Full rewrite.

Also document d2i_PKCS8_bio(3), i2d_PKCS8_bio(3), d2i_PKCS8_fp(3), and i2d_PKCS8_fp(3) while here, listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod. No, these functions have nothing to do with the many other d2i_PKCS8*(3) functions all around, and nothing with PKCS#8 at all in the first place. Read the BUGS section. I couldn't make this stuff up.
author: schwarze <> 2016-12-28 02:48:59 +0000
committer: schwarze <> 2016-12-28 02:48:59 +0000
commit: 3c97a7c50200d5ef4681d620bf76fcea2ce72811 (patch)
tree: ff11b24075511b92561eec32a16cafd5453790a1 /src
parent: 3ab01aea6cbd12c1ef51701054380bdb742b0fe1 (diff)
download: openbsd-3c97a7c50200d5ef4681d620bf76fcea2ce72811.tar.gz
openbsd-3c97a7c50200d5ef4681d620bf76fcea2ce72811.tar.bz2
openbsd-3c97a7c50200d5ef4681d620bf76fcea2ce72811.zip
1 files changed, 123 insertions, 60 deletions
diff --git a/src/lib/libcrypto/man/d2i_X509_SIG.3 b/src/lib/libcrypto/man/d2i_X509_SIG.3
index 33676b6df0..bf050ce23d 100644
--- a/src/lib/libcrypto/man/d2i_X509_SIG.3
+++ b/src/lib/libcrypto/man/d2i_X509_SIG.3
@@ -1,82 +1,145 @@
-.\"     $OpenBSD: d2i_X509_SIG.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
+.\"     $OpenBSD: d2i_X509_SIG.3,v 1.6 2016/12/28 02:48:59 schwarze Exp $
 .\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\" Copyright (c) 2002, 2015 The OpenSSL Project.  All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without
+.\" Permission to use, copy, modify, and distribute this software for any
-.\" modification, are permitted provided that the following conditions
+.\" purpose with or without fee is hereby granted, provided that the above
-.\" are met:
+.\" copyright notice and this permission notice appear in all copies.
 .\"
-.\" 1. Redistributions of source code must retain the above copyright
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\"    notice, this list of conditions and the following disclaimer.
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
+.Dd $Mdocdate: December 28 2016 $
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 25 2016 $
 .Dt D2I_X509_SIG 3
 .Os
 .Sh NAME
 .Nm d2i_X509_SIG ,
-.Nm i2d_X509_SIG
+.Nm i2d_X509_SIG ,
-.Nd DigestInfo functions
+.Nm d2i_PKCS8_bio ,
+.Nm i2d_PKCS8_bio ,
+.Nm d2i_PKCS8_fp ,
+.Nm i2d_PKCS8_fp
+.\" In the next line, the number "7" is not a typo.
+.\" These functions are misnamed.
+.Nd decode and encode PKCS#7 digest information
 .Sh SYNOPSIS
 .In openssl/x509.h
 .Ft X509_SIG *
 .Fo d2i_X509_SIG
-.Fa "X509_SIG **a"
+.Fa "X509_SIG **val_out"
-.Fa "unsigned char **pp"
+.Fa "unsigned char **der_in"
 .Fa "long length"
 .Fc
 .Ft int
 .Fo i2d_X509_SIG
-.Fa "X509_SIG *a"
+.Fa "X509_SIG *val_in"
-.Fa "unsigned char **pp"
+.Fa "unsigned char **der_out"
+.Fc
+.Ft X509_SIG *
+.Fo d2i_PKCS8_bio
+.Fa "BIO *in_bio"
+.Fa "X509_SIG **val_out"
+.Fc
+.Ft int
+.Fo i2d_PKCS8_bio
+.Fa "BIO *out_bio"
+.Fa "X509_SIG *val_in"
+.Fc
+.Ft X509_SIG *
+.Fo d2i_PKCS8_fp
+.Fa "FILE *in_fp"
+.Fa "X509_SIG **val_out"
+.Fc
+.Ft int
+.Fo i2d_PKCS8_fp
+.Fa "FILE *out_fp"
+.Fa "X509_SIG *val_in"
 .Fc
 .Sh DESCRIPTION
-These functions decode and encode an
+.Fn d2i_X509_SIG
-.Vt X509_SIG
+and
-structure, which is equivalent to the
+.Fn i2d_X509_SIG
+decode and encode an ASN.1
 .Vt DigestInfo
-structure defined in PKCS#1 and PKCS#7.
+structure defined in RFC 2315 section 9.4
-They otherwise behave in a way similar to
+and equivalently in RFC 8017 section 9.2.
-.Xr d2i_X509 3
+For details about the semantics, examples, caveats, and bugs, see
+.Xr ASN1_item_d2i 3 .
+.Pp
+.Fn d2i_PKCS8_bio
+and
+.Fn d2i_PKCS8_fp
+are similar to
+.Fn d2i_X509_SIG
+except that they read from a
+.Vt BIO
+or
+.Vt FILE
+pointer.
+.Pp
+.Fn i2d_PKCS8_bio
+and
+.Fn i2d_PKCS8_fp
+are similar to
+.Fn i2d_X509_SIG
+except that they write to a
+.Vt BIO
+or
+.Vt FILE
+pointer.
+.Sh RETURN VALUES
+.Fn d2i_X509_SIG ,
+.Fn d2i_PKCS8_bio ,
 and
-.Xr i2d_X509 3 .
+.Fn d2i_PKCS8_fp
+return a
+.Vt X509_SIG
+object or
+.Dv NULL
+if an error occurs.
+.Pp
+.Fn i2d_X509_SIG
+returns the number of bytes successfully encoded or a negative value
+if an error occurs.
+.Pp
+.Fn i2d_PKCS8_bio
+and
+.Fn i2d_PKCS8_fp
+return 1 for success or 0 if an error occurs.
 .Sh SEE ALSO
-.Xr d2i_X509 3
+.Xr ASN1_item_d2i 3 ,
+.Xr PKCS7_new 3 ,
+.Xr RSA_sign 3 ,
+.Xr X509_SIG_new 3
+.Sh STANDARDS
+RFC 2315: PKCS #7: Cryptographic Message Syntax,
+section 9: Signed-data content type
+.Pp
+RFC 8017: PKCS #1: RSA Cryptography Specifications,
+section 9: Encoding Methods for Signatures
+.Sh BUGS
+.Fn d2i_PKCS8_bio ,
+.Fn i2d_PKCS8_bio ,
+.Fn d2i_PKCS8_fp ,
+and
+.Fn i2d_PKCS8_fp
+are severely misnamed and should have been called
+.Dq d2i_X509_SIG_bio
+and so on.
+.Pp
+Or arguably, the
+.Vt X509_SIG
+object is misnamed itself, considering that it represents
+.Vt DigestInfo
+from PKCS#7 and PKCS#1.
+Then again, calling it
+.Dq PKCS8
+instead clearly isn't an improvement.
+.Pp
+Either way, these names just don't fit.
author	schwarze <>	2016-12-28 02:48:59 +0000
committer	schwarze <>	2016-12-28 02:48:59 +0000
commit	3c97a7c50200d5ef4681d620bf76fcea2ce72811 (patch)
tree	ff11b24075511b92561eec32a16cafd5453790a1 /src
parent	3ab01aea6cbd12c1ef51701054380bdb742b0fe1 (diff)
download	openbsd-3c97a7c50200d5ef4681d620bf76fcea2ce72811.tar.gz openbsd-3c97a7c50200d5ef4681d620bf76fcea2ce72811.tar.bz2 openbsd-3c97a7c50200d5ef4681d620bf76fcea2ce72811.zip

diff --git a/src/lib/libcrypto/man/d2i_X509_SIG.3 b/src/lib/libcrypto/man/d2i_X509_SIG.3 index 33676b6df0..bf050ce23d 100644 --- a/src/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/src/lib/libcrypto/man/d2i_X509_SIG.3
@@ -1,82 +1,145 @@
1	.\" $OpenBSD: d2i_X509_SIG.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $	1	.\" $OpenBSD: d2i_X509_SIG.3,v 1.6 2016/12/28 02:48:59 schwarze Exp $
2	.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400	2	.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
5	.\" Copyright (c) 2002, 2015 The OpenSSL Project. All rights reserved.
6	.\"	5	.\"
7	.\" Redistribution and use in source and binary forms, with or without	6	.\" Permission to use, copy, modify, and distribute this software for any
8	.\" modification, are permitted provided that the following conditions	7	.\" purpose with or without fee is hereby granted, provided that the above
9	.\" are met:	8	.\" copyright notice and this permission notice appear in all copies.
10	.\"	9	.\"
11	.\" 1. Redistributions of source code must retain the above copyright	10	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12	.\" notice, this list of conditions and the following disclaimer.	11	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		12	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		13	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		14	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
13	.\"	17	.\"
14	.\" 2. Redistributions in binary form must reproduce the above copyright	18	.Dd $Mdocdate: December 28 2016 $
15	.\" notice, this list of conditions and the following disclaimer in
16	.\" the documentation and/or other materials provided with the
17	.\" distribution.
18	.\"
19	.\" 3. All advertising materials mentioning features or use of this
20	.\" software must display the following acknowledgment:
21	.\" "This product includes software developed by the OpenSSL Project
22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23	.\"
24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25	.\" endorse or promote products derived from this software without
26	.\" prior written permission. For written permission, please contact
27	.\" openssl-core@openssl.org.
28	.\"
29	.\" 5. Products derived from this software may not be called "OpenSSL"
30	.\" nor may "OpenSSL" appear in their names without prior written
31	.\" permission of the OpenSSL Project.
32	.\"
33	.\" 6. Redistributions of any form whatsoever must retain the following
34	.\" acknowledgment:
35	.\" "This product includes software developed by the OpenSSL Project
36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37	.\"
38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"
51	.Dd $Mdocdate: December 25 2016 $
52	.Dt D2I_X509_SIG 3	19	.Dt D2I_X509_SIG 3
53	.Os	20	.Os
54	.Sh NAME	21	.Sh NAME
55	.Nm d2i_X509_SIG ,	22	.Nm d2i_X509_SIG ,
56	.Nm i2d_X509_SIG	23	.Nm i2d_X509_SIG ,
57	.Nd DigestInfo functions	24	.Nm d2i_PKCS8_bio ,
		25	.Nm i2d_PKCS8_bio ,
		26	.Nm d2i_PKCS8_fp ,
		27	.Nm i2d_PKCS8_fp
		28	.\" In the next line, the number "7" is not a typo.
		29	.\" These functions are misnamed.
		30	.Nd decode and encode PKCS#7 digest information
58	.Sh SYNOPSIS	31	.Sh SYNOPSIS
59	.In openssl/x509.h	32	.In openssl/x509.h
60	.Ft X509_SIG *	33	.Ft X509_SIG *
61	.Fo d2i_X509_SIG	34	.Fo d2i_X509_SIG
62	.Fa "X509_SIG **a"	35	.Fa "X509_SIG **val_out"
63	.Fa "unsigned char **pp"	36	.Fa "unsigned char **der_in"
64	.Fa "long length"	37	.Fa "long length"
65	.Fc	38	.Fc
66	.Ft int	39	.Ft int
67	.Fo i2d_X509_SIG	40	.Fo i2d_X509_SIG
68	.Fa "X509_SIG *a"	41	.Fa "X509_SIG *val_in"
69	.Fa "unsigned char **pp"	42	.Fa "unsigned char **der_out"
		43	.Fc
		44	.Ft X509_SIG *
		45	.Fo d2i_PKCS8_bio
		46	.Fa "BIO *in_bio"
		47	.Fa "X509_SIG **val_out"
		48	.Fc
		49	.Ft int
		50	.Fo i2d_PKCS8_bio
		51	.Fa "BIO *out_bio"
		52	.Fa "X509_SIG *val_in"
		53	.Fc
		54	.Ft X509_SIG *
		55	.Fo d2i_PKCS8_fp
		56	.Fa "FILE *in_fp"
		57	.Fa "X509_SIG **val_out"
		58	.Fc
		59	.Ft int
		60	.Fo i2d_PKCS8_fp
		61	.Fa "FILE *out_fp"
		62	.Fa "X509_SIG *val_in"
70	.Fc	63	.Fc
71	.Sh DESCRIPTION	64	.Sh DESCRIPTION
72	These functions decode and encode an	65	.Fn d2i_X509_SIG
73	.Vt X509_SIG	66	and
74	structure, which is equivalent to the	67	.Fn i2d_X509_SIG
		68	decode and encode an ASN.1
75	.Vt DigestInfo	69	.Vt DigestInfo
76	structure defined in PKCS#1 and PKCS#7.	70	structure defined in RFC 2315 section 9.4
77	They otherwise behave in a way similar to	71	and equivalently in RFC 8017 section 9.2.
78	.Xr d2i_X509 3	72	For details about the semantics, examples, caveats, and bugs, see
		73	.Xr ASN1_item_d2i 3 .
		74	.Pp
		75	.Fn d2i_PKCS8_bio
		76	and
		77	.Fn d2i_PKCS8_fp
		78	are similar to
		79	.Fn d2i_X509_SIG
		80	except that they read from a
		81	.Vt BIO
		82	or
		83	.Vt FILE
		84	pointer.
		85	.Pp
		86	.Fn i2d_PKCS8_bio
		87	and
		88	.Fn i2d_PKCS8_fp
		89	are similar to
		90	.Fn i2d_X509_SIG
		91	except that they write to a
		92	.Vt BIO
		93	or
		94	.Vt FILE
		95	pointer.
		96	.Sh RETURN VALUES
		97	.Fn d2i_X509_SIG ,
		98	.Fn d2i_PKCS8_bio ,
79	and	99	and
80	.Xr i2d_X509 3 .	100	.Fn d2i_PKCS8_fp
		101	return a
		102	.Vt X509_SIG
		103	object or
		104	.Dv NULL
		105	if an error occurs.
		106	.Pp
		107	.Fn i2d_X509_SIG
		108	returns the number of bytes successfully encoded or a negative value
		109	if an error occurs.
		110	.Pp
		111	.Fn i2d_PKCS8_bio
		112	and
		113	.Fn i2d_PKCS8_fp
		114	return 1 for success or 0 if an error occurs.
81	.Sh SEE ALSO	115	.Sh SEE ALSO
82	.Xr d2i_X509 3	116	.Xr ASN1_item_d2i 3 ,
		117	.Xr PKCS7_new 3 ,
		118	.Xr RSA_sign 3 ,
		119	.Xr X509_SIG_new 3
		120	.Sh STANDARDS
		121	RFC 2315: PKCS #7: Cryptographic Message Syntax,
		122	section 9: Signed-data content type
		123	.Pp
		124	RFC 8017: PKCS #1: RSA Cryptography Specifications,
		125	section 9: Encoding Methods for Signatures
		126	.Sh BUGS
		127	.Fn d2i_PKCS8_bio ,
		128	.Fn i2d_PKCS8_bio ,
		129	.Fn d2i_PKCS8_fp ,
		130	and
		131	.Fn i2d_PKCS8_fp
		132	are severely misnamed and should have been called
		133	.Dq d2i_X509_SIG_bio
		134	and so on.
		135	.Pp
		136	Or arguably, the
		137	.Vt X509_SIG
		138	object is misnamed itself, considering that it represents
		139	.Vt DigestInfo
		140	from PKCS#7 and PKCS#1.
		141	Then again, calling it
		142	.Dq PKCS8
		143	instead clearly isn't an improvement.
		144	.Pp
		145	Either way, these names just don't fit.