +++ b/src/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_sign.3,v 1.9 2021/10/30 16:20:35 schwarze Exp $	1	.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $
2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100	2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: October 30 2021 $	51	.Dd $Mdocdate: April 28 2023 $
52	.Dt X509_SIGN 3	52	.Dt X509_SIGN 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -159,14 +159,6 @@ callback function instead of performing the default action.
159	is used where the default parameters for the corresponding public key	159	is used where the default parameters for the corresponding public key
160	and digest are not suitable.	160	and digest are not suitable.
161	It can be used to sign keys using RSA-PSS for example.	161	It can be used to sign keys using RSA-PSS for example.
162	.Pp
163	For efficiency reasons and to work around ASN.1 encoding issues, the
164	encoding of the signed portion of a certificate, certificate request,
165	and CRL is cached internally.
166	If the signed portion of the structure is modified, the encoding is not
167	always updated, meaning a stale version is sometimes used.
168	This is not normally a problem because modifying the signed portion will
169	invalidate the signature and signing will always update the encoding.
170	.Sh RETURN VALUES	162	.Sh RETURN VALUES
171	.Fn X509_sign ,	163	.Fn X509_sign ,
172	.Fn X509_sign_ctx ,	164	.Fn X509_sign_ctx ,