1 files changed, 0 insertions, 410 deletions
diff --git a/src/lib/libcrypto/man/ASRange_new.3 b/src/lib/libcrypto/man/ASRange_new.3
deleted file mode 100644
index dc58c98e58..0000000000
--- a/src/lib/libcrypto/man/ASRange_new.3
+++ /dev/null
@@ -1,410 +0,0 @@
-.\" $OpenBSD: ASRange_new.3,v 1.8 2023/10/11 12:06:11 tb Exp $
-.\"
-.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: October 11 2023 $
-.Dt ASRANGE_NEW 3
-.Os
-.Sh NAME
-.Nm ASRange_new ,
-.Nm ASRange_free ,
-.Nm d2i_ASRange ,
-.Nm i2d_ASRange ,
-.Nm ASIdOrRange_new ,
-.Nm ASIdOrRange_free ,
-.Nm d2i_ASIdOrRange ,
-.Nm i2d_ASIdOrRange ,
-.Nm ASIdentifierChoice_new ,
-.Nm ASIdentifierChoice_free ,
-.Nm d2i_ASIdentifierChoice ,
-.Nm i2d_ASIdentifierChoice
-.Nd RFC 3779 autonomous system identifiers and ranges
-.Sh SYNOPSIS
-.In openssl/x509v3.h
-.Ft "ASRange *"
-.Fn ASRange_new void
-.Ft void
-.Fn ASRange_free "ASRange *asrange"
-.Ft ASRange *
-.Fo d2i_ASRange
-.Fa "ASRange **asrange"
-.Fa "const unsigned char **der_in"
-.Fa "long length"
-.Fc
-.Ft int
-.Fo i2d_ASRange
-.Fa "ASRange *asrange"
-.Fa "unsigned char **der_out"
-.Fc
-.Ft "ASIdOrRange *"
-.Fn ASIdOrRange_new void
-.Ft void
-.Fn ASIdOrRange_free "ASIdOrRange *aor"
-.Ft ASIdOrRange *
-.Fo d2i_ASIdOrRange
-.Fa "ASIdOrRange **aor"
-.Fa "const unsigned char **der_in"
-.Fa "long length"
-.Fc
-.Ft int
-.Fo i2d_ASIdOrRange
-.Fa "ASIdOrRange *aor"
-.Fa "unsigned char **der_out"
-.Fc
-.Ft "ASIdentifierChoice *"
-.Fn ASIdentifierChoice_new void
-.Ft void
-.Fn ASIdentifierChoice_free "ASIdentifierChoice *aic"
-.Ft ASIdentifierChoice *
-.Fo d2i_ASIdentifierChoice
-.Fa "ASIdentifierChoice **aic"
-.Fa "const unsigned char **der_in"
-.Fa "long length"
-.Fc
-.Ft int
-.Fo i2d_ASIdentifierChoice
-.Fa "ASIdentifierChoice *aic"
-.Fa "unsigned char **der_out"
-.Fc
-.Sh DESCRIPTION
-.Vt ASRange ,
-.Vt ASIdOrRange ,
-and
-.Vt ASIdentifierChoice
-are building blocks of the
-.Vt ASIdentifiers
-type representing the RFC 3779
-autonomous system identifier delegation extension.
-.Pp
-All
-.Vt ASN1_INTEGER Ns s
-in this manual must be representable as unsigned 32-bit integers.
-The API performs no corresponding checks.
-An
-.Vt ASN1_INTEGER
-can be set using
-.Xr ASN1_INTEGER_set_uint64 3 .
-.Pp
-The
-.Vt ASRange
-type defined in RFC 3779 section 3.2.3.8 is implemented as
-.Bd -literal -offset indent
-typedef struct ASRange_st {
-        ASN1_INTEGER *min;
-        ASN1_INTEGER *max;
-} ASRange;
-.Ed
-.Pp
-It represents the closed range [min,max] of AS identifiers between
-.Fa min
-and
-.Fa max ,
-where
-.Fa min
-should be strictly smaller than
-.Fa max .
-.Pp
-.Fn ASRange_new
-allocates a new
-.Vt ASRange
-object with allocated, empty
-.Fa min
-and
-.Fa max ,
-thus representing the invalid range [0,0].
-.Pp
-.Fn ASRange_free
-frees
-.Fa asrange
-including any data contained in it.
-If
-.Fa asrange
-is
-.Dv NULL ,
-no action occurs.
-.Pp
-The
-.Vt ASIdOrRange
-type defined in RFC 3779 section 3.2.3.5 is implemented as
-.Bd -literal -offset indent
-typedef struct ASIdOrRange_st {
-        int type;
-        union {
-                ASN1_INTEGER *id;
-                ASRange *range;
-        } u;
-} ASIdOrRange;
-.Ed
-.Pp
-representing an individual AS identifier or a range.
-When populating an
-.Vt ASIdOrRange
-object by hand, its
-.Fa type
-should be set to
-.Dv ASIdOrRange_id
-or
-.Dv ASIdOrRange_range
-to indicate which member of the union
-.Fa u
-is valid.
-.Pp
-.Fn ASIdOrRange_new
-returns a new
-.Vt ASIdOrRange
-object with invalid type and
-.Dv NULL
-members of the union
-.Fa u .
-.Pp
-.Fn ASIdOrRange_free
-frees
-.Fa aor
-including any data contained in it,
-provided
-.Fa type
-is set correctly.
-If
-.Fa asrange
-is
-.Dv NULL ,
-no action occurs.
-.Pp
-In order to express a list of AS identifiers and ranges,
-RFC 3779 section 3.2.3.4
-uses an ASN.1 SEQUENCE,
-which is implemented via a
-.Xr STACK_OF 3
-construction over
-.Vt ASIdOrRange :
-.Bd -literal -offset indent
-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-.Ed
-.Pp
-Since an
-.Vt ASIdOrRanges
-object should be sorted in a specific way (see
-.Xr X509v3_asid_canonize 3 Ns ),
-a comparison function is needed for a correct instantiation
-with
-.Xr sk_new 3 .
-The
-.Fn ASIdOrRange_cmp
-function is not directly exposed and not easily accessible
-from outside the library,
-and it is non-trivial to implement.
-It is therefore discouraged to use
-.Vt ASIdOrRanges
-objects that are not part of an
-.Vt ASIdentifiers
-object.
-.Pp
-The
-.Dq inherit
-marker from RFC 3779 section 3.2.3.3 is implemented as
-.Vt ASN1_NULL .
-It has no dedicated type or API and can be instantiated with
-.Xr ASN1_NULL_new 3 .
-.Pp
-The
-.Vt ASIdentifierChoice
-type defined in RFC 3779 section 3.2.3.2 is implemented as
-.Bd -literal -offset indent
-typedef struct ASIdentifierChoice_st {
-        int type;
-        union {
-                ASN1_NULL *inherit;
-                ASIdOrRanges *asIdsOrRanges;
-        } u;
-} ASIdentifierChoice;
-.Ed
-.Pp
-where the
-.Fa type
-member should be set to
-.Dv ASIdentifierChoice_inherit
-or
-.Dv ASIdentifierChoice_asIdsOrRanges
-to indicate whether a given
-.Vt ASIdentifierChoice
-object represents an inherited list or an explicit list.
-.Pp
-.Fn ASIdentifierChoice_new
-returns a new
-.Vt ASIdentifierChoice
-object with invalid type and
-.Dv NULL
-members of the union
-.Fa u .
-.Pp
-.Fn ASIdentifierChoice_free
-frees
-.Fa aic
-including any data contained in it,
-provided
-.Fa type
-is set correctly.
-.Pp
-The
-.Vt ASIdentifiers
-type defined in RFC 3779 section 3.2.3.1 is implemented as
-.Bd -literal -offset indent
-typedef struct ASIdentifiers_st {
-        ASIdentifierChoice *asnum;
-        ASIdentifierChoice *rdi;
-} ASIdentifiers;
-.Ed
-.Pp
-It should be instantiated with
-.Xr ASIdentifiers_new 3
-and populated with
-.Xr X509v3_asid_add_id_or_range 3 .
-.Pp
-.Fn d2i_ASRange ,
-.Fn i2d_ASRange ,
-.Fn d2i_ASIdOrRange ,
-.Fn i2d_ASIdOrRange ,
-.Fn d2i_ASIdentifierChoice ,
-and
-.Fn i2d_ASIdentifierChoice
-decode and encode ASN.1
-.Vt ASRange ,
-.Vt ASIdOrRange ,
-and
-.Vt ASIdentifierChoice
-objects.
-For details about the semantics, examples, caveats, and bugs, see
-.Xr ASN1_item_d2i 3 .
-In order for the encoding produced by
-.Fn i2d_ASRange
-to be correct,
-.Fa min
-must be strictly less than
-.Fa max .
-Similarly for
-.Fn i2d_ASIdOrRange
-and an
-.Fa ASIdOrRange
-object of
-.Fa type
-.Dv ASIdOrRange_range .
-.Sh RETURN VALUES
-.Fn ASRange_new
-returns a new
-.Vt ASRange
-object with allocated, empty members, or
-.Dv NULL
-if an error occurs.
-.Pp
-.Fn ASIdOrRange_new
-returns a new, empty
-.Vt ASIdOrRange
-object or
-.Dv NULL
-if an error occurs.
-.Pp
-.Fn ASIdentifierChoice_new
-returns a new, empty
-.Vt ASIdentifierChoice
-object or
-.Dv NULL
-if an error occurs.
-.Pp
-The decoding functions
-.Fn d2i_ASRange ,
-.Fn d2i_ASIdOrRange ,
-and
-.Fn d2i_ASIdentifierChoice
-return an
-.Vt ASRange ,
-an
-.Vt ASIdOrRange ,
-or an
-.Vt ASIdentifierChoice ,
-object, respectively,
-or
-.Dv NULL
-if an error occurs.
-.Pp
-The encoding functions
-.Fn i2d_ASRange ,
-.Fn i2d_ASIdOrRange ,
-and
-.Fn i2d_ASIdentifierChoice
-return the number of bytes successfully encoded
-or a value <= 0 if an error occurs.
-.Sh SEE ALSO
-.Xr ASIdentifiers_new 3 ,
-.Xr ASN1_INTEGER_set_uint64 3 ,
-.Xr crypto 3 ,
-.Xr IPAddressRange_new 3 ,
-.Xr s2i_ASN1_INTEGER 3 ,
-.Xr STACK_OF 3 ,
-.Xr X509_new 3 ,
-.Xr X509v3_asid_add_id_or_range 3
-.Sh STANDARDS
-RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
-.Bl -dash -compact
-.It
-section 3.2.3: Syntax
-.It
-section 3.2.3.1: Type ASIdentifiers
-.It
-section 3.2.3.2: Elements asnum, rdi, and Type ASIdentifierChoice
-.It
-section 3.2.3.3: Element inherit
-.It
-section 3.2.3.4: Element asIdsOrRanges
-.It
-section 3.2.3.5: Type ASIdOrRange
-.It
-section 3.2.3.6: Element id
-.It
-section 3.2.3.7: Element range
-.It
-section 3.2.3.8: Type ASRange
-.It
-section 3.2.3.9: Elements min and max
-.El
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.8e
-and have been available since
-.Ox 7.1 .
-.Sh BUGS
-An
-.Fn ASIdOrRanges_new
-function that installs the correct comparison function
-on the stack of
-.Vt ASIdOrRange
-should have been part of the API to make it usable.
-.Pp
-.Fn ASIdentifierChoice_new
-is of very limited use because
-.Fn ASIdOrRanges_new
-is missing.
-.Pp
-There is no way of ensuring that an
-.Vt ASIdOrRanges
-object is in canonical form unless it is part of an
-.Vt ASIdentifiers
-object.
-It is therefore difficult to guarantee that the output of
-.Fn i2d_ASIdentifierChoice
-is conformant.
-.Pp
-RFC 3779 3.2.3.4 has
-.Dq Fa asIdsOrRanges
-while its type in this implementation is
-.Vt ASIdOrRanges .

diff --git a/src/lib/libcrypto/man/ASRange_new.3 b/src/lib/libcrypto/man/ASRange_new.3 deleted file mode 100644 index dc58c98e58..0000000000 --- a/src/lib/libcrypto/man/ASRange_new.3 +++ /dev/null
@@ -1,410 +0,0 @@
1	.\" $OpenBSD: ASRange_new.3,v 1.8 2023/10/11 12:06:11 tb Exp $
2	.\"
3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: October 11 2023 $
18	.Dt ASRANGE_NEW 3
19	.Os
20	.Sh NAME
21	.Nm ASRange_new ,
22	.Nm ASRange_free ,
23	.Nm d2i_ASRange ,
24	.Nm i2d_ASRange ,
25	.Nm ASIdOrRange_new ,
26	.Nm ASIdOrRange_free ,
27	.Nm d2i_ASIdOrRange ,
28	.Nm i2d_ASIdOrRange ,
29	.Nm ASIdentifierChoice_new ,
30	.Nm ASIdentifierChoice_free ,
31	.Nm d2i_ASIdentifierChoice ,
32	.Nm i2d_ASIdentifierChoice
33	.Nd RFC 3779 autonomous system identifiers and ranges
34	.Sh SYNOPSIS
35	.In openssl/x509v3.h
36	.Ft "ASRange *"
37	.Fn ASRange_new void
38	.Ft void
39	.Fn ASRange_free "ASRange *asrange"
40	.Ft ASRange *
41	.Fo d2i_ASRange
42	.Fa "ASRange **asrange"
43	.Fa "const unsigned char **der_in"
44	.Fa "long length"
45	.Fc
46	.Ft int
47	.Fo i2d_ASRange
48	.Fa "ASRange *asrange"
49	.Fa "unsigned char **der_out"
50	.Fc
51	.Ft "ASIdOrRange *"
52	.Fn ASIdOrRange_new void
53	.Ft void
54	.Fn ASIdOrRange_free "ASIdOrRange *aor"
55	.Ft ASIdOrRange *
56	.Fo d2i_ASIdOrRange
57	.Fa "ASIdOrRange **aor"
58	.Fa "const unsigned char **der_in"
59	.Fa "long length"
60	.Fc
61	.Ft int
62	.Fo i2d_ASIdOrRange
63	.Fa "ASIdOrRange *aor"
64	.Fa "unsigned char **der_out"
65	.Fc
66	.Ft "ASIdentifierChoice *"
67	.Fn ASIdentifierChoice_new void
68	.Ft void
69	.Fn ASIdentifierChoice_free "ASIdentifierChoice *aic"
70	.Ft ASIdentifierChoice *
71	.Fo d2i_ASIdentifierChoice
72	.Fa "ASIdentifierChoice **aic"
73	.Fa "const unsigned char **der_in"
74	.Fa "long length"
75	.Fc
76	.Ft int
77	.Fo i2d_ASIdentifierChoice
78	.Fa "ASIdentifierChoice *aic"
79	.Fa "unsigned char **der_out"
80	.Fc
81	.Sh DESCRIPTION
82	.Vt ASRange ,
83	.Vt ASIdOrRange ,
84	and
85	.Vt ASIdentifierChoice
86	are building blocks of the
87	.Vt ASIdentifiers
88	type representing the RFC 3779
89	autonomous system identifier delegation extension.
90	.Pp
91	All
92	.Vt ASN1_INTEGER Ns s
93	in this manual must be representable as unsigned 32-bit integers.
94	The API performs no corresponding checks.
95	An
96	.Vt ASN1_INTEGER
97	can be set using
98	.Xr ASN1_INTEGER_set_uint64 3 .
99	.Pp
100	The
101	.Vt ASRange
102	type defined in RFC 3779 section 3.2.3.8 is implemented as
103	.Bd -literal -offset indent
104	typedef struct ASRange_st {
105	ASN1_INTEGER *min;
106	ASN1_INTEGER *max;
107	} ASRange;
108	.Ed
109	.Pp
110	It represents the closed range [min,max] of AS identifiers between
111	.Fa min
112	and
113	.Fa max ,
114	where
115	.Fa min
116	should be strictly smaller than
117	.Fa max .
118	.Pp
119	.Fn ASRange_new
120	allocates a new
121	.Vt ASRange
122	object with allocated, empty
123	.Fa min
124	and
125	.Fa max ,
126	thus representing the invalid range [0,0].
127	.Pp
128	.Fn ASRange_free
129	frees
130	.Fa asrange
131	including any data contained in it.
132	If
133	.Fa asrange
134	is
135	.Dv NULL ,
136	no action occurs.
137	.Pp
138	The
139	.Vt ASIdOrRange
140	type defined in RFC 3779 section 3.2.3.5 is implemented as
141	.Bd -literal -offset indent
142	typedef struct ASIdOrRange_st {
143	int type;
144	union {
145	ASN1_INTEGER *id;
146	ASRange *range;
147	} u;
148	} ASIdOrRange;
149	.Ed
150	.Pp
151	representing an individual AS identifier or a range.
152	When populating an
153	.Vt ASIdOrRange
154	object by hand, its
155	.Fa type
156	should be set to
157	.Dv ASIdOrRange_id
158	or
159	.Dv ASIdOrRange_range
160	to indicate which member of the union
161	.Fa u
162	is valid.
163	.Pp
164	.Fn ASIdOrRange_new
165	returns a new
166	.Vt ASIdOrRange
167	object with invalid type and
168	.Dv NULL
169	members of the union
170	.Fa u .
171	.Pp
172	.Fn ASIdOrRange_free
173	frees
174	.Fa aor
175	including any data contained in it,
176	provided
177	.Fa type
178	is set correctly.
179	If
180	.Fa asrange
181	is
182	.Dv NULL ,
183	no action occurs.
184	.Pp
185	In order to express a list of AS identifiers and ranges,
186	RFC 3779 section 3.2.3.4
187	uses an ASN.1 SEQUENCE,
188	which is implemented via a
189	.Xr STACK_OF 3
190	construction over
191	.Vt ASIdOrRange :
192	.Bd -literal -offset indent
193	typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
194	.Ed
195	.Pp
196	Since an
197	.Vt ASIdOrRanges
198	object should be sorted in a specific way (see
199	.Xr X509v3_asid_canonize 3 Ns ),
200	a comparison function is needed for a correct instantiation
201	with
202	.Xr sk_new 3 .
203	The
204	.Fn ASIdOrRange_cmp
205	function is not directly exposed and not easily accessible
206	from outside the library,
207	and it is non-trivial to implement.
208	It is therefore discouraged to use
209	.Vt ASIdOrRanges
210	objects that are not part of an
211	.Vt ASIdentifiers
212	object.
213	.Pp
214	The
215	.Dq inherit
216	marker from RFC 3779 section 3.2.3.3 is implemented as
217	.Vt ASN1_NULL .
218	It has no dedicated type or API and can be instantiated with
219	.Xr ASN1_NULL_new 3 .
220	.Pp
221	The
222	.Vt ASIdentifierChoice
223	type defined in RFC 3779 section 3.2.3.2 is implemented as
224	.Bd -literal -offset indent
225	typedef struct ASIdentifierChoice_st {
226	int type;
227	union {
228	ASN1_NULL *inherit;
229	ASIdOrRanges *asIdsOrRanges;
230	} u;
231	} ASIdentifierChoice;
232	.Ed
233	.Pp
234	where the
235	.Fa type
236	member should be set to
237	.Dv ASIdentifierChoice_inherit
238	or
239	.Dv ASIdentifierChoice_asIdsOrRanges
240	to indicate whether a given
241	.Vt ASIdentifierChoice
242	object represents an inherited list or an explicit list.
243	.Pp
244	.Fn ASIdentifierChoice_new
245	returns a new
246	.Vt ASIdentifierChoice
247	object with invalid type and
248	.Dv NULL
249	members of the union
250	.Fa u .
251	.Pp
252	.Fn ASIdentifierChoice_free
253	frees
254	.Fa aic
255	including any data contained in it,
256	provided
257	.Fa type
258	is set correctly.
259	.Pp
260	The
261	.Vt ASIdentifiers
262	type defined in RFC 3779 section 3.2.3.1 is implemented as
263	.Bd -literal -offset indent
264	typedef struct ASIdentifiers_st {
265	ASIdentifierChoice *asnum;
266	ASIdentifierChoice *rdi;
267	} ASIdentifiers;
268	.Ed
269	.Pp
270	It should be instantiated with
271	.Xr ASIdentifiers_new 3
272	and populated with
273	.Xr X509v3_asid_add_id_or_range 3 .
274	.Pp
275	.Fn d2i_ASRange ,
276	.Fn i2d_ASRange ,
277	.Fn d2i_ASIdOrRange ,
278	.Fn i2d_ASIdOrRange ,
279	.Fn d2i_ASIdentifierChoice ,
280	and
281	.Fn i2d_ASIdentifierChoice
282	decode and encode ASN.1
283	.Vt ASRange ,
284	.Vt ASIdOrRange ,
285	and
286	.Vt ASIdentifierChoice
287	objects.
288	For details about the semantics, examples, caveats, and bugs, see
289	.Xr ASN1_item_d2i 3 .
290	In order for the encoding produced by
291	.Fn i2d_ASRange
292	to be correct,
293	.Fa min
294	must be strictly less than
295	.Fa max .
296	Similarly for
297	.Fn i2d_ASIdOrRange
298	and an
299	.Fa ASIdOrRange
300	object of
301	.Fa type
302	.Dv ASIdOrRange_range .
303	.Sh RETURN VALUES
304	.Fn ASRange_new
305	returns a new
306	.Vt ASRange
307	object with allocated, empty members, or
308	.Dv NULL
309	if an error occurs.
310	.Pp
311	.Fn ASIdOrRange_new
312	returns a new, empty
313	.Vt ASIdOrRange
314	object or
315	.Dv NULL
316	if an error occurs.
317	.Pp
318	.Fn ASIdentifierChoice_new
319	returns a new, empty
320	.Vt ASIdentifierChoice
321	object or
322	.Dv NULL
323	if an error occurs.
324	.Pp
325	The decoding functions
326	.Fn d2i_ASRange ,
327	.Fn d2i_ASIdOrRange ,
328	and
329	.Fn d2i_ASIdentifierChoice
330	return an
331	.Vt ASRange ,
332	an
333	.Vt ASIdOrRange ,
334	or an
335	.Vt ASIdentifierChoice ,
336	object, respectively,
337	or
338	.Dv NULL
339	if an error occurs.
340	.Pp
341	The encoding functions
342	.Fn i2d_ASRange ,
343	.Fn i2d_ASIdOrRange ,
344	and
345	.Fn i2d_ASIdentifierChoice
346	return the number of bytes successfully encoded
347	or a value <= 0 if an error occurs.
348	.Sh SEE ALSO
349	.Xr ASIdentifiers_new 3 ,
350	.Xr ASN1_INTEGER_set_uint64 3 ,
351	.Xr crypto 3 ,
352	.Xr IPAddressRange_new 3 ,
353	.Xr s2i_ASN1_INTEGER 3 ,
354	.Xr STACK_OF 3 ,
355	.Xr X509_new 3 ,
356	.Xr X509v3_asid_add_id_or_range 3
357	.Sh STANDARDS
358	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
359	.Bl -dash -compact
360	.It
361	section 3.2.3: Syntax
362	.It
363	section 3.2.3.1: Type ASIdentifiers
364	.It
365	section 3.2.3.2: Elements asnum, rdi, and Type ASIdentifierChoice
366	.It
367	section 3.2.3.3: Element inherit
368	.It
369	section 3.2.3.4: Element asIdsOrRanges
370	.It
371	section 3.2.3.5: Type ASIdOrRange
372	.It
373	section 3.2.3.6: Element id
374	.It
375	section 3.2.3.7: Element range
376	.It
377	section 3.2.3.8: Type ASRange
378	.It
379	section 3.2.3.9: Elements min and max
380	.El
381	.Sh HISTORY
382	These functions first appeared in OpenSSL 0.9.8e
383	and have been available since
384	.Ox 7.1 .
385	.Sh BUGS
386	An
387	.Fn ASIdOrRanges_new
388	function that installs the correct comparison function
389	on the stack of
390	.Vt ASIdOrRange
391	should have been part of the API to make it usable.
392	.Pp
393	.Fn ASIdentifierChoice_new
394	is of very limited use because
395	.Fn ASIdOrRanges_new
396	is missing.
397	.Pp
398	There is no way of ensuring that an
399	.Vt ASIdOrRanges
400	object is in canonical form unless it is part of an
401	.Vt ASIdentifiers
402	object.
403	It is therefore difficult to guarantee that the output of
404	.Fn i2d_ASIdentifierChoice
405	is conformant.
406	.Pp
407	RFC 3779 3.2.3.4 has
408	.Dq Fa asIdsOrRanges
409	while its type in this implementation is
410	.Vt ASIdOrRanges .