Document X509v3_addr_get_{afi,range}(3)

author: tb <> 2023-09-26 18:35:34 +0000
committer: tb <> 2023-09-26 18:35:34 +0000
commit: 2fb34de3060792a0eb0a3d391d55a8644cbae70b (patch)
tree: 60b1a83ff1076a5b01f413eac661ceb85b2d155f /src
parent: aee545452a6269dea6dba9afe9489a85c626d082 (diff)
download: openbsd-2fb34de3060792a0eb0a3d391d55a8644cbae70b.tar.gz
openbsd-2fb34de3060792a0eb0a3d391d55a8644cbae70b.tar.bz2
openbsd-2fb34de3060792a0eb0a3d391d55a8644cbae70b.zip
4 files changed, 142 insertions, 5 deletions
diff --git a/src/lib/libcrypto/man/IPAddressRange_new.3 b/src/lib/libcrypto/man/IPAddressRange_new.3
index 7a71ac7ffa..262cbd8c81 100644
--- a/src/lib/libcrypto/man/IPAddressRange_new.3
+++ b/src/lib/libcrypto/man/IPAddressRange_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: IPAddressRange_new.3,v 1.1 2023/09/26 15:34:23 tb Exp $
+.\" $OpenBSD: IPAddressRange_new.3,v 1.2 2023/09/26 18:35:34 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -463,7 +463,7 @@ or a value <= 0 if an error occurs.
 .Xr ASN1_OCTET_STRING_set 3 ,
 .Xr crypto 3 ,
 .Xr X509_new 3 ,
-.Xr X509v3_addr_add_inherit 3
+.Xr X509v3_addr_add_inherit 3 ,
 .Sh STANDARDS
 RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
 .Bl -dash -compact
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 0f501ceb83..9ab2a34823 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.272 2023/09/26 15:34:23 tb Exp $
+# $OpenBSD: Makefile,v 1.273 2023/09/26 18:35:34 tb Exp $
 .include <bsd.own.mk>
@@ -393,6 +393,8 @@ MAN=	\
        X509at_add1_attr.3 \
        X509at_get_attr.3 \
        X509v3_addr_add_inherit.3 \
+        X509v3_addr_get_range.3 \
+        X509v3_asid_add_id_or_range.3 \
        X509v3_asid_add_id_or_range.3 \
        X509v3_get_ext_by_NID.3 \
        a2d_ASN1_OBJECT.3 \
diff --git a/src/lib/libcrypto/man/X509v3_addr_add_inherit.3 b/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
index 8d30475181..887a5ecb21 100644
--- a/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
+++ b/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.3 2023/09/26 15:34:23 tb Exp $
+.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.4 2023/09/26 18:35:34 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -396,7 +396,8 @@ is desired.
 .Xr inet_ntop 3 ,
 .Xr IPAddressRange_new 3 ,
 .Xr X509_new 3 ,
-.Xr X509v3_asid_add_id_or_range 3
+.Xr X509v3_asid_add_id_or_range 3 ,
+.Xr X509v3_asid_get_range 3
 .Sh STANDARDS
 RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
 .Bl -dash -compact
diff --git a/src/lib/libcrypto/man/X509v3_addr_get_range.3 b/src/lib/libcrypto/man/X509v3_addr_get_range.3
new file mode 100644
index 0000000000..a84b7cd5f2
--- /dev/null
+++ b/src/lib/libcrypto/man/X509v3_addr_get_range.3
@@ -0,0 +1,134 @@
+.\" $OpenBSD: X509v3_addr_get_range.3,v 1.1 2023/09/26 18:35:34 tb Exp $
+.\"
+.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: September 26 2023 $
+.Dt X509V3_ADDR_GET_RANGE 3
+.Os
+.Sh NAME
+.Nm X509v3_addr_get_afi ,
+.Nm X509v3_addr_get_range
+.Nd parse helpers for the IP address delegation extension
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft unsigned
+.Fn X509v3_addr_get_afi "const IPAddressFamily *af"
+.Ft int
+.Fo X509v3_addr_get_range
+.Fa "IPAddressOrRange *aor"
+.Fa "const unsigned afi"
+.Fa "unsigned char *min"
+.Fa "unsigned char *max"
+.Fa "const int length"
+.Fc
+.Sh DESCRIPTION
+.Fn X509v3_addr_get_afi
+returns the address family identifier (AFI) of
+.Fa af .
+.Pp
+.Fn X509v3_addr_get_range
+converts the minimum and maximum addresses in
+the address prefix or range
+.Fa aor
+from internal encoding to IP addresses in network byte order
+and places copies in the arrays
+.Fa min
+and
+.Fa max ,
+of size
+.Fa length .
+The
+.Fa length
+must be large enough to accommodate an address for
+.Fa afi ,
+which for
+.Dv IANA_AFI_IPV4 ,
+is at least 4,
+and for
+.Dv IANA_AFI_IPV6
+at least 16.
+.Sh RETURN VALUES
+.Fn X509v3_addr_get_afi
+returns the afi encoded in
+.Fa af
+or 0 if
+.Fa af
+does not contain a valid AFI, or if the AFI is not IPv4 or IPv6.
+.Pp
+.Fn X509v3_addr_get_range
+returns the number of bytes copied into
+.Fa min
+and
+.Fa max
+or 0 on error.
+An error occurs if
+.Fa aor
+is malformed, if
+.Fa afi
+is not
+.Dv IANA_AFI_IPV4
+or
+.Dv IANA_AFI_IPV6 ,
+if either
+.Fa min
+or
+.Fa max
+is
+.Dv NULL ,
+or if
+.Fa length
+is smaller than 4 or 16, respectively.
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr inet_ntop 3 ,
+.Xr IPAddressRange_new 3 ,
+.Xr X509_new 3 ,
+.Xr X509v3_addr_add_inherit 3
+.Sh STANDARDS
+RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
+.Bl -dash -compact
+.It
+section 2: IP Address delegation extension
+.It
+section 2.2.3.3: Element addressFamily
+.It
+section 2.2.3.7: Type IPAddressOrRange
+.It
+section 2.2.3.8: Element addressPrefix and Type IPAddress
+.El
+.Pp
+.Rs
+.%T Address Family Numbers
+.%U https://www.iana.org/assignments/address-family-numbers
+.Re
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.8e
+and have been available since
+.Ox 7.1 .
+.Sh BUGS
+There is no accessor for the SAFI of
+.Fa af .
+.Pp
+An error from
+.Fn X509v3_addr_get_afi
+is indistinguishable from the reserved AFI 0 being set on
+.Fa af .
+.Pp
+It is not entirely clear how a caller is supposed to obtain an
+.Vt IPAddressFamily
+object or an
+.Vt IPAddressOrRange
+object without reaching into various structs documented in
+.Xr IPAddressRange_new 3 .
author	tb <>	2023-09-26 18:35:34 +0000
committer	tb <>	2023-09-26 18:35:34 +0000
commit	2fb34de3060792a0eb0a3d391d55a8644cbae70b (patch)
tree	60b1a83ff1076a5b01f413eac661ceb85b2d155f /src
parent	aee545452a6269dea6dba9afe9489a85c626d082 (diff)
download	openbsd-2fb34de3060792a0eb0a3d391d55a8644cbae70b.tar.gz openbsd-2fb34de3060792a0eb0a3d391d55a8644cbae70b.tar.bz2 openbsd-2fb34de3060792a0eb0a3d391d55a8644cbae70b.zip

diff --git a/src/lib/libcrypto/man/IPAddressRange_new.3 b/src/lib/libcrypto/man/IPAddressRange_new.3 index 7a71ac7ffa..262cbd8c81 100644 --- a/src/lib/libcrypto/man/IPAddressRange_new.3 +++ b/src/lib/libcrypto/man/IPAddressRange_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: IPAddressRange_new.3,v 1.1 2023/09/26 15:34:23 tb Exp $	1	.\" $OpenBSD: IPAddressRange_new.3,v 1.2 2023/09/26 18:35:34 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>	3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
4	.\"	4	.\"
@@ -463,7 +463,7 @@ or a value <= 0 if an error occurs.
463	.Xr ASN1_OCTET_STRING_set 3 ,	463	.Xr ASN1_OCTET_STRING_set 3 ,
464	.Xr crypto 3 ,	464	.Xr crypto 3 ,
465	.Xr X509_new 3 ,	465	.Xr X509_new 3 ,
466	.Xr X509v3_addr_add_inherit 3	466	.Xr X509v3_addr_add_inherit 3 ,
467	.Sh STANDARDS	467	.Sh STANDARDS
468	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:	468	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
469	.Bl -dash -compact	469	.Bl -dash -compact


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 0f501ceb83..9ab2a34823 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.272 2023/09/26 15:34:23 tb Exp $	1	# $OpenBSD: Makefile,v 1.273 2023/09/26 18:35:34 tb Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -393,6 +393,8 @@ MAN= \
393	X509at_add1_attr.3 \	393	X509at_add1_attr.3 \
394	X509at_get_attr.3 \	394	X509at_get_attr.3 \
395	X509v3_addr_add_inherit.3 \	395	X509v3_addr_add_inherit.3 \
		396	X509v3_addr_get_range.3 \
		397	X509v3_asid_add_id_or_range.3 \
396	X509v3_asid_add_id_or_range.3 \	398	X509v3_asid_add_id_or_range.3 \
397	X509v3_get_ext_by_NID.3 \	399	X509v3_get_ext_by_NID.3 \
398	a2d_ASN1_OBJECT.3 \	400	a2d_ASN1_OBJECT.3 \


diff --git a/src/lib/libcrypto/man/X509v3_addr_add_inherit.3 b/src/lib/libcrypto/man/X509v3_addr_add_inherit.3 index 8d30475181..887a5ecb21 100644 --- a/src/lib/libcrypto/man/X509v3_addr_add_inherit.3 +++ b/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.3 2023/09/26 15:34:23 tb Exp $	1	.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.4 2023/09/26 18:35:34 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>	3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
4	.\"	4	.\"
@@ -396,7 +396,8 @@ is desired.
396	.Xr inet_ntop 3 ,	396	.Xr inet_ntop 3 ,
397	.Xr IPAddressRange_new 3 ,	397	.Xr IPAddressRange_new 3 ,
398	.Xr X509_new 3 ,	398	.Xr X509_new 3 ,
399	.Xr X509v3_asid_add_id_or_range 3	399	.Xr X509v3_asid_add_id_or_range 3 ,
		400	.Xr X509v3_asid_get_range 3
400	.Sh STANDARDS	401	.Sh STANDARDS
401	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:	402	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
402	.Bl -dash -compact	403	.Bl -dash -compact


diff --git a/src/lib/libcrypto/man/X509v3_addr_get_range.3 b/src/lib/libcrypto/man/X509v3_addr_get_range.3 new file mode 100644 index 0000000000..a84b7cd5f2 --- /dev/null +++ b/src/lib/libcrypto/man/X509v3_addr_get_range.3
@@ -0,0 +1,134 @@
		1	.\" $OpenBSD: X509v3_addr_get_range.3,v 1.1 2023/09/26 18:35:34 tb Exp $
		2	.\"
		3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: September 26 2023 $
		18	.Dt X509V3_ADDR_GET_RANGE 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509v3_addr_get_afi ,
		22	.Nm X509v3_addr_get_range
		23	.Nd parse helpers for the IP address delegation extension
		24	.Sh SYNOPSIS
		25	.In openssl/x509v3.h
		26	.Ft unsigned
		27	.Fn X509v3_addr_get_afi "const IPAddressFamily *af"
		28	.Ft int
		29	.Fo X509v3_addr_get_range
		30	.Fa "IPAddressOrRange *aor"
		31	.Fa "const unsigned afi"
		32	.Fa "unsigned char *min"
		33	.Fa "unsigned char *max"
		34	.Fa "const int length"
		35	.Fc
		36	.Sh DESCRIPTION
		37	.Fn X509v3_addr_get_afi
		38	returns the address family identifier (AFI) of
		39	.Fa af .
		40	.Pp
		41	.Fn X509v3_addr_get_range
		42	converts the minimum and maximum addresses in
		43	the address prefix or range
		44	.Fa aor
		45	from internal encoding to IP addresses in network byte order
		46	and places copies in the arrays
		47	.Fa min
		48	and
		49	.Fa max ,
		50	of size
		51	.Fa length .
		52	The
		53	.Fa length
		54	must be large enough to accommodate an address for
		55	.Fa afi ,
		56	which for
		57	.Dv IANA_AFI_IPV4 ,
		58	is at least 4,
		59	and for
		60	.Dv IANA_AFI_IPV6
		61	at least 16.
		62	.Sh RETURN VALUES
		63	.Fn X509v3_addr_get_afi
		64	returns the afi encoded in
		65	.Fa af
		66	or 0 if
		67	.Fa af
		68	does not contain a valid AFI, or if the AFI is not IPv4 or IPv6.
		69	.Pp
		70	.Fn X509v3_addr_get_range
		71	returns the number of bytes copied into
		72	.Fa min
		73	and
		74	.Fa max
		75	or 0 on error.
		76	An error occurs if
		77	.Fa aor
		78	is malformed, if
		79	.Fa afi
		80	is not
		81	.Dv IANA_AFI_IPV4
		82	or
		83	.Dv IANA_AFI_IPV6 ,
		84	if either
		85	.Fa min
		86	or
		87	.Fa max
		88	is
		89	.Dv NULL ,
		90	or if
		91	.Fa length
		92	is smaller than 4 or 16, respectively.
		93	.Sh SEE ALSO
		94	.Xr crypto 3 ,
		95	.Xr inet_ntop 3 ,
		96	.Xr IPAddressRange_new 3 ,
		97	.Xr X509_new 3 ,
		98	.Xr X509v3_addr_add_inherit 3
		99	.Sh STANDARDS
		100	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
		101	.Bl -dash -compact
		102	.It
		103	section 2: IP Address delegation extension
		104	.It
		105	section 2.2.3.3: Element addressFamily
		106	.It
		107	section 2.2.3.7: Type IPAddressOrRange
		108	.It
		109	section 2.2.3.8: Element addressPrefix and Type IPAddress
		110	.El
		111	.Pp
		112	.Rs
		113	.%T Address Family Numbers
		114	.%U https://www.iana.org/assignments/address-family-numbers
		115	.Re
		116	.Sh HISTORY
		117	These functions first appeared in OpenSSL 0.9.8e
		118	and have been available since
		119	.Ox 7.1 .
		120	.Sh BUGS
		121	There is no accessor for the SAFI of
		122	.Fa af .
		123	.Pp
		124	An error from
		125	.Fn X509v3_addr_get_afi
		126	is indistinguishable from the reserved AFI 0 being set on
		127	.Fa af .
		128	.Pp
		129	It is not entirely clear how a caller is supposed to obtain an
		130	.Vt IPAddressFamily
		131	object or an
		132	.Vt IPAddressOrRange
		133	object without reaching into various structs documented in
		134	.Xr IPAddressRange_new 3 .