summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto
diff options
context:
space:
mode:
authorjob <>2023-04-28 15:51:18 +0000
committerjob <>2023-04-28 15:51:18 +0000
commit7579ae13ba405db9d6c4c94c309c7521a2e5efe6 (patch)
tree63bcca20d755dcb620e79a86c2321023b21e9022 /src/lib/libcrypto
parent560c2f74e2208eeb42bc6b868fd64c235b7737c5 (diff)
downloadopenbsd-7579ae13ba405db9d6c4c94c309c7521a2e5efe6.tar.gz
openbsd-7579ae13ba405db9d6c4c94c309c7521a2e5efe6.tar.bz2
openbsd-7579ae13ba405db9d6c4c94c309c7521a2e5efe6.zip
Remove misinformation, reason had nothing to do with efficiency
"Failure to re-encode on modification is a bug not a feature." OK jsing@
Diffstat (limited to 'src/lib/libcrypto')
-rw-r--r--src/lib/libcrypto/man/ASN1_item_d2i.39
-rw-r--r--src/lib/libcrypto/man/X509_sign.312
2 files changed, 4 insertions, 17 deletions
diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3
index 1e86d0b5c6..a95950d749 100644
--- a/src/lib/libcrypto/man/ASN1_item_d2i.3
+++ b/src/lib/libcrypto/man/ASN1_item_d2i.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ASN1_item_d2i.3,v 1.16 2022/04/27 08:06:37 tb Exp $ 1.\" $OpenBSD: ASN1_item_d2i.3,v 1.17 2023/04/28 15:51:18 job Exp $
2.\" selective merge up to: 2.\" selective merge up to:
3.\" OpenSSL doc/man3/d2i_X509.pod 256989ce Jun 19 15:00:32 2020 +0200 3.\" OpenSSL doc/man3/d2i_X509.pod 256989ce Jun 19 15:00:32 2020 +0200
4.\" 4.\"
@@ -66,7 +66,7 @@
66.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 66.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67.\" OF THE POSSIBILITY OF SUCH DAMAGE. 67.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68.\" 68.\"
69.Dd $Mdocdate: April 27 2022 $ 69.Dd $Mdocdate: April 28 2023 $
70.Dt ASN1_ITEM_D2I 3 70.Dt ASN1_ITEM_D2I 3
71.Os 71.Os
72.Sh NAME 72.Sh NAME
@@ -508,8 +508,3 @@ some fields may be missing entirely, such that trying to parse it
508with 508with
509.Fn ASN1_item_d2i 509.Fn ASN1_item_d2i
510may fail. 510may fail.
511.Pp
512Any function which encodes an object may return a stale encoding
513if the object has been modified after deserialization or previous
514serialization.
515This is because some objects cache the encoding for efficiency reasons.
diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3
index eb69874cdc..52890207fb 100644
--- a/src/lib/libcrypto/man/X509_sign.3
+++ b/src/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: X509_sign.3,v 1.9 2021/10/30 16:20:35 schwarze Exp $ 1.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $
2.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 2.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
3.\" 3.\"
4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49.\" OF THE POSSIBILITY OF SUCH DAMAGE. 49.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50.\" 50.\"
51.Dd $Mdocdate: October 30 2021 $ 51.Dd $Mdocdate: April 28 2023 $
52.Dt X509_SIGN 3 52.Dt X509_SIGN 3
53.Os 53.Os
54.Sh NAME 54.Sh NAME
@@ -159,14 +159,6 @@ callback function instead of performing the default action.
159is used where the default parameters for the corresponding public key 159is used where the default parameters for the corresponding public key
160and digest are not suitable. 160and digest are not suitable.
161It can be used to sign keys using RSA-PSS for example. 161It can be used to sign keys using RSA-PSS for example.
162.Pp
163For efficiency reasons and to work around ASN.1 encoding issues, the
164encoding of the signed portion of a certificate, certificate request,
165and CRL is cached internally.
166If the signed portion of the structure is modified, the encoding is not
167always updated, meaning a stale version is sometimes used.
168This is not normally a problem because modifying the signed portion will
169invalidate the signature and signing will always update the encoding.
170.Sh RETURN VALUES 162.Sh RETURN VALUES
171.Fn X509_sign , 163.Fn X509_sign ,
172.Fn X509_sign_ctx , 164.Fn X509_sign_ctx ,