Document X509v3_{addr,asid}_subset.3

First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.

7 files changed, 40 insertions, 30 deletions

diff --git a/src/lib/libcrypto/man/ASIdentifiers_new.3 b/src/lib/libcrypto/man/ASIdentifiers_new.3
index 4f6bf67f10..ae5795c9a3 100644
--- a/src/lib/libcrypto/man/ASIdentifiers_new.3
+++ b/src/lib/libcrypto/man/ASIdentifiers_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASIdentifiers_new.3,v 1.7 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: ASIdentifiers_new.3,v 1.8 2023/09/28 12:35:31 tb Exp $
 .\"
 .\" Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt ASIDENTIFIERS_NEW 3
 .Os
 .Sh NAME
@@ -47,7 +47,7 @@
 .Sh DESCRIPTION
 RFC 3779 defines two X.509v3 certificate extensions that allow the
 delegation of
-IP address blocks and autonomous system (AS) identifiers
+IP addresses and autonomous system (AS) identifiers
 from the issuer to the subject of the certificate.
 An
 .Vt ASIdentifiers
@@ -112,8 +112,11 @@ or a value <= 0 if an error occurs.
 .Xr crypto 3 ,
 .Xr IPAddressRange_new 3 ,
 .Xr X509_new 3 ,
-.Xr X509v3_asid_add_id_or_range 3 ,
-.Xr X509v3_asid_inherits 3
+.Xr X509v3_addr_add_inherit 3 ,
+.Xr X509v3_addr_get_range 3 ,
+.Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3 ,
+.Xr X509v3_asid_add_id_or_range 3
 .Sh STANDARDS
 RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
 .Bl -dash -compact
@@ -130,5 +133,5 @@ and have been available since
 .Ox 7.1 .
 .Sh BUGS
 There are no corresponding functions for the RFC 3779
-IP address blocks delegation extension represented by
+IP address delegation extension represented by
 .Vt IPAddrBlocks .
diff --git a/src/lib/libcrypto/man/ASRange_new.3 b/src/lib/libcrypto/man/ASRange_new.3
index 12eff26792..53da608cb1 100644
--- a/src/lib/libcrypto/man/ASRange_new.3
+++ b/src/lib/libcrypto/man/ASRange_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASRange_new.3,v 1.5 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: ASRange_new.3,v 1.6 2023/09/28 12:35:31 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt ASRANGE_NEW 3
 .Os
 .Sh NAME
@@ -90,7 +90,7 @@ autonomous system identifier delegation extension.
 .Pp
 All
 .Vt ASN1_INTEGER Ns s
-in this manual should be representable as unsigned 32-bit integers.
+in this manual must be representable as unsigned 32-bit integers.
 The API performs no corresponding checks.
 The library provides no convenient way of setting the value of an
 .Vt ASN1_INTEGER
@@ -358,6 +358,7 @@ or a value <= 0 if an error occurs.
 .Xr crypto 3 ,
 .Xr IPAddressRange_new 3 ,
 .Xr s2i_ASN1_INTEGER 3 ,
+.Xr STACK_OF 3 ,
 .Xr X509_new 3 ,
 .Xr X509v3_asid_add_id_or_range 3
 .Sh STANDARDS
diff --git a/src/lib/libcrypto/man/IPAddressRange_new.3 b/src/lib/libcrypto/man/IPAddressRange_new.3
index 07c57f3e5d..e15ff34509 100644
--- a/src/lib/libcrypto/man/IPAddressRange_new.3
+++ b/src/lib/libcrypto/man/IPAddressRange_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: IPAddressRange_new.3,v 1.4 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: IPAddressRange_new.3,v 1.5 2023/09/28 12:35:31 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt IPADDRESSRANGE_NEW 3
 .Os
 .Sh NAME
@@ -110,12 +110,12 @@ type representing the IP address delegation extension.
 Per RFC 3779, section 2.1.1,
 an IPv4 or an IPv6 address is encoded in network byte order in an
 ASN.1 BIT STRING of bit size 32 or 128 bits, respectively.
-The bit size of a prefix is its prefix length.
-In other words, all insignificant zero bits are omitted
+The bit size of a prefix is its prefix length;
+all insignificant zero bits are omitted
 from the encoding.
 An address range is expressed as a pair of BIT STRINGs
-where all least significant zero bits of the lower bound
-and the all least significant one bits of the upper bound are omitted.
+where all the least significant zero bits of the lower bound
+and all the least significant one bits of the upper bound are omitted.
 .Pp
 The library provides no API for directly converting an IP address or
 prefix (in any form) to and from an
@@ -127,8 +127,11 @@ internals are subtle and directly manipulating them in the
 context of the RFC 3779 API is discouraged.
 The bit size of an
 .Vt ASN1_BIT_STRING
-representing an IP address prefix or range is eight times its length
-member minus the lowest three bits of its flags, provided the
+representing an IP address prefix or range is eight times its
+.Fa length
+member minus the lowest three bits of its
+.Fa flags ,
+provided the
 .Dv ASN1_STRING_FLAG_BITS_LEFT
 flag is set.
 .Pp
@@ -460,7 +463,8 @@ or a value <= 0 if an error occurs.
 .Xr crypto 3 ,
 .Xr X509_new 3 ,
 .Xr X509v3_addr_add_inherit 3 ,
-.Xr X509v3_addr_inherits 3
+.Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3
 .Sh STANDARDS
 RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
 .Bl -dash -compact
@@ -483,7 +487,7 @@ section 2.2.3.7: Type IPAddressOrRange
 .It
 section 2.2.3.8: Element addressPrefix and Type IPAddress
 .It
-section 2.2.3.9: Elements addressRange and Type IPAddressRange
+section 2.2.3.9: Element addressRange and Type IPAddressRange
 .El
 .Pp
 ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 9bf40343e4..e6a97f3004 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.274 2023/09/26 20:42:45 tb Exp $
+# $OpenBSD: Makefile,v 1.275 2023/09/28 12:35:31 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -395,6 +395,7 @@ MAN=	\
         X509v3_addr_add_inherit.3 \
         X509v3_addr_get_range.3 \
         X509v3_addr_inherits.3 \
+        X509v3_addr_subset.3 \
         X509v3_asid_add_id_or_range.3 \
         X509v3_asid_add_id_or_range.3 \
         X509v3_get_ext_by_NID.3 \
diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3
index dea1b256ce..a669bf0608 100644
--- a/src/lib/libcrypto/man/X509_new.3
+++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_new.3,v 1.41 2023/09/26 20:42:45 tb Exp $
+.\" $OpenBSD: X509_new.3,v 1.42 2023/09/28 12:35:31 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 26 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
@@ -245,6 +245,7 @@ if an error occurs.
 .Xr X509v3_addr_add_inherit 3 ,
 .Xr X509v3_addr_get_range 3 ,
 .Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3 ,
 .Xr X509v3_asid_add_id_or_range 3
 .Sh STANDARDS
 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
diff --git a/src/lib/libcrypto/man/X509v3_addr_add_inherit.3 b/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
index 3ca9bc59ae..81e73f76e5 100644
--- a/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
+++ b/src/lib/libcrypto/man/X509v3_addr_add_inherit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.5 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.6 2023/09/28 12:35:31 tb Exp $
 .\"
 .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt X509V3_ADDR_ADD_INHERIT 3
 .Os
 .Sh NAME
@@ -60,7 +60,7 @@
 An
 .Vt IPAddrBlocks
 object represents the content of
-an X509v3 IP address blocks delegation extension
+an IP address delegation extension
 as defined in RFC 3779, section 2.2.3.1.
 It holds lists of IP address prefixes and IP address ranges
 delegated from the issuer to the subject of the certificate.
@@ -399,8 +399,8 @@ is desired.
 .Xr inet_ntop 3 ,
 .Xr IPAddressRange_new 3 ,
 .Xr X509_new 3 ,
-.Xr X509v3_asid_add_id_or_range 3 ,
-.Xr X509v3_addr_get_range 3
+.Xr X509v3_addr_get_range 3 ,
+.Xr X509v3_asid_add_id_or_range 3
 .Sh STANDARDS
 RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
 .Bl -dash -compact
diff --git a/src/lib/libcrypto/man/X509v3_asid_add_id_or_range.3 b/src/lib/libcrypto/man/X509v3_asid_add_id_or_range.3
index c9ff6bf13b..1b42a449e1 100644
--- a/src/lib/libcrypto/man/X509v3_asid_add_id_or_range.3
+++ b/src/lib/libcrypto/man/X509v3_asid_add_id_or_range.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.5 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.6 2023/09/28 12:35:31 tb Exp $
 .\"
 .\" Copyright (c) 2021-2023 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
 .Dt X509V3_ASID_ADD_ID_OR_RANGE 3
 .Os
 .Sh NAME
@@ -48,7 +48,7 @@
 .Sh DESCRIPTION
 An
 .Vt ASIdentifiers
-object represents the content of the X509v3 certificate extension
+object represents the content of the certificate extension
 defined in RFC 3779, section 3.2.3.1.
 It can be instantiated with
 .Xr ASIdentifiers_new 3