diff options
| author | tb <> | 2023-10-10 13:59:47 +0000 |
|---|---|---|
| committer | tb <> | 2023-10-10 13:59:47 +0000 |
| commit | 5cbf5fcfb7c8f024018bdd341230dd05f331967a (patch) | |
| tree | 839fb7d8c6ba2e45887042205322c320300755fc /src | |
| parent | d808914bdc17a47e22e7adf00aa95bf465f95b4f (diff) | |
| download | openbsd-5cbf5fcfb7c8f024018bdd341230dd05f331967a.tar.gz openbsd-5cbf5fcfb7c8f024018bdd341230dd05f331967a.tar.bz2 openbsd-5cbf5fcfb7c8f024018bdd341230dd05f331967a.zip | |
Improve X509_ALGOR_new(3) documentation
The previous wording was misleading since the result of X509_ALGOR_new()
is not actually an empty X509_ALGOR object. Rather, it contains the
undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using
X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial.
So: change the initial paragraph into a general intro referring to the
OpenSSL API needed to interface with X509_ALGOR and write a new paragraph
documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error
check. Notably there's now a reference to the OBJ_nid2obj() family without
which one cannot really use X509_ALGOR_* for anything at all.
With and ok schwarze
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/man/X509_ALGOR_dup.3 | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3 index 56d9674c7c..0b878b7a86 100644 --- a/src/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3 | |||
| @@ -1,9 +1,10 @@ | |||
| 1 | .\" $OpenBSD: X509_ALGOR_dup.3,v 1.18 2023/10/09 16:59:55 tb Exp $ | 1 | .\" $OpenBSD: X509_ALGOR_dup.3,v 1.19 2023/10/10 13:59:47 tb Exp $ |
| 2 | .\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 | 2 | .\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file is a derived work. | 4 | .\" This file is a derived work. |
| 5 | .\" The changes are covered by the following Copyright and license: | 5 | .\" The changes are covered by the following Copyright and license: |
| 6 | .\" | 6 | .\" |
| 7 | .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org> | ||
| 7 | .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> | 8 | .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> |
| 8 | .\" | 9 | .\" |
| 9 | .\" Permission to use, copy, modify, and distribute this software for any | 10 | .\" Permission to use, copy, modify, and distribute this software for any |
| @@ -65,7 +66,7 @@ | |||
| 65 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 66 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 66 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 67 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 67 | .\" | 68 | .\" |
| 68 | .Dd $Mdocdate: October 9 2023 $ | 69 | .Dd $Mdocdate: October 10 2023 $ |
| 69 | .Dt X509_ALGOR_DUP 3 | 70 | .Dt X509_ALGOR_DUP 3 |
| 70 | .Os | 71 | .Os |
| 71 | .Sh NAME | 72 | .Sh NAME |
| @@ -112,17 +113,39 @@ | |||
| 112 | .Fa "const X509_ALGOR *b" | 113 | .Fa "const X509_ALGOR *b" |
| 113 | .Fc | 114 | .Fc |
| 114 | .Sh DESCRIPTION | 115 | .Sh DESCRIPTION |
| 115 | .Fn X509_ALGOR_new | 116 | An |
| 116 | allocates and initializes an empty | ||
| 117 | .Vt X509_ALGOR | 117 | .Vt X509_ALGOR |
| 118 | object, representing an ASN.1 | 118 | object represents an ASN.1 |
| 119 | .Vt AlgorithmIdentifier | 119 | .Vt AlgorithmIdentifier |
| 120 | structure defined in RFC 5280 section 4.1.1.2. | 120 | structure defined in RFC 5280 section 4.1.1.2. |
| 121 | Such objects can specify a cryptographic algorithm together | 121 | It specifies a cryptographic |
| 122 | with algorithm-specific parameters. | 122 | .Fa algorithm |
| 123 | They are used by many other objects, for example certificates, | 123 | by an ASN.1 object identifier (OID) that can be obtained from |
| 124 | .Xr OBJ_nid2obj 3 , | ||
| 125 | together with optional algorithm-specific | ||
| 126 | .Fa parameters | ||
| 127 | of the type | ||
| 128 | .Vt ASN1_TYPE , | ||
| 129 | see | ||
| 130 | .Xr ASN1_TYPE_set 3 . | ||
| 131 | .Vt X509_ALGOR | ||
| 132 | objects are used by many other objects, for example certificates, | ||
| 124 | certificate revocation lists, and certificate requests. | 133 | certificate revocation lists, and certificate requests. |
| 125 | .Pp | 134 | .Pp |
| 135 | .Fn X509_ALGOR_new | ||
| 136 | allocates a new | ||
| 137 | .Vt X509_ALGOR | ||
| 138 | object containing the object that | ||
| 139 | .Xr OBJ_nid2obj 3 | ||
| 140 | returns for | ||
| 141 | .Dv NID_undef | ||
| 142 | as the | ||
| 143 | .Fa algorithm | ||
| 144 | and a | ||
| 145 | .Dv NULL | ||
| 146 | pointer as the | ||
| 147 | .Fa parameters . | ||
| 148 | .Pp | ||
| 126 | .Fn X509_ALGOR_free | 149 | .Fn X509_ALGOR_free |
| 127 | frees | 150 | frees |
| 128 | .Fa alg | 151 | .Fa alg |
| @@ -210,12 +233,7 @@ can leave | |||
| 210 | .Fa alg | 233 | .Fa alg |
| 211 | in a corrupted state due to memory allocation failure. | 234 | in a corrupted state due to memory allocation failure. |
| 212 | This problem can be avoided by preallocating with an error-checked call to | 235 | This problem can be avoided by preallocating with an error-checked call to |
| 213 | .Fn X509_ALGOR_set0 alg NULL 0 NULL , | 236 | .Fn X509_ALGOR_set0 alg NULL 0 NULL . |
| 214 | or the failure can be identified by | ||
| 215 | .Fn X509_ALGOR_get0 &aobj NULL NULL alg | ||
| 216 | returning a | ||
| 217 | .Dv NULL | ||
| 218 | .Fa aobj . | ||
| 219 | .Pp | 237 | .Pp |
| 220 | .Fn X509_ALGOR_cmp | 238 | .Fn X509_ALGOR_cmp |
| 221 | compares | 239 | compares |
| @@ -249,6 +267,7 @@ have identical encodings or non-zero otherwise. | |||
| 249 | .Xr ASN1_TYPE_set 3 , | 267 | .Xr ASN1_TYPE_set 3 , |
| 250 | .Xr d2i_X509_ALGOR 3 , | 268 | .Xr d2i_X509_ALGOR 3 , |
| 251 | .Xr EVP_DigestInit 3 , | 269 | .Xr EVP_DigestInit 3 , |
| 270 | .Xr OBJ_nid2obj 3 , | ||
| 252 | .Xr X509_get0_signature 3 , | 271 | .Xr X509_get0_signature 3 , |
| 253 | .Xr X509_new 3 , | 272 | .Xr X509_new 3 , |
| 254 | .Xr X509_PUBKEY_get0_param 3 , | 273 | .Xr X509_PUBKEY_get0_param 3 , |