Document X509v3_{addr,asid}_subset.3

First RFC 3779 page without a BUG section. It could have one, but I'm in a lenient mood right now. Maybe it's just that this is bad but not quite as bad as EVP.
author: tb <> 2023-09-28 12:35:31 +0000
committer: tb <> 2023-09-28 12:35:31 +0000
commit: 5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f (patch)
tree: 64707860c8b3834683bfa252318af5ad95e1a4c4 /src/lib/libcrypto/man/IPAddressRange_new.3
parent: e0dbc3d49a53a4744ee871556f3728104ff5ad84 (diff)
download: openbsd-5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f.tar.gz
openbsd-5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f.tar.bz2
openbsd-5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f.zip
1 files changed, 14 insertions, 10 deletions
diff --git a/src/lib/libcrypto/man/IPAddressRange_new.3 b/src/lib/libcrypto/man/IPAddressRange_new.3
index 07c57f3e5d..e15ff34509 100644
--- a/src/lib/libcrypto/man/IPAddressRange_new.3
+++ b/src/lib/libcrypto/man/IPAddressRange_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: IPAddressRange_new.3,v 1.4 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: IPAddressRange_new.3,v 1.5 2023/09/28 12:35:31 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt IPADDRESSRANGE_NEW 3
 .Os
 .Sh NAME
@@ -110,12 +110,12 @@ type representing the IP address delegation extension.
 Per RFC 3779, section 2.1.1,
 an IPv4 or an IPv6 address is encoded in network byte order in an
 ASN.1 BIT STRING of bit size 32 or 128 bits, respectively.
-The bit size of a prefix is its prefix length.
+The bit size of a prefix is its prefix length;
-In other words, all insignificant zero bits are omitted
+all insignificant zero bits are omitted
 from the encoding.
 An address range is expressed as a pair of BIT STRINGs
-where all least significant zero bits of the lower bound
+where all the least significant zero bits of the lower bound
-and the all least significant one bits of the upper bound are omitted.
+and all the least significant one bits of the upper bound are omitted.
 .Pp
 The library provides no API for directly converting an IP address or
 prefix (in any form) to and from an
@@ -127,8 +127,11 @@ internals are subtle and directly manipulating them in the
 context of the RFC 3779 API is discouraged.
 The bit size of an
 .Vt ASN1_BIT_STRING
-representing an IP address prefix or range is eight times its length
+representing an IP address prefix or range is eight times its
-member minus the lowest three bits of its flags, provided the
+.Fa length
+member minus the lowest three bits of its
+.Fa flags ,
+provided the
 .Dv ASN1_STRING_FLAG_BITS_LEFT
 flag is set.
 .Pp
@@ -460,7 +463,8 @@ or a value <= 0 if an error occurs.
 .Xr crypto 3 ,
 .Xr X509_new 3 ,
 .Xr X509v3_addr_add_inherit 3 ,
-.Xr X509v3_addr_inherits 3
+.Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3
 .Sh STANDARDS
 RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
 .Bl -dash -compact
@@ -483,7 +487,7 @@ section 2.2.3.7: Type IPAddressOrRange
 .It
 section 2.2.3.8: Element addressPrefix and Type IPAddress
 .It
-section 2.2.3.9: Elements addressRange and Type IPAddressRange
+section 2.2.3.9: Element addressRange and Type IPAddressRange
 .El
 .Pp
 ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:
author	tb <>	2023-09-28 12:35:31 +0000
committer	tb <>	2023-09-28 12:35:31 +0000
commit	5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f (patch)
tree	64707860c8b3834683bfa252318af5ad95e1a4c4 /src/lib/libcrypto/man/IPAddressRange_new.3
parent	e0dbc3d49a53a4744ee871556f3728104ff5ad84 (diff)
download	openbsd-5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f.tar.gz openbsd-5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f.tar.bz2 openbsd-5d6d267fe55937881fe90c895ccd8ebc5dbeeb2f.zip

diff --git a/src/lib/libcrypto/man/IPAddressRange_new.3 b/src/lib/libcrypto/man/IPAddressRange_new.3 index 07c57f3e5d..e15ff34509 100644 --- a/src/lib/libcrypto/man/IPAddressRange_new.3 +++ b/src/lib/libcrypto/man/IPAddressRange_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: IPAddressRange_new.3,v 1.4 2023/09/27 08:46:46 tb Exp $	1	.\" $OpenBSD: IPAddressRange_new.3,v 1.5 2023/09/28 12:35:31 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>	3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: September 27 2023 $	17	.Dd $Mdocdate: September 28 2023 $
18	.Dt IPADDRESSRANGE_NEW 3	18	.Dt IPADDRESSRANGE_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -110,12 +110,12 @@ type representing the IP address delegation extension.
110	Per RFC 3779, section 2.1.1,	110	Per RFC 3779, section 2.1.1,
111	an IPv4 or an IPv6 address is encoded in network byte order in an	111	an IPv4 or an IPv6 address is encoded in network byte order in an
112	ASN.1 BIT STRING of bit size 32 or 128 bits, respectively.	112	ASN.1 BIT STRING of bit size 32 or 128 bits, respectively.
113	The bit size of a prefix is its prefix length.	113	The bit size of a prefix is its prefix length;
114	In other words, all insignificant zero bits are omitted	114	all insignificant zero bits are omitted
115	from the encoding.	115	from the encoding.
116	An address range is expressed as a pair of BIT STRINGs	116	An address range is expressed as a pair of BIT STRINGs
117	where all least significant zero bits of the lower bound	117	where all the least significant zero bits of the lower bound
118	and the all least significant one bits of the upper bound are omitted.	118	and all the least significant one bits of the upper bound are omitted.
119	.Pp	119	.Pp
120	The library provides no API for directly converting an IP address or	120	The library provides no API for directly converting an IP address or
121	prefix (in any form) to and from an	121	prefix (in any form) to and from an
@@ -127,8 +127,11 @@ internals are subtle and directly manipulating them in the
127	context of the RFC 3779 API is discouraged.	127	context of the RFC 3779 API is discouraged.
128	The bit size of an	128	The bit size of an
129	.Vt ASN1_BIT_STRING	129	.Vt ASN1_BIT_STRING
130	representing an IP address prefix or range is eight times its length	130	representing an IP address prefix or range is eight times its
131	member minus the lowest three bits of its flags, provided the	131	.Fa length
		132	member minus the lowest three bits of its
		133	.Fa flags ,
		134	provided the
132	.Dv ASN1_STRING_FLAG_BITS_LEFT	135	.Dv ASN1_STRING_FLAG_BITS_LEFT
133	flag is set.	136	flag is set.
134	.Pp	137	.Pp
@@ -460,7 +463,8 @@ or a value <= 0 if an error occurs.
460	.Xr crypto 3 ,	463	.Xr crypto 3 ,
461	.Xr X509_new 3 ,	464	.Xr X509_new 3 ,
462	.Xr X509v3_addr_add_inherit 3 ,	465	.Xr X509v3_addr_add_inherit 3 ,
463	.Xr X509v3_addr_inherits 3	466	.Xr X509v3_addr_inherits 3 ,
		467	.Xr X509v3_addr_subset 3
464	.Sh STANDARDS	468	.Sh STANDARDS
465	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:	469	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
466	.Bl -dash -compact	470	.Bl -dash -compact
@@ -483,7 +487,7 @@ section 2.2.3.7: Type IPAddressOrRange
483	.It	487	.It
484	section 2.2.3.8: Element addressPrefix and Type IPAddress	488	section 2.2.3.8: Element addressPrefix and Type IPAddress
485	.It	489	.It
486	section 2.2.3.9: Elements addressRange and Type IPAddressRange	490	section 2.2.3.9: Element addressRange and Type IPAddressRange
487	.El	491	.El
488	.Pp	492	.Pp
489	ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:	493	ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: