Merge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1

author: tb <> 2021-10-26 23:37:56 +0000
committer: tb <> 2021-10-26 23:37:56 +0000
commit: 9708d91b72dd881ff18329e76e72608f97555822 (patch)
tree: cd3d6ca6fa1ced9dbf458e9a1a620a0db0b35e15 /src
parent: 5baa92f3148199c15c3799a18a312726cd9131d8 (diff)
download: openbsd-9708d91b72dd881ff18329e76e72608f97555822.tar.gz
openbsd-9708d91b72dd881ff18329e76e72608f97555822.tar.bz2
openbsd-9708d91b72dd881ff18329e76e72608f97555822.zip
1 files changed, 67 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3
index 94b136a0ce..12163d9e48 100644
--- a/src/lib/libcrypto/man/d2i_X509.3
+++ b/src/lib/libcrypto/man/d2i_X509.3
@@ -1,5 +1,6 @@
-.\"     $OpenBSD: d2i_X509.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: d2i_X509.3,v 1.10 2021/10/26 23:37:56 tb Exp $
 .\"     OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000
+.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
@@ -18,7 +19,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" The original files were written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.
 .\" All rights reserved.
 .\"
@@ -66,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: October 26 2021 $
 .Dt D2I_X509 3
 .Os
 .Sh NAME
@@ -83,7 +84,10 @@
 .Nm d2i_X509_CINF ,
 .Nm i2d_X509_CINF ,
 .Nm d2i_X509_VAL ,
-.Nm i2d_X509_VAL
+.Nm i2d_X509_VAL ,
+.Nm i2d_re_X509_tbs ,
+.Nm i2d_re_X509_CRL_tbs ,
+.Nm i2d_re_X509_REQ_tbs
 .Nd decode and encode X.509 certificates
 .Sh SYNOPSIS
 .In openssl/x509.h
@@ -162,6 +166,21 @@
 .Fa "X509_VAL *val_in"
 .Fa "unsigned char **der_out"
 .Fc
+.Ft int
+.Fo i2d_re_X509_tbs
+.Fa "X509 *x"
+.Fa "unsigned char **out"
+.Fc
+.Ft int
+.Fo i2d_re_X509_CRL_tbs
+.Fa "X509_CRL *crl"
+.Fa "unsigned char **pp"
+.Fc
+.Ft int
+.Fo i2d_re_X509_REQ_tbs
+.Fa "X509_REQ *req"
+.Fa "unsigned char **pp"
+.Fc
 .Sh DESCRIPTION
 These functions decode and encode X.509 certificates
 and some of their substructures.
@@ -221,6 +240,37 @@ and
 decode and encode an ASN.1
 .Vt Validity
 structure defined in RFC 5280 section 4.1.
+.Pp
+.Fn i2d_re_X509_tbs
+is similar to
+.Fn i2d_X509 ,
+except it encodes only the TBSCertificate portion of the certificate.
+.Fn i2d_re_X509_CRL_tbs
+and
+.Fn i2d_re_X509_REQ_tbs
+are analogous for CRL and certificate request, respectively.
+The "re" in
+.Fn i2d_re_X509_tbs
+stands for "re-encode", and ensures that a fresh encoding is generated
+in case the object has been modified after creation (see the BUGS
+section).
+.Pp
+The encoding of the TBSCertificate portion of a certificate is cached in
+the
+.Vt X509
+structure internally to improve encoding performance and to ensure
+certificate signatures are verified correctly in some certificates with
+broken (non-DER) encodings.
+.Pp
+If, after modification, the
+.Vt X509
+object is re-signed with
+.Xr X509_sign 3 ,
+the encoding is automatically renewed.
+Otherwise, the encoding of the TBSCertificate portion of the
+.Vt X509
+can be manually renewed by calling
+.Fn i2d_re_X509_tbs .
 .Sh RETURN VALUES
 .Fn d2i_X509 ,
 .Fn d2i_X509_bio ,
@@ -260,6 +310,12 @@ and
 .Fn i2d_X509_fp
 return 1 for success or 0 if an error occurs.
 .Pp
+.Fn i2d_re_X509_tbs ,
+.Fn i2d_re_X509_CRL_tbs ,
+and
+.Fn i2d_re_X509_REQ_tbs
+return the length of bytes successfully encoded or 0 if an error occurs.
+.Pp
 For all functions, the error code can be obtained by
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
@@ -294,3 +350,10 @@ and
 .Fn i2d_X509_CERT_AUX
 first appeared in OpenSSL 0.9.5 and have been available since
 .Ox 2.7 .
+.Pp
+.Fn i2d_re_X509_tbs ,
+.Fn i2d_re_X509_CRL_tbs ,
+and
+.Fn i2d_re_X509_REQ_tbs
+first appeared in OpenSSL 1.1.0 and have been available since
+.Ox 7.1 .
author	tb <>	2021-10-26 23:37:56 +0000
committer	tb <>	2021-10-26 23:37:56 +0000
commit	9708d91b72dd881ff18329e76e72608f97555822 (patch)
tree	cd3d6ca6fa1ced9dbf458e9a1a620a0db0b35e15 /src
parent	5baa92f3148199c15c3799a18a312726cd9131d8 (diff)
download	openbsd-9708d91b72dd881ff18329e76e72608f97555822.tar.gz openbsd-9708d91b72dd881ff18329e76e72608f97555822.tar.bz2 openbsd-9708d91b72dd881ff18329e76e72608f97555822.zip

diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3 index 94b136a0ce..12163d9e48 100644 --- a/src/lib/libcrypto/man/d2i_X509.3 +++ b/src/lib/libcrypto/man/d2i_X509.3
@@ -1,5 +1,6 @@
1	.\" $OpenBSD: d2i_X509.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $	1	.\" $OpenBSD: d2i_X509.3,v 1.10 2021/10/26 23:37:56 tb Exp $
2	.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000	2	.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000
		3	.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
3	.\"	4	.\"
4	.\" This file is a derived work.	5	.\" This file is a derived work.
5	.\" The changes are covered by the following Copyright and license:	6	.\" The changes are covered by the following Copyright and license:
@@ -18,7 +19,7 @@
18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	19	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	20	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20	.\"	21	.\"
21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.	22	.\" The original files were written by Dr. Stephen Henson <steve@openssl.org>.
22	.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.	23	.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.
23	.\" All rights reserved.	24	.\" All rights reserved.
24	.\"	25	.\"
@@ -66,7 +67,7 @@
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"	69	.\"
69	.Dd $Mdocdate: March 27 2018 $	70	.Dd $Mdocdate: October 26 2021 $
70	.Dt D2I_X509 3	71	.Dt D2I_X509 3
71	.Os	72	.Os
72	.Sh NAME	73	.Sh NAME
@@ -83,7 +84,10 @@
83	.Nm d2i_X509_CINF ,	84	.Nm d2i_X509_CINF ,
84	.Nm i2d_X509_CINF ,	85	.Nm i2d_X509_CINF ,
85	.Nm d2i_X509_VAL ,	86	.Nm d2i_X509_VAL ,
86	.Nm i2d_X509_VAL	87	.Nm i2d_X509_VAL ,
		88	.Nm i2d_re_X509_tbs ,
		89	.Nm i2d_re_X509_CRL_tbs ,
		90	.Nm i2d_re_X509_REQ_tbs
87	.Nd decode and encode X.509 certificates	91	.Nd decode and encode X.509 certificates
88	.Sh SYNOPSIS	92	.Sh SYNOPSIS
89	.In openssl/x509.h	93	.In openssl/x509.h
@@ -162,6 +166,21 @@
162	.Fa "X509_VAL *val_in"	166	.Fa "X509_VAL *val_in"
163	.Fa "unsigned char **der_out"	167	.Fa "unsigned char **der_out"
164	.Fc	168	.Fc
		169	.Ft int
		170	.Fo i2d_re_X509_tbs
		171	.Fa "X509 *x"
		172	.Fa "unsigned char **out"
		173	.Fc
		174	.Ft int
		175	.Fo i2d_re_X509_CRL_tbs
		176	.Fa "X509_CRL *crl"
		177	.Fa "unsigned char **pp"
		178	.Fc
		179	.Ft int
		180	.Fo i2d_re_X509_REQ_tbs
		181	.Fa "X509_REQ *req"
		182	.Fa "unsigned char **pp"
		183	.Fc
165	.Sh DESCRIPTION	184	.Sh DESCRIPTION
166	These functions decode and encode X.509 certificates	185	These functions decode and encode X.509 certificates
167	and some of their substructures.	186	and some of their substructures.
@@ -221,6 +240,37 @@ and
221	decode and encode an ASN.1	240	decode and encode an ASN.1
222	.Vt Validity	241	.Vt Validity
223	structure defined in RFC 5280 section 4.1.	242	structure defined in RFC 5280 section 4.1.
		243	.Pp
		244	.Fn i2d_re_X509_tbs
		245	is similar to
		246	.Fn i2d_X509 ,
		247	except it encodes only the TBSCertificate portion of the certificate.
		248	.Fn i2d_re_X509_CRL_tbs
		249	and
		250	.Fn i2d_re_X509_REQ_tbs
		251	are analogous for CRL and certificate request, respectively.
		252	The "re" in
		253	.Fn i2d_re_X509_tbs
		254	stands for "re-encode", and ensures that a fresh encoding is generated
		255	in case the object has been modified after creation (see the BUGS
		256	section).
		257	.Pp
		258	The encoding of the TBSCertificate portion of a certificate is cached in
		259	the
		260	.Vt X509
		261	structure internally to improve encoding performance and to ensure
		262	certificate signatures are verified correctly in some certificates with
		263	broken (non-DER) encodings.
		264	.Pp
		265	If, after modification, the
		266	.Vt X509
		267	object is re-signed with
		268	.Xr X509_sign 3 ,
		269	the encoding is automatically renewed.
		270	Otherwise, the encoding of the TBSCertificate portion of the
		271	.Vt X509
		272	can be manually renewed by calling
		273	.Fn i2d_re_X509_tbs .
224	.Sh RETURN VALUES	274	.Sh RETURN VALUES
225	.Fn d2i_X509 ,	275	.Fn d2i_X509 ,
226	.Fn d2i_X509_bio ,	276	.Fn d2i_X509_bio ,
@@ -260,6 +310,12 @@ and
260	.Fn i2d_X509_fp	310	.Fn i2d_X509_fp
261	return 1 for success or 0 if an error occurs.	311	return 1 for success or 0 if an error occurs.
262	.Pp	312	.Pp
		313	.Fn i2d_re_X509_tbs ,
		314	.Fn i2d_re_X509_CRL_tbs ,
		315	and
		316	.Fn i2d_re_X509_REQ_tbs
		317	return the length of bytes successfully encoded or 0 if an error occurs.
		318	.Pp
263	For all functions, the error code can be obtained by	319	For all functions, the error code can be obtained by
264	.Xr ERR_get_error 3 .	320	.Xr ERR_get_error 3 .
265	.Sh SEE ALSO	321	.Sh SEE ALSO
@@ -294,3 +350,10 @@ and
294	.Fn i2d_X509_CERT_AUX	350	.Fn i2d_X509_CERT_AUX
295	first appeared in OpenSSL 0.9.5 and have been available since	351	first appeared in OpenSSL 0.9.5 and have been available since
296	.Ox 2.7 .	352	.Ox 2.7 .
		353	.Pp
		354	.Fn i2d_re_X509_tbs ,
		355	.Fn i2d_re_X509_CRL_tbs ,
		356	and
		357	.Fn i2d_re_X509_REQ_tbs
		358	first appeared in OpenSSL 1.1.0 and have been available since
		359	.Ox 7.1 .