From 350a306838dd302c93523554d6af8e60ad70d1a9 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Sun, 25 Dec 2016 22:15:11 +0000 Subject: Consistently mark up various ASN.1 type names defined in standards related to X.509 with .Vt such that they can be searched for. --- lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 | 14 ++++--- lib/libcrypto/man/ASN1_STRING_length.3 | 30 +++++++------- lib/libcrypto/man/ASN1_generate_nconf.3 | 25 ++++++++---- lib/libcrypto/man/AUTHORITY_KEYID_new.3 | 9 +++-- lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 | 9 +++-- lib/libcrypto/man/DIST_POINT_new.3 | 24 +++++++----- lib/libcrypto/man/ESS_SIGNING_CERT_new.3 | 24 +++++++----- lib/libcrypto/man/EVP_EncryptInit.3 | 13 ++++--- lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 11 +++--- lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 | 9 +++-- lib/libcrypto/man/GENERAL_NAME_new.3 | 38 +++++++++++------- lib/libcrypto/man/NAME_CONSTRAINTS_new.3 | 14 ++++--- lib/libcrypto/man/OCSP_CRLID_new.3 | 19 ++++++--- lib/libcrypto/man/OCSP_REQUEST_new.3 | 20 +++++++--- lib/libcrypto/man/OCSP_SERVICELOC_new.3 | 25 +++++++----- lib/libcrypto/man/OCSP_cert_to_id.3 | 8 ++-- lib/libcrypto/man/OCSP_resp_find_status.3 | 16 +++++--- lib/libcrypto/man/OCSP_response_status.3 | 24 ++++++++---- lib/libcrypto/man/PEM_read_bio_PrivateKey.3 | 39 ++++++++++++------- lib/libcrypto/man/PKCS12_SAFEBAG_new.3 | 13 ++++--- lib/libcrypto/man/PKCS12_new.3 | 13 ++++--- lib/libcrypto/man/PKCS7_new.3 | 54 +++++++++++++++----------- lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 | 9 +++-- lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 | 14 ++++--- lib/libcrypto/man/POLICYINFO_new.3 | 34 +++++++++------- lib/libcrypto/man/PROXY_POLICY_new.3 | 14 ++++--- lib/libcrypto/man/RSA_PSS_PARAMS_new.3 | 9 +++-- lib/libcrypto/man/TS_REQ_new.3 | 34 +++++++++------- lib/libcrypto/man/X509_ALGOR_dup.3 | 9 +++-- lib/libcrypto/man/X509_CINF_new.3 | 14 ++++--- lib/libcrypto/man/X509_CRL_new.3 | 14 ++++--- lib/libcrypto/man/X509_EXTENSION_set_object.3 | 9 +++-- lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 | 18 +++++---- lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 | 8 ++-- lib/libcrypto/man/X509_NAME_get_index_by_NID.3 | 13 ++++--- lib/libcrypto/man/X509_NAME_new.3 | 17 +++++--- lib/libcrypto/man/X509_NAME_print_ex.3 | 8 ++-- lib/libcrypto/man/X509_PUBKEY_new.3 | 19 +++++---- lib/libcrypto/man/X509_REQ_new.3 | 14 ++++--- lib/libcrypto/man/X509_REVOKED_new.3 | 9 +++-- lib/libcrypto/man/X509_SIG_new.3 | 10 +++-- lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 8 ++-- lib/libcrypto/man/X509_new.3 | 9 +++-- lib/libcrypto/man/d2i_RSAPublicKey.3 | 15 ++++--- lib/libcrypto/man/d2i_X509_ALGOR.3 | 8 ++-- lib/libcrypto/man/d2i_X509_NAME.3 | 12 ++++-- lib/libcrypto/man/d2i_X509_SIG.3 | 6 +-- lib/libcrypto/man/x509v3.cnf.5 | 11 ++++-- 48 files changed, 481 insertions(+), 315 deletions(-) (limited to 'lib/libcrypto/man') diff --git a/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 index 18e50e24c0f..8a829a5e2dd 100644 --- a/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 +++ b/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.1 2016/12/23 22:21:40 schwarze Exp $ +.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt ACCESS_DESCRIPTION_NEW 3 .Os .Sh NAME @@ -42,8 +42,9 @@ policy data. .Fn ACCESS_DESCRIPTION_new allocates and initializes an empty .Vt ACCESS_DESCRIPTION -object, representing an ASN.1 AccessDescription structure -defined in RFC 5280 section 4.2.2.1. +object, representing an ASN.1 +.Vt AccessDescription +structure defined in RFC 5280 section 4.2.2.1. It can hold a pointer to a .Vt GENERAL_NAME object documented in @@ -90,8 +91,9 @@ allocates and initializes an empty .Vt AUTHORITY_INFO_ACCESS object, which is a .Vt STACK_OF(ACCESS_DESCRIPTION) -and represents an ASN.1 AuthorityInfoAccessSyntax structure -defined in RFC 5280 section 4.2.2.1. +and represents an ASN.1 +.Vt AuthorityInfoAccessSyntax +structure defined in RFC 5280 section 4.2.2.1. If can be used for the authority information access extension of certificates and certificate revocation lists and for the subject information access extension of certificates. diff --git a/lib/libcrypto/man/ASN1_STRING_length.3 b/lib/libcrypto/man/ASN1_STRING_length.3 index f43d61819f0..2c797481d71 100644 --- a/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_STRING_length.3,v 1.5 2016/11/10 11:44:52 schwarze Exp $ +.\" $OpenBSD: ASN1_STRING_length.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 99d63d46 Tue Jun 21 07:03:34 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson. @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 10 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt ASN1_STRING_LENGTH 3 .Os .Sh NAME @@ -182,12 +182,11 @@ and the functions call the .Vt ASN1_STRING equivalents. .Vt ASN1_STRING -is also used for some -.Sy CHOICE -types which consist entirely of primitive string types such as -.Sy DirectoryString +is also used for some CHOICE types which consist entirely of primitive +string types such as +.Vt DirectoryString and -.Sy Time . +.Vt Time . .Pp These functions should .Em not @@ -195,19 +194,20 @@ be used to examine or modify .Vt ASN1_INTEGER or .Vt ASN1_ENUMERATED -types: the relevant -.Sy INTEGER -or -.Sy ENUMERATED -utility functions should be used instead. +types: the relevant INTEGER or ENUMERATED utility functions should +be used instead. .Pp In general it cannot be assumed that the data returned by .Fn ASN1_STRING_data is NUL terminated, and it may contain embedded NUL characters. The actual format of the data will depend on the actual string type itself: -for example for an IA5String the data will be ASCII, -for a BMPString two bytes per character in big endian format, -UTF8String will be in UTF8 format. +for example for an +.Vt IA5String +the data will be ASCII, for a +.Vt BMPString +two bytes per character in big endian format, and a +.Vt UTF8String +will be in UTF8 format. .Pp Similar care should be take to ensure the data is in the correct format when calling diff --git a/lib/libcrypto/man/ASN1_generate_nconf.3 b/lib/libcrypto/man/ASN1_generate_nconf.3 index bcf55d724b0..5e1ba0a8179 100644 --- a/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_generate_nconf.3,v 1.8 2016/12/11 18:06:09 schwarze Exp $ +.\" $OpenBSD: ASN1_generate_nconf.3,v 1.9 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 05ea606a Fri May 20 20:52:46 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson. @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 11 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt ASN1_GENERATE_NCONF 3 .Os .Sh NAME @@ -285,15 +285,20 @@ if an error occurred. The error codes can be obtained by .Xr ERR_get_error 3 . .Sh EXAMPLES -A simple IA5String: +A simple +.Vt IA5String : .Pp .Dl IA5STRING:Hello World .Pp -An IA5String explicitly tagged: +An +.Vt IA5String +explicitly tagged: .Pp .Dl EXPLICIT:0,IA5STRING:Hello World .Pp -An IA5String explicitly tagged using APPLICATION tagging: +An +.Vt IA5String +explicitly tagged using APPLICATION tagging: .Pp .Dl EXPLICIT:0A,IA5STRING:Hello World .Pp @@ -302,7 +307,8 @@ A BITSTRING with bits 1 and 5 set and all others zero: .Dl FORMAT:BITLIST,BITSTRING:1,5 .Pp A more complex example using a config file to produce a -SEQUENCE consisting of a BOOL an OID and a UTF8String: +SEQUENCE consisting of a BOOL an OID and a +.Vt UTF8String : .Bd -literal -offset indent asn1 = SEQUENCE:seq_section @@ -313,7 +319,9 @@ field2 = OID:commonName field3 = UTF8:Third field .Ed .Pp -This example produces an RSAPrivateKey structure. +This example produces an +.Vt RSAPrivateKey +structure. This is the key contained in the file .Pa client.pem in all OpenSSL distributions. @@ -349,7 +357,8 @@ coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e 628657053A .Ed .Pp -This example is the corresponding public key in a SubjectPublicKeyInfo +This example is the corresponding public key in an ASN.1 +.Vt SubjectPublicKeyInfo structure: .Bd -literal -offset 2n # Start with a SEQUENCE diff --git a/lib/libcrypto/man/AUTHORITY_KEYID_new.3 b/lib/libcrypto/man/AUTHORITY_KEYID_new.3 index 5186fea0f31..94d6e14abb7 100644 --- a/lib/libcrypto/man/AUTHORITY_KEYID_new.3 +++ b/lib/libcrypto/man/AUTHORITY_KEYID_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: AUTHORITY_KEYID_new.3,v 1.1 2016/12/23 14:37:08 schwarze Exp $ +.\" $OpenBSD: AUTHORITY_KEYID_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt AUTHORITY_KEYID_NEW 3 .Os .Sh NAME @@ -35,8 +35,9 @@ for signing it. .Fn AUTHORITY_KEYID_new allocates and initializes an empty .Vt AUTHORITY_KEYID -object, representing an ASN.1 AuthorityKeyIdentifier structure -defined in RFC 5280 section 4.2.1.1. +object, representing an ASN.1 +.Vt AuthorityKeyIdentifier +structure defined in RFC 5280 section 4.2.1.1. It can hold an issuer name, a serial number, and a key identifier. .Pp .Fn AUTHORITY_KEYID_free diff --git a/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 b/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 index 1293be0050c..c133bb1c35f 100644 --- a/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 +++ b/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.1 2016/12/23 17:02:41 schwarze Exp $ +.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt BASIC_CONSTRAINTS_NEW 3 .Os .Sh NAME @@ -31,8 +31,9 @@ .Fn BASIC_CONSTRAINTS_new allocates and initializes an empty .Vt BASIC_CONSTRAINTS -object, representing an ASN.1 BasicConstraints structure -defined in RFC 5280 section 4.2.1.9. +object, representing an ASN.1 +.Vt BasicConstraints +structure defined in RFC 5280 section 4.2.1.9. .Pp This object contains two fields. The field diff --git a/lib/libcrypto/man/DIST_POINT_new.3 b/lib/libcrypto/man/DIST_POINT_new.3 index 8498e5a7d0b..bbd4855e117 100644 --- a/lib/libcrypto/man/DIST_POINT_new.3 +++ b/lib/libcrypto/man/DIST_POINT_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DIST_POINT_new.3,v 1.1 2016/12/23 15:25:19 schwarze Exp $ +.\" $OpenBSD: DIST_POINT_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt DIST_POINT_NEW 3 .Os .Sh NAME @@ -52,8 +52,9 @@ where to obtain certificate revocation lists that might later revoke it. .Fn DIST_POINT_new allocates and initializes an empty .Vt DIST_POINT -object, representing an ASN.1 DistributionPoint structure -defined in RFC 5280 section 4.2.1.13. +object, representing an ASN.1 +.Vt DistributionPoint +structure defined in RFC 5280 section 4.2.1.13. It can hold issuer names, distribution point names, and reason flags. .Fn DIST_POINT_free frees @@ -64,8 +65,9 @@ allocates and initializes an empty .Vt CRL_DIST_POINTS object, which is a .Vt STACK_OF(DIST_POINT) -and represents the ASN.1 CRLDistributionPoints structure -defined in RFC 5280 section 4.2.1.13. +and represents the ASN.1 +.Vt CRLDistributionPoints +structure defined in RFC 5280 section 4.2.1.13. It can be used as an extension in .Vt X509 and in @@ -78,8 +80,9 @@ frees .Fn DIST_POINT_NAME_new allocates and initializes an empty .Vt DIST_POINT_NAME -object, representing an ASN.1 DistributionPointName structure -defined in RFC 5280 section 4.2.1.13. +object, representing an ASN.1 +.Vt DistributionPointName +structure defined in RFC 5280 section 4.2.1.13. It is used by the .Vt DIST_POINT and @@ -93,8 +96,9 @@ frees .Fn ISSUING_DIST_POINT_new allocates and initializes an empty .Vt ISSUING_DIST_POINT -object, representing an ASN.1 IssuingDistributionPoint structure -defined in RFC 5280 section 5.2.5. +object, representing an ASN.1 +.Vt IssuingDistributionPoint +structure defined in RFC 5280 section 5.2.5. Using this extension, a CRL can specify which distribution point it was issued from and which kinds of certificates and revocation reasons it covers. diff --git a/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 b/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 index 2e55f6cbed2..ae23b46c159 100644 --- a/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 +++ b/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.2 2016/12/14 07:00:35 jmc Exp $ +.\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt ESS_SIGNING_CERT_NEW 3 .Os .Sh NAME @@ -41,14 +41,16 @@ .Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial" .Sh DESCRIPTION The signing certificate may be included in the signedAttributes -field of a SignerInfo structure to mitigate simple substitution and -re-issue attacks. +field of a +.Vt SignerInfo +structure to mitigate simple substitution and re-issue attacks. .Pp .Fn ESS_SIGNING_CERT_new allocates and initializes an empty .Vt ESS_SIGNING_CERT -object, representing an ASN.1 SigningCertificate structure -defined in RFC 2634 section 5.4. +object, representing an ASN.1 +.Vt SigningCertificate +structure defined in RFC 2634 section 5.4. It can hold the certificate used for signing the data, additional authorization certificates that can be used during validation, and policies applying to the certificate. @@ -59,8 +61,9 @@ frees .Fn ESS_CERT_ID_new allocates and initializes an empty .Vt ESS_CERT_ID -object, representing an ASN.1 ESSCertID structure -defined in RFC 2634 section 5.4.1. +object, representing an ASN.1 +.Vt ESSCertID +structure defined in RFC 2634 section 5.4.1. Such objects can be used inside .Vt ESS_SIGNING_CERT objects, and each one can hold a SHA1 hash of one certificate. @@ -71,8 +74,9 @@ frees .Fn ESS_ISSUER_SERIAL_new allocates and initializes an empty .Vt ESS_ISSUER_SERIAL -object, representing an ASN.1 IssuerSerial structure -defined in RFC 2634 section 5.4.1. +object, representing an ASN.1 +.Vt IssuerSerial +structure defined in RFC 2634 section 5.4.1. It can hold an issuer name and a serial number and can be included in an .Vt ESS_CERT_ID object, which is useful for additional authorization certificates, diff --git a/lib/libcrypto/man/EVP_EncryptInit.3 b/lib/libcrypto/man/EVP_EncryptInit.3 index 1a7fe40a66b..c328edf4f6d 100644 --- a/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.4 2016/11/26 20:26:25 schwarze Exp $ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 26 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME @@ -664,7 +664,9 @@ If the cipher is a stream cipher then is returned. .Pp .Fn EVP_CIPHER_param_to_asn1 -sets the AlgorithmIdentifier "parameter" based on the passed cipher. +sets the ASN.1 +.Vt AlgorithmIdentifier +parameter based on the passed cipher. This will typically include any parameters and an IV. The cipher IV (if any) must be set when this call is made. This call should be made before the cipher is actually "used" (before any @@ -675,8 +677,9 @@ calls, for example). This function may fail if the cipher does not have any ASN.1 support. .Pp .Fn EVP_CIPHER_asn1_to_param -sets the cipher parameters based on an ASN.1 AlgorithmIdentifier -"parameter". +sets the cipher parameters based on an ASN.1 +.Vt AlgorithmIdentifier +parameter. The precise effect depends on the cipher. In the case of RC2, for example, it will set the IV and effective key length. diff --git a/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 0ed3678a99d..0c30fcb5ef0 100644 --- a/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.5 2016/11/27 15:27:19 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL e03af178 Dec 11 17:05:57 2014 -0500 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 27 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt EVP_PKEY_CTX_CTRL 3 .Os .Sh NAME @@ -205,9 +205,10 @@ Two RSA padding modes behave differently if .Fn EVP_PKEY_CTX_set_signature_md is used. If this macro is called for PKCS#1 padding, the plaintext buffer is an -actual digest value and is encapsulated in a DigestInfo structure -according to PKCS#1 when signing and this structure is expected (and -stripped off) when verifying. +actual digest value and is encapsulated in a +.Vt DigestInfo +structure according to PKCS#1 when signing and this structure is +expected (and stripped off) when verifying. If this control is not used with RSA and PKCS#1 padding then the supplied data is used directly and not encapsulated. In the case of X9.31 padding for RSA the algorithm identifier byte is diff --git a/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 b/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 index ae986839fb5..8910fb58f80 100644 --- a/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 +++ b/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.1 2016/12/23 20:43:02 schwarze Exp $ +.\" $OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt EXTENDED_KEY_USAGE_NEW 3 .Os .Sh NAME @@ -41,8 +41,9 @@ allocates and initializes an empty .Vt EXTENDED_KEY_USAGE object, which is a .Vt STACK_OF(ASN1_OBJECT) -and represents an ASN.1 ExtKeyUsageSyntax structure -defined in RFC 5280 section 4.2.1.12. +and represents an ASN.1 +.Vt ExtKeyUsageSyntax +structure defined in RFC 5280 section 4.2.1.12. It can hold key purpose identifiers. .Pp .Fn EXTENDED_KEY_USAGE_free diff --git a/lib/libcrypto/man/GENERAL_NAME_new.3 b/lib/libcrypto/man/GENERAL_NAME_new.3 index c4e8fce764c..a5537323aef 100644 --- a/lib/libcrypto/man/GENERAL_NAME_new.3 +++ b/lib/libcrypto/man/GENERAL_NAME_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: GENERAL_NAME_new.3,v 1.1 2016/12/23 00:40:16 schwarze Exp $ +.\" $OpenBSD: GENERAL_NAME_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt GENERAL_NAME_NEW 3 .Os .Sh NAME @@ -46,21 +46,26 @@ .Ft void .Fn OTHERNAME_free "OTHERNAME *name" .Sh DESCRIPTION -Even though the X.501 Name documented in +Even though the X.501 +.Vt Name +documented in .Xr X509_NAME_new 3 is a complicated multi-layered structure, it is very rigid and not flexible enough to represent various entities that many people want to use as names in certificates. -For that reason, X.509 extensions use the X.509 GeneralName -wrapper structure rather than using the X.501 Name structure -directly, at the expense of adding one or two additional layers -of indirection. +For that reason, X.509 extensions use the X.509 +.Vt GeneralName +wrapper structure rather than using the X.501 +.Vt Name +structure directly, at the expense of adding one or two additional +layers of indirection. .Pp .Fn GENERAL_NAME_new allocates and initializes an empty .Vt GENERAL_NAME -object, representing the ASN.1 GeneralName structure -defined in RFC 5280 section 4.2.1.6. +object, representing the ASN.1 +.Vt GeneralName +structure defined in RFC 5280 section 4.2.1.6. It can for example hold an .Vt X509_name object, an IP address, a DNS host name, a uniform resource identifier, @@ -78,8 +83,9 @@ allocates and initializes an empty .Vt GENERAL_NAMES object, which is a .Vt STACK_OF(GENERAL_NAME) -and represents the ASN.1 GeneralNames structure -defined in RFC 5280 section 4.2.1.6. +and represents the ASN.1 +.Vt GeneralNames +structure defined in RFC 5280 section 4.2.1.6. It is used by extension structures that can contain multiple names, for example key identifier, alternative name, and distribution point extensions. @@ -90,8 +96,9 @@ frees .Fn EDIPARTYNAME_new allocates and initializes an empty .Vt EDIPARTYNAME -object, representing the ASN.1 EDIPartyName structure -defined in RFC 5280 section 4.2.1.6, where +object, representing the ASN.1 +.Vt EDIPartyName +structure defined in RFC 5280 section 4.2.1.6, where .Dq EDI stands for .Dq electronic data identifier . @@ -104,8 +111,9 @@ frees .Fn OTHERNAME_new allocates and initializes an empty .Vt OTHERNAME -object, representing the ASN.1 OtherName structure -defined in RFC 5280 section 4.2.1.6. +object, representing the ASN.1 +.Vt OtherName +structure defined in RFC 5280 section 4.2.1.6. It can hold data of any .Vt ASN1_TYPE together with a type identifier. diff --git a/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 b/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 index 1105bead0bf..5ef737cb4ed 100644 --- a/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 +++ b/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: NAME_CONSTRAINTS_new.3,v 1.1 2016/12/23 17:41:29 schwarze Exp $ +.\" $OpenBSD: NAME_CONSTRAINTS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt NAME_CONSTRAINTS_NEW 3 .Os .Sh NAME @@ -41,8 +41,9 @@ certification path. .Fn NAME_CONSTRAINTS_new allocates and initializes an empty .Vt NAME_CONSTRAINTS -object, representing an ASN.1 NameConstraints structure -defined in RFC 5280 section 4.2.1.10. +object, representing an ASN.1 +.Vt NameConstraints +structure defined in RFC 5280 section 4.2.1.10. It consists of two .Vt STACK_OF(GENERAL_SUBTREE) objects, one specifying permitted names, the other excluded names. @@ -53,8 +54,9 @@ frees .Fn GENERAL_SUBTREE_new allocates and initializes an empty .Vt GENERAL_SUBTREE -object, representing an ASN.1 GeneralSubtree structure -defined in RFC 5280 section 4.2.1.10. +object, representing an ASN.1 +.Vt GeneralSubtree +structure defined in RFC 5280 section 4.2.1.10. It is a trivial wrapper around the .Vt GENERAL_NAME object documented in diff --git a/lib/libcrypto/man/OCSP_CRLID_new.3 b/lib/libcrypto/man/OCSP_CRLID_new.3 index fbc54ec71aa..450b57c93ef 100644 --- a/lib/libcrypto/man/OCSP_CRLID_new.3 +++ b/lib/libcrypto/man/OCSP_CRLID_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_CRLID_new.3,v 1.2 2016/12/15 15:22:17 schwarze Exp $ +.\" $OpenBSD: OCSP_CRLID_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 15 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt OCSP_CRLID_NEW 3 .Os .Sh NAME @@ -38,9 +38,14 @@ If a client asks about the validity of a certificate and it turns out to be invalid, the responder may optionally communicate which certificate revocation list the certificate was found on. -The required data is stored as an ASN.1 CrlID structure in the -singleExtensions field of the SingleResponse structure. -The CrlID is represented by an +The required data is stored as an ASN.1 +.Vt CrlID +structure in the singleExtensions field of the +.Vt SingleResponse +structure. +The +.Vt CrlID +is represented by an .Vt OCSP_CRLID object, which will be stored inside the .Vt OCSP_SINGLERESP @@ -66,7 +71,9 @@ at which the CRL was created. Each argument can be .Dv NULL , in which case the respective field is omitted. -The resulting CrlID structure is encoded in ASN.1 using +The resulting +.Vt CrlID +structure is encoded in ASN.1 using .Xr X509V3_EXT_i2d 3 with criticality 0. .Sh RETURN VALUES diff --git a/lib/libcrypto/man/OCSP_REQUEST_new.3 b/lib/libcrypto/man/OCSP_REQUEST_new.3 index 0d0009186aa..664a7506650 100644 --- a/lib/libcrypto/man/OCSP_REQUEST_new.3 +++ b/lib/libcrypto/man/OCSP_REQUEST_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.6 2016/12/24 01:29:40 schwarze Exp $ +.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.7 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt OCSP_REQUEST_NEW 3 .Os .Sh NAME @@ -133,7 +133,9 @@ .Fn OCSP_REQUEST_new allocates and initializes an empty .Vt OCSP_REQUEST -object, representing an ASN.1 OCSPRequest structure defined in RFC 6960. +object, representing an ASN.1 +.Vt OCSPRequest +structure defined in RFC 6960. .Fn OCSP_REQUEST_free frees .Fa req . @@ -141,7 +143,9 @@ frees .Fn OCSP_SIGNATURE_new allocates and initializes an empty .Vt OCSP_SIGNATURE -object, representing an ASN.1 Signature structure defined in RFC 6960. +object, representing an ASN.1 +.Vt Signature +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_REQUEST . .Fn OCSP_SIGNATURE_free @@ -151,7 +155,9 @@ frees .Fn OCSP_REQINFO_new allocates and initializes an empty .Vt OCSP_REQINFO -object, representing an ASN.1 TBSRequest structure defined in RFC 6960. +object, representing an ASN.1 +.Vt TBSRequest +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_REQUEST . It asks about the validity of one or more certificates. @@ -162,7 +168,9 @@ frees .Fn OCSP_ONEREQ_new allocates and initializes an empty .Vt OCSP_ONEREQ -object, representing an ASN.1 Request structure defined in RFC 6960. +object, representing an ASN.1 +.Vt Request +structure defined in RFC 6960. Such objects are used inside .Vt OCSP_REQINFO . Each one asks about the validity of one certificiate. diff --git a/lib/libcrypto/man/OCSP_SERVICELOC_new.3 b/lib/libcrypto/man/OCSP_SERVICELOC_new.3 index 6179da3a5bc..5f42c781fd9 100644 --- a/lib/libcrypto/man/OCSP_SERVICELOC_new.3 +++ b/lib/libcrypto/man/OCSP_SERVICELOC_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.4 2016/12/15 15:22:17 schwarze Exp $ +.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 15 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt OCSP_SERVICELOC_NEW 3 .Os .Sh NAME @@ -38,10 +38,14 @@ Due to restrictions of network routing, a client may be unable to directly contact the authoritative OCSP server for a certificate that needs to be checked. In that case, the request can be sent via a proxy server. -An ASN.1 ServiceLocator structure is included in the -singleRequestExtensions field of the Request structure to indicate -where to forward the request. -The ServiceLocator is represented by a +An ASN.1 +.Vt ServiceLocator +structure is included in the singleRequestExtensions field of the +.Vt Request +structure to indicate where to forward the request. +The +.Vt ServiceLocator +is represented by a .Vt OCSP_SERVICELOC object, which will be stored inside the .Vt OCSP_ONEREQ @@ -65,9 +69,12 @@ If .Fa urls or its first element is .Dv NULL , -the locator field is omitted from the ServiceLocator structure -and only the issuer is included. -The resulting ServiceLocator structure is encoded in ASN.1 using +the locator field is omitted from the +.Vt ServiceLocator +structure and only the issuer is included. +The resulting +.Vt ServiceLocator +structure is encoded in ASN.1 using .Xr X509V3_EXT_i2d 3 with criticality 0. .Sh RETURN VALUES diff --git a/lib/libcrypto/man/OCSP_cert_to_id.3 b/lib/libcrypto/man/OCSP_cert_to_id.3 index 103b9a4a9f7..77559ba4696 100644 --- a/lib/libcrypto/man/OCSP_cert_to_id.3 +++ b/lib/libcrypto/man/OCSP_cert_to_id.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_cert_to_id.3,v 1.5 2016/12/14 16:20:28 schwarze Exp $ +.\" $OpenBSD: OCSP_cert_to_id.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt OCSP_CERT_TO_ID 3 .Os .Sh NAME @@ -118,7 +118,9 @@ .Fn OCSP_CERTID_new allocates and initializes an empty .Vt OCSP_CERTID -object, representing an ASN.1 CertID structure defined in RFC 6960. +object, representing an ASN.1 +.Vt CertID +structure defined in RFC 6960. It can store hashes of an issuer's distinguished name and public key together with a serial number of a certificate. It is used by the diff --git a/lib/libcrypto/man/OCSP_resp_find_status.3 b/lib/libcrypto/man/OCSP_resp_find_status.3 index 23aaa26e387..d06540d7167 100644 --- a/lib/libcrypto/man/OCSP_resp_find_status.3 +++ b/lib/libcrypto/man/OCSP_resp_find_status.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_resp_find_status.3,v 1.4 2016/12/12 22:48:02 schwarze Exp $ +.\" $OpenBSD: OCSP_resp_find_status.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL c952780c Jun 21 07:03:34 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 12 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt OCSP_RESP_FIND_STATUS 3 .Os .Sh NAME @@ -140,7 +140,9 @@ .Fn OCSP_SINGLERESP_new allocates and initializes an empty .Vt OCSP_SINGLERESP -object, representing an ASN.1 SingleResponse structure defined in RFC 6960. +object, representing an ASN.1 +.Vt SingleResponse +structure defined in RFC 6960. Each such object can store the server's answer regarding the validity of one individual certificate. Such objects are used inside the @@ -156,7 +158,9 @@ frees .Fn OCSP_CERTSTATUS_new allocates and initializes an empty .Vt OCSP_CERTSTATUS -object, representing an ASN.1 CertStatus structure defined in RFC 6960. +object, representing an ASN.1 +.Vt CertStatus +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_SINGLERESP . .Fn OCSP_CERTSTATUS_free @@ -166,7 +170,9 @@ frees .Fn OCSP_REVOKEDINFO_new allocates and initializes an empty .Vt OCSP_REVOKEDINFO -object, representing an ASN.1 RevokedInfo structure defined in RFC 6960. +object, representing an ASN.1 +.Vt RevokedInfo +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_CERTSTATUS . .Fn OCSP_REVOKEDINFO_free diff --git a/lib/libcrypto/man/OCSP_response_status.3 b/lib/libcrypto/man/OCSP_response_status.3 index 33a9dfb1a20..1ffa8a728ed 100644 --- a/lib/libcrypto/man/OCSP_response_status.3 +++ b/lib/libcrypto/man/OCSP_response_status.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_response_status.3,v 1.3 2016/12/12 18:45:29 schwarze Exp $ +.\" $OpenBSD: OCSP_response_status.3,v 1.4 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 12 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt OCSP_RESPONSE_STATUS 3 .Os .Sh NAME @@ -122,7 +122,9 @@ .Fn OCSP_RESPONSE_new allocates and initializes an empty .Vt OCSP_RESPONSE -object, representing an ASN.1 OCSPResponse structure defined in RFC 6960. +object, representing an ASN.1 +.Vt OCSPResponse +structure defined in RFC 6960. .Fn OCSP_RESPONSE_free frees .Fa resp . @@ -130,7 +132,9 @@ frees .Fn OCSP_RESPBYTES_new allocates and initializes an empty .Vt OCSP_RESPBYTES -object, representing an ASN.1 ResponseBytes structure defined in RFC 6960. +object, representing an ASN.1 +.Vt ResponseBytes +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_RESPONSE . .Fn OCSP_RESPBYTES_free @@ -140,7 +144,9 @@ frees .Fn OCSP_BASICRESP_new allocates and initializes an empty .Vt OCSP_BASICRESP -object, representing an ASN.1 BasicOCSPResponse structure defined in RFC 6960. +object, representing an ASN.1 +.Vt BasicOCSPResponse +structure defined in RFC 6960. .Vt OCSP_RESPBYTES contains the DER-encoded form of an .Vt OCSP_BASICRESP @@ -152,7 +158,9 @@ frees .Fn OCSP_RESPDATA_new allocates and initializes an empty .Vt OCSP_RESPDATA -object, representing an ASN.1 ResponseData structure defined in RFC 6960. +object, representing an ASN.1 +.Vt ResponseData +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_BASICRESP . .Fn OCSP_RESPDATA_free @@ -162,7 +170,9 @@ frees .Fn OCSP_RESPID_new allocates and initializes an empty .Vt OCSP_RESPID -object, representing an ASN.1 ResponderID structure defined in RFC 6960. +object, representing an ASN.1 +.Vt ResponderID +structure defined in RFC 6960. Such an object is used inside .Vt OCSP_RESPDATA . .Fn OCSP_RESPID_free diff --git a/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 index 6d3ede45c22..5d0852be25c 100644 --- a/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 +++ b/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.6 2016/12/06 14:45:08 schwarze Exp $ +.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.7 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 6 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PEM_READ_BIO_PRIVATEKEY 3 .Os .Sh NAME @@ -747,8 +747,9 @@ and .Fn PEM_write_PKCS8PrivateKey write a private key in an .Vt EVP_PKEY -structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 -v2.0 password based encryption algorithms. +structure in PKCS#8 +.Vt EncryptedPrivateKeyInfo +format using PKCS#5 v2.0 password based encryption algorithms. The .Fa enc argument specifies the encryption algorithm to use: unlike all other PEM @@ -758,13 +759,15 @@ If .Fa enc is .Dv NULL , -then no encryption is used and a PKCS#8 PrivateKeyInfo structure -is used instead. +then no encryption is used and a PKCS#8 +.Vt PrivateKeyInfo +structure is used instead. .Pp .Fn PEM_write_bio_PKCS8PrivateKey_nid and .Fn PEM_write_PKCS8PrivateKey_nid -also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo. +also write out a private key as a PKCS#8 +.Vt EncryptedPrivateKeyInfo . However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the .Fa nid @@ -789,7 +792,9 @@ The functions process a public key using an .Vt EVP_PKEY structure. -The public key is encoded as a SubjectPublicKeyInfo structure. +The public key is encoded as an ASN.1 +.Vt SubjectPublicKeyInfo +structure. .Pp The .Sy RSAPrivateKey @@ -805,15 +810,18 @@ The functions process an RSA public key using an .Vt RSA structure. -The public key is encoded using a PKCS#1 RSAPublicKey structure. +The public key is encoded using a PKCS#1 +.Vt RSAPublicKey +structure. .Pp The .Sy RSA_PUBKEY functions also process an RSA public key using an .Vt RSA structure. -However the public key is encoded using a SubjectPublicKeyInfo structure -and an error occurs if the public key is not RSA. +However the public key is encoded using an ASN.1 +.Vt SubjectPublicKeyInfo +structure and an error occurs if the public key is not RSA. .Pp The .Sy DSAPrivateKey @@ -829,8 +837,9 @@ The functions process a DSA public key using a .Vt DSA structure. -The public key is encoded using a SubjectPublicKeyInfo structure and an -error occurs if the public key is not DSA. +The public key is encoded using an ASN.1 +.Vt SubjectPublicKeyInfo +structure and an error occurs if the public key is not DSA. .Pp The .Sy DSAparams @@ -906,7 +915,9 @@ structure. .Pp The .Sy PKCS7 -functions process a PKCS#7 ContentInfo using a +functions process a PKCS#7 +.Vt ContentInfo +using a .Vt PKCS7 structure. .Pp diff --git a/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 b/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 index 8cb68351944..603c27bed1d 100644 --- a/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 +++ b/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS12_SAFEBAG_new.3,v 1.1 2016/12/22 16:05:22 schwarze Exp $ +.\" $OpenBSD: PKCS12_SAFEBAG_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 22 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PKCS12_SAFEBAG_NEW 3 .Os .Sh NAME @@ -37,8 +37,9 @@ .Fn PKCS12_SAFEBAG_new allocates and initializes an empty .Vt PKCS12_SAFEBAG -object, representing an ASN.1 SafeBag structure -defined in RFC 7292 section 4.2. +object, representing an ASN.1 +.Vt SafeBag +structure defined in RFC 7292 section 4.2. It can hold a pointer to a .Vt PKCS12_BAGS object together with a type identifier and optional attributes. @@ -49,7 +50,9 @@ frees .Fn PKCS12_BAGS_new allocates and initializes an empty .Vt PKCS12_BAGS -object, representing the bagValue field of an ASN.1 SafeBag structure. +object, representing the bagValue field of an ASN.1 +.Vt SafeBag +structure. It is used in .Vt PKCS12_SAFEBAG and can hold a DER-encoded X.509 certificate, diff --git a/lib/libcrypto/man/PKCS12_new.3 b/lib/libcrypto/man/PKCS12_new.3 index 426074c9b1b..0f540487242 100644 --- a/lib/libcrypto/man/PKCS12_new.3 +++ b/lib/libcrypto/man/PKCS12_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS12_new.3,v 1.1 2016/12/22 16:05:22 schwarze Exp $ +.\" $OpenBSD: PKCS12_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 22 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PKCS12_NEW 3 .Os .Sh NAME @@ -37,7 +37,9 @@ .Fn PKCS12_new allocates and initializes an empty .Vt PKCS12 -object, representing an ASN.1 PFX (personal information exchange) +object, representing an ASN.1 +.Vt PFX +.Pq personal information exchange structure defined in RFC 7292 section 4. It can hold a pointer to a .Vt PKCS7 @@ -53,8 +55,9 @@ frees .Fn PKCS12_MAC_DATA_new allocates and initializes an empty .Vt PKCS12_MAC_DATA -object, representing an ASN.1 MacData structure -defined in RFC 7292 section 4. +object, representing an ASN.1 +.Vt MacData +structure defined in RFC 7292 section 4. It is used inside .Vt PKCS12 and can hold a pointer to an diff --git a/lib/libcrypto/man/PKCS7_new.3 b/lib/libcrypto/man/PKCS7_new.3 index 9feecbb88b8..7f8cffd8817 100644 --- a/lib/libcrypto/man/PKCS7_new.3 +++ b/lib/libcrypto/man/PKCS7_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS7_new.3,v 1.1 2016/12/13 14:31:55 schwarze Exp $ +.\" $OpenBSD: PKCS7_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 13 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PKCS7_NEW 3 .Os .Sh NAME @@ -88,8 +88,9 @@ cryptography applied to it, in particular signed and encrypted data. .Fn PKCS7_new allocates and initializes an empty .Vt PKCS7 -object, representing an ASN.1 ContentInfo structure -defined in RFC 2315 section 7. +object, representing an ASN.1 +.Vt ContentInfo +structure defined in RFC 2315 section 7. It is the top-level data structure able to hold any kind of content that can be transmitted using PKCS#7. It can be used recursively in @@ -104,8 +105,9 @@ frees .Fn PKCS7_SIGNED_new allocates and initializes an empty .Vt PKCS7_SIGNED -object, representing an ASN.1 SignedData structure -defined in RFC 2315 section 9. +object, representing an ASN.1 +.Vt SignedData +structure defined in RFC 2315 section 9. It can be used inside .Vt PKCS7 objects and holds any kind of content together with signatures by @@ -118,8 +120,9 @@ frees .Fn PKCS7_ENVELOPE_new allocates and initializes an empty .Vt PKCS7_ENVELOPE -object, representing an ASN.1 EnvelopedData structure -defined in RFC 2315 section 10. +object, representing an ASN.1 +.Vt EnvelopedData +structure defined in RFC 2315 section 10. It can be used inside .Vt PKCS7 objects and holds any kind of encrypted content together with @@ -131,8 +134,9 @@ frees .Fn PKCS7_SIGN_ENVELOPE_new allocates and initializes an empty .Vt PKCS7_SIGN_ENVELOPE -object, representing an ASN.1 SignedAndEnvelopedData structure -defined in RFC 2315 section 11. +object, representing an ASN.1 +.Vt SignedAndEnvelopedData +structure defined in RFC 2315 section 11. It can be used inside .Vt PKCS7 objects and holds any kind of encrypted content together with @@ -146,8 +150,9 @@ frees .Fn PKCS7_DIGEST_new allocates and initializes an empty .Vt PKCS7_DIGEST -object, representing an ASN.1 DigestedData structure -defined in RFC 2315 section 12. +object, representing an ASN.1 +.Vt DigestedData +structure defined in RFC 2315 section 12. It can be used inside .Vt PKCS7 objects and holds any kind of content together with a message digest @@ -159,8 +164,9 @@ frees .Fn PKCS7_ENCRYPT_new allocates and initializes an empty .Vt PKCS7_ENCRYPT -object, representing an ASN.1 EncryptedData structure -defined in RFC 2315 section 13. +object, representing an ASN.1 +.Vt EncryptedData +structure defined in RFC 2315 section 13. It can be used inside .Vt PKCS7 objects and holds any kind of encrypted content. @@ -172,8 +178,9 @@ frees .Fn PKCS7_ENC_CONTENT_new allocates and initializes an empty .Vt PKCS7_ENC_CONTENT -object, representing an ASN.1 EncryptedContentInfo structure -defined in RFC 2315 section 10.1. +object, representing an ASN.1 +.Vt EncryptedContentInfo +structure defined in RFC 2315 section 10.1. It can be used inside .Vt PKCS7_ENVELOPE , .Vt PKCS7_SIGN_ENVELOPE , @@ -188,8 +195,9 @@ frees .Fn PKCS7_SIGNER_INFO_new allocates and initializes an empty .Vt PKCS7_SIGNER_INFO -object, representing an ASN.1 SignerInfo structure -defined in RFC 2315 section 9.2. +object, representing an ASN.1 +.Vt SignerInfo +structure defined in RFC 2315 section 9.2. It can be used inside .Vt PKCS7_SIGNED and @@ -203,8 +211,9 @@ frees .Fn PKCS7_RECIP_INFO_new allocates and initializes an empty .Vt PKCS7_RECIP_INFO -object, representing an ASN.1 RecipientInfo structure -defined in RFC 2315 section 10.2. +object, representing an ASN.1 +.Vt RecipientInfo +structure defined in RFC 2315 section 10.2. It can be used inside .Vt PKCS7_ENVELOPE and @@ -218,8 +227,9 @@ frees .Fn PKCS7_ISSUER_AND_SERIAL_new allocates and initializes an empty .Vt PKCS7_ISSUER_AND_SERIAL -object, representing an ASN.1 IssuerAndSerialNumber structure -defined in RFC 2315 section 6.7. +object, representing an ASN.1 +.Vt IssuerAndSerialNumber +structure defined in RFC 2315 section 6.7. It can be used inside .Vt PKCS7_SIGNER_INFO and diff --git a/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 b/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 index d522dab9f8c..8c6dba35140 100644 --- a/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 +++ b/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.1 2016/12/22 12:10:06 schwarze Exp $ +.\" $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 22 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PKCS8_PRIV_KEY_INFO_NEW 3 .Os .Sh NAME @@ -31,8 +31,9 @@ .Fn PKCS8_PRIV_KEY_INFO_new allocates and initializes an empty .Vt PKCS8_PRIV_KEY_INFO -object, representing an ASN.1 PrivateKeyInfo structure -defined in RFC 5208 section 5. +object, representing an ASN.1 +.Vt PrivateKeyInfo +structure defined in RFC 5208 section 5. It can hold a private key together with information about the algorithm to be used with it and optional attributes. .Pp diff --git a/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 b/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 index 3200b85fb42..888859b1e6a 100644 --- a/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 +++ b/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKEY_USAGE_PERIOD_new.3,v 1.2 2016/12/24 08:19:04 jmc Exp $ +.\" $OpenBSD: PKEY_USAGE_PERIOD_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PKEY_USAGE_PERIOD_NEW 3 .Os .Sh NAME @@ -31,8 +31,9 @@ .Fn PKEY_USAGE_PERIOD_new allocates and initializes an empty .Vt PKEY_USAGE_PERIOD -object, representing an ASN.1 PrivateKeyUsagePeriod structure -defined in RFC 3280 section 4.2.1.4. +object, representing an ASN.1 +.Vt PrivateKeyUsagePeriod +structure defined in RFC 3280 section 4.2.1.4. It could be used in .Vt X509 certificates to specify a validity period for the private key @@ -59,7 +60,8 @@ Certificate Revocation List (CRL) Profile, section 4.2.1.4: Private Key Usage Period .Pp RFC 3280 was obsoleted by RFC 5280, which says: "Section 4.2.1.4 -in RFC 3280, which specified the PrivateKeyUsagePeriod certificate -extension but deprecated its use, was removed. +in RFC 3280, which specified the +.Vt PrivateKeyUsagePeriod +certificate extension but deprecated its use, was removed. Use of this ISO standard extension is neither deprecated nor recommended for use in the Internet PKI." diff --git a/lib/libcrypto/man/POLICYINFO_new.3 b/lib/libcrypto/man/POLICYINFO_new.3 index a76385fc6b7..ea225a2d034 100644 --- a/lib/libcrypto/man/POLICYINFO_new.3 +++ b/lib/libcrypto/man/POLICYINFO_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: POLICYINFO_new.3,v 1.1 2016/12/23 18:50:23 schwarze Exp $ +.\" $OpenBSD: POLICYINFO_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt POLICYINFO_NEW 3 .Os .Sh NAME @@ -70,8 +70,9 @@ restrictions on their intended use. .Fn POLICYINFO_new allocates and initializes an empty .Vt POLICYINFO -object, representing an ASN.1 PolicyInformation structure -defined in RFC 5280 section 4.2.1.4. +object, representing an ASN.1 +.Vt PolicyInformation +structure defined in RFC 5280 section 4.2.1.4. It can hold a policy identifier and optional advisory qualifiers. .Fn POLICYINFO_free frees @@ -94,8 +95,9 @@ frees .Fn POLICYQUALINFO_new allocates and initializes an empty .Vt POLICYQUALINFO -object, representing an ASN.1 PolicyQualifierInfo structure -defined in RFC 5280 section 4.2.1.4. +object, representing an ASN.1 +.Vt PolicyQualifierInfo +structure defined in RFC 5280 section 4.2.1.4. It can be used in .Vt POLICYINFO and it can hold either a uniform resource identifier of a certification @@ -109,8 +111,9 @@ frees .Fn USERNOTICE_new allocates and initializes an empty .Vt USERNOTICE -object, representing an ASN.1 UserNotice structure -defined in RFC 5280 section 4.2.1.4. +object, representing an ASN.1 +.Vt UserNotice +structure defined in RFC 5280 section 4.2.1.4. It can be used in .Vt POLICYQUALINFO and it can hold either an @@ -125,8 +128,9 @@ frees .Fn NOTICEREF_new allocates and initializes an empty .Vt NOTICEREF -object, representing an ASN.1 NoticeReference structure -defined in RFC 5280 section 4.2.1.4. +object, representing an ASN.1 +.Vt NoticeReference +structure defined in RFC 5280 section 4.2.1.4. It can be used in .Vt USERNOTICE and can hold an organization name and a stack of notice numbers. @@ -137,8 +141,9 @@ frees .Fn POLICY_MAPPING_new allocates and initializes an empty .Vt POLICY_MAPPING -object, representing an ASN.1 PolicyMappings structure -defined in RFC 5280 section 4.2.1.5. +object, representing an ASN.1 +.Vt PolicyMappings +structure defined in RFC 5280 section 4.2.1.5. It can be used in .Vt X509 CA certificates and can hold a list of pairs of policy identifiers, @@ -151,8 +156,9 @@ frees .Fn POLICY_CONSTRAINTS_new allocates and initializes an empty .Vt POLICY_CONSTRAINTS -object, representing an ASN.1 PolicyConstraints structure -defined in RFC 5280 section 4.2.1.11. +object, representing an ASN.1 +.Vt PolicyConstraints +structure defined in RFC 5280 section 4.2.1.11. It can be used in .Vt X509 CA certificates to restrict policy mapping and/or to require explicit diff --git a/lib/libcrypto/man/PROXY_POLICY_new.3 b/lib/libcrypto/man/PROXY_POLICY_new.3 index eb4e963033d..387ee3fb7fb 100644 --- a/lib/libcrypto/man/PROXY_POLICY_new.3 +++ b/lib/libcrypto/man/PROXY_POLICY_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PROXY_POLICY_new.3,v 1.1 2016/12/23 23:19:57 schwarze Exp $ +.\" $OpenBSD: PROXY_POLICY_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 23 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt PROXY_POLICY_NEW 3 .Os .Sh NAME @@ -43,8 +43,9 @@ privileges on behalf of the subject of the original certificate. .Fn PROXY_POLICY_new allocates and initializes an empty .Vt PROXY_POLICY -object, representing an ASN.1 ProxyPolicy structure -defined in RFC 3820 section 3.8. +object, representing an ASN.1 +.Vt ProxyPolicy +structure defined in RFC 3820 section 3.8. It defines which privileges are to be delegated. .Fn PROXY_POLICY_free frees @@ -53,8 +54,9 @@ frees .Fn PROXY_CERT_INFO_EXTENSION_new allocates and initializes an empty .Vt PROXY_CERT_INFO_EXTENSION -object, representing an ASN.1 ProxyCertInfo structure -defined in RFC 3820 section 3.8. +object, representing an ASN.1 +.Vt ProxyCertInfo +structure defined in RFC 3820 section 3.8. It can contain a .Vt PROXY_POLICY object, and it can additionally restrict the maximum depth of the diff --git a/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 b/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 index 8d6817b8bd4..25a1c25ed32 100644 --- a/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 +++ b/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_PSS_PARAMS_new.3,v 1.1 2016/12/13 20:41:35 schwarze Exp $ +.\" $OpenBSD: RSA_PSS_PARAMS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 13 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt RSA_PSS_PARAMS_NEW 3 .Os .Sh NAME @@ -31,8 +31,9 @@ .Fn RSA_PSS_PARAMS_new allocates and initializes an empty .Vt RSA_PSS_PARAMS -object, representing an ASN.1 RSASSA-PSS-params structure -defined in RFC 8017 appendix A.2.3. +object, representing an ASN.1 +.Vt RSASSA-PSS-params +structure defined in RFC 8017 appendix A.2.3. It references the hash function and the mask generation function and stores the length of the salt and the trailer field number. .Fn RSA_PSS_PARAMS_free diff --git a/lib/libcrypto/man/TS_REQ_new.3 b/lib/libcrypto/man/TS_REQ_new.3 index d1a0e90f214..35da9484361 100644 --- a/lib/libcrypto/man/TS_REQ_new.3 +++ b/lib/libcrypto/man/TS_REQ_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: TS_REQ_new.3,v 1.3 2016/12/24 01:29:40 schwarze Exp $ +.\" $OpenBSD: TS_REQ_new.3,v 1.4 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt TS_REQ_NEW 3 .Os .Sh NAME @@ -67,8 +67,9 @@ which returns time-stamp tokens to the clients. .Fn TS_REQ_new allocates and initializes an empty .Vt TS_REQ -object, representing an ASN.1 TimeStampReq structure -defined in RFC 3161 section 2.4.1. +object, representing an ASN.1 +.Vt TimeStampReq +structure defined in RFC 3161 section 2.4.1. It can hold a hash of the datum to be time-stamped and some auxiliary, optional information. .Fn TS_REQ_free @@ -78,8 +79,9 @@ frees .Fn TS_RESP_new allocates and initializes an empty .Vt TS_RESP -object, representing an ASN.1 TimeStampResp structure -defined in RFC 3161 section 2.4.2. +object, representing an ASN.1 +.Vt TimeStampResp +structure defined in RFC 3161 section 2.4.2. It can hold status information and a time-stamp token. .Fn TS_RESP_free frees @@ -88,8 +90,9 @@ frees .Fn TS_STATUS_INFO_new allocates and initializes an empty .Vt TS_STATUS_INFO -object, representing an ASN.1 PKIStatusInfo structure -defined in RFC 3161 section 2.4.2. +object, representing an ASN.1 +.Vt PKIStatusInfo +structure defined in RFC 3161 section 2.4.2. It is used inside .Vt TS_RESP and describes the outcome of one time-stamp request. @@ -100,8 +103,9 @@ frees .Fn TS_TST_INFO_new allocates and initializes an empty .Vt TS_TST_INFO -object, representing an ASN.1 TSTInfo structure -defined in RFC 3161 section 2.4.2. +object, representing an ASN.1 +.Vt TSTInfo +structure defined in RFC 3161 section 2.4.2. It is the time-stamp token included in a .Vt TS_RESP object in case of success, and it can hold the hash of the datum @@ -114,8 +118,9 @@ frees .Fn TS_ACCURACY_new allocates and initializes an empty .Vt TS_ACCURACY -object, representing an ASN.1 Accuracy structure -defined in RFC 3161 section 2.4.2. +object, representing an ASN.1 +.Vt Accuracy +structure defined in RFC 3161 section 2.4.2. It can be used inside a .Vt TS_TST_INFO object and indicates the maximum error of the time stated in the token. @@ -126,8 +131,9 @@ frees .Fn TS_MSG_IMPRINT_new allocates and initializes an empty .Vt TS_MSG_IMPRINT -object, representing an ASN.1 MessageImprint structure -defined in RFC 3161 section 2.4.1. +object, representing an ASN.1 +.Vt MessageImprint +structure defined in RFC 3161 section 2.4.1. It is used inside .Vt TS_REQ and diff --git a/lib/libcrypto/man/X509_ALGOR_dup.3 b/lib/libcrypto/man/X509_ALGOR_dup.3 index 7a46b372c29..b1a28e11ba0 100644 --- a/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/lib/libcrypto/man/X509_ALGOR_dup.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_ALGOR_dup.3,v 1.4 2016/12/15 23:29:38 jmc Exp $ +.\" $OpenBSD: X509_ALGOR_dup.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 15 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_ALGOR_DUP 3 .Os .Sh NAME @@ -115,8 +115,9 @@ .Fn X509_ALGOR_new allocates and initializes an empty .Vt X509_ALGOR -object, representing an ASN.1 AlgorithmIdentifier structure -defined in RFC 5280 section 4.1.1.2. +object, representing an ASN.1 +.Vt AlgorithmIdentifier +structure defined in RFC 5280 section 4.1.1.2. Such objects can specify a cryptographic algorithm together with algorithm-specific parameters. They are used by many other objects, for example certificates, diff --git a/lib/libcrypto/man/X509_CINF_new.3 b/lib/libcrypto/man/X509_CINF_new.3 index fdfc4c8c7b5..7ac86b6d36a 100644 --- a/lib/libcrypto/man/X509_CINF_new.3 +++ b/lib/libcrypto/man/X509_CINF_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_CINF_new.3,v 1.1 2016/12/16 09:17:59 schwarze Exp $ +.\" $OpenBSD: X509_CINF_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 16 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_CINF_NEW 3 .Os .Sh NAME @@ -43,8 +43,9 @@ .Fn X509_CINF_new allocates and initializes an empty .Vt X509_CINF -object, representing an ASN.1 TBSCertificate structure -defined in RFC 5280 section 4.1. +object, representing an ASN.1 +.Vt TBSCertificate +structure defined in RFC 5280 section 4.1. It is used inside the .Vt X509 object and holds the main information contained in the X.509 @@ -57,8 +58,9 @@ frees .Fn X509_VAL_new allocates and initializes an empty .Vt X509_VAL -object, representing an ASN.1 Validity structure -defined in RFC 5280 section 4.1. +object, representing an ASN.1 +.Vt Validity +structure defined in RFC 5280 section 4.1. It is used inside the .Vt X509_CINF object and holds the validity period of the certificate. diff --git a/lib/libcrypto/man/X509_CRL_new.3 b/lib/libcrypto/man/X509_CRL_new.3 index 03a0caa5beb..2f35b100cb5 100644 --- a/lib/libcrypto/man/X509_CRL_new.3 +++ b/lib/libcrypto/man/X509_CRL_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_CRL_new.3,v 1.2 2016/12/24 01:29:40 schwarze Exp $ +.\" $OpenBSD: X509_CRL_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_CRL_NEW 3 .Os .Sh NAME @@ -37,8 +37,9 @@ .Fn X509_CRL_new allocates and initializes an empty .Vt X509_CRL -object, representing an ASN.1 CertificateList structure -defined in RFC 5280 section 5.1. +object, representing an ASN.1 +.Vt CertificateList +structure defined in RFC 5280 section 5.1. It can hold a pointer to an .Vt X509_CRL_INFO object discussed below together with a cryptographic signature @@ -50,8 +51,9 @@ frees .Fn X509_CRL_INFO_new allocates and initializes an empty .Vt X509_CRL_INFO -object, representing an ASN.1 TBSCertList structure -defined in RFC 5280 section 5.1. +object, representing an ASN.1 +.Vt TBSCertList +structure defined in RFC 5280 section 5.1. It is used inside the .Vt X509_CRL object and can hold a list of revoked certificates, an issuer name, diff --git a/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/lib/libcrypto/man/X509_EXTENSION_set_object.3 index b9a33ce137a..850be6e66b8 100644 --- a/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/lib/libcrypto/man/X509_EXTENSION_set_object.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.4 2016/12/24 01:29:40 schwarze Exp $ +.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_EXTENSION_SET_OBJECT 3 .Os .Sh NAME @@ -131,8 +131,9 @@ .Fn X509_EXTENSION_new allocates and initializes an empty .Vt X509_EXTENSION -object, representing an ASN.1 Extension structure -defined in RFC 5280 section 4.1. +object, representing an ASN.1 +.Vt Extension +structure defined in RFC 5280 section 4.1. It is a wrapper object around specific extension objects of different types and stores an extension type identifier and a criticality flag in addition to the DER-encoded form of the wrapped object. diff --git a/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index bfd4fb25368..e11a4b77082 100644 --- a/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.5 2016/12/14 21:22:06 jmc Exp $ +.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_NAME_ENTRY_GET_OBJECT 3 .Os .Sh NAME @@ -134,9 +134,12 @@ .Fa "int len" .Fc .Sh DESCRIPTION -An X.501 RelativeDistinguishedName is a set of field type and -value pairs. -It is the building block for constructing X.501 Name objects. +An X.501 +.Vt RelativeDistinguishedName +is a set of field type and value pairs. +It is the building block for constructing X.501 +.Vt Name +objects. This implementation only supports sets with one element, so an .Vt X509_NAME_ENTRY object contains only one field type and one value. @@ -144,8 +147,9 @@ object contains only one field type and one value. .Fn X509_NAME_ENTRY_new allocates and initializes an empty .Vt X509_NAME_ENTRY -object, representing an ASN.1 RelativeDistinguishedName structure -defined in RFC 5280 section 4.1.2.4. +object, representing an ASN.1 +.Vt RelativeDistinguishedName +structure defined in RFC 5280 section 4.1.2.4. .Pp .Fn X509_NAME_ENTRY_free frees diff --git a/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 6260e5f3455..50e23829bdd 100644 --- a/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.5 2016/12/14 16:20:28 schwarze Exp $ +.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_NAME_ADD_ENTRY_BY_TXT 3 .Os .Sh NAME @@ -197,7 +197,9 @@ can be set to -1 and to 0. This adds a new entry to the end of .Fa name -as a single valued RelativeDistinguishedName (RDN). +as a single valued +.Vt RelativeDistinguishedName +(RDN). .Pp .Fa loc actually determines the index where the new entry is inserted: diff --git a/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 6da06618312..b6571ccc1d8 100644 --- a/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.5 2016/12/14 16:20:28 schwarze Exp $ +.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_NAME_GET_INDEX_BY_NID 3 .Os .Sh NAME @@ -103,8 +103,8 @@ These functions allow an structure to be examined. The .Vt X509_NAME -structure is the same as the -.Sy Name +structure is the same as the ASN.1 +.Vt Name type defined in RFC 2459 (and elsewhere) and used, for example, in certificate subject and issuer names. .Pp @@ -235,7 +235,10 @@ are legacy functions which have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a -multicharacter string type like a BMPString or a UTF8String. +multicharacter string type like a +.Vt BMPString +or a +.Vt UTF8String . .Pp For a more general solution, .Fn X509_NAME_get_index_by_NID diff --git a/lib/libcrypto/man/X509_NAME_new.3 b/lib/libcrypto/man/X509_NAME_new.3 index 56666351987..c4efab77849 100644 --- a/lib/libcrypto/man/X509_NAME_new.3 +++ b/lib/libcrypto/man/X509_NAME_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_new.3,v 1.2 2016/12/24 01:29:40 schwarze Exp $ +.\" $OpenBSD: X509_NAME_new.3,v 1.3 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_NAME_NEW 3 .Os .Sh NAME @@ -31,12 +31,16 @@ .Ft void .Fn X509_NAME_free "X509_NAME *name" .Sh DESCRIPTION -An X.501 Name is an ordered sequence of relative distinguished names. +An X.501 +.Vt Name +is an ordered sequence of relative distinguished names. A relative distinguished name is a set of key-value pairs; see .Xr X509_NAME_ENTRY_new 3 for details. .Pp -Various X.509 structures contain X.501 Name substructures. +Various X.509 structures contain X.501 +.Vt Name +substructures. They are for example used for the issuers of certificates and certificate revocation lists and for the subjects of certificates and certificate requests. @@ -44,8 +48,9 @@ and certificate requests. .Fn X509_NAME_new allocates and initializes an empty .Vt X509_NAME -object, representing an ASN.1 Name structure -defined in RFC 5280 section 4.1.2.4. +object, representing an ASN.1 +.Vt Name +structure defined in RFC 5280 section 4.1.2.4. Data can be added to such objects with the functions described in .Xr X509_NAME_add_entry_by_txt 3 , and they can be inspected with the functions described in diff --git a/lib/libcrypto/man/X509_NAME_print_ex.3 b/lib/libcrypto/man/X509_NAME_print_ex.3 index 0e3ef112842..1342a200adc 100644 --- a/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_print_ex.3,v 1.5 2016/12/14 16:20:28 schwarze Exp $ +.\" $OpenBSD: X509_NAME_print_ex.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_NAME_PRINT_EX 3 .Os .Sh NAME @@ -174,8 +174,8 @@ and .Dv XN_FLAG_SEP_MULTILINE determine the field separators to use. Two distinct separators are used between distinct -RelativeDistinguishedName components and separate values in the same RDN -for a multi-valued RDN. +.Vt RelativeDistinguishedName +components and separate values in the same RDN for a multi-valued RDN. Multi-valued RDNs are currently very rare so the second separator will hardly ever be used. .Pp diff --git a/lib/libcrypto/man/X509_PUBKEY_new.3 b/lib/libcrypto/man/X509_PUBKEY_new.3 index cd178a1ee0a..0475fe65b22 100644 --- a/lib/libcrypto/man/X509_PUBKEY_new.3 +++ b/lib/libcrypto/man/X509_PUBKEY_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_PUBKEY_new.3,v 1.3 2016/12/15 22:24:45 schwarze Exp $ +.\" $OpenBSD: X509_PUBKEY_new.3,v 1.4 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 15 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_PUBKEY_NEW 3 .Os .Sh NAME @@ -133,9 +133,10 @@ .Sh DESCRIPTION The .Vt X509_PUBKEY -structure represents the ASN.1 SubjectPublicKeyInfo structure defined -in RFC 5280 section 4.1 and used in certificates and certificate -requests. +structure represents the ASN.1 +.Vt SubjectPublicKeyInfo +structure defined in RFC 5280 section 4.1 and used in certificates +and certificate requests. .Pp .Fn X509_PUBKEY_new allocates and initializes an @@ -179,7 +180,9 @@ and .Fn i2d_PUBKEY decode and encode an .Vt EVP_PKEY -structure using SubjectPublicKeyInfo format. +structure using +.Vt SubjectPublicKeyInfo +format. They otherwise follow the conventions of other ASN.1 functions such as .Xr d2i_X509 3 . .Pp @@ -225,7 +228,9 @@ bytes at .Pf * Fa pk , and .Pf * Fa pa -is set to the associated AlgorithmIdentifier for the public key. +is set to the associated +.Vt AlgorithmIdentifier +for the public key. If the value of any of these parameters is not required, it can be set to .Dv NULL . diff --git a/lib/libcrypto/man/X509_REQ_new.3 b/lib/libcrypto/man/X509_REQ_new.3 index f4089ba2a21..76da1258989 100644 --- a/lib/libcrypto/man/X509_REQ_new.3 +++ b/lib/libcrypto/man/X509_REQ_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_REQ_new.3,v 1.1 2016/12/17 01:08:14 schwarze Exp $ +.\" $OpenBSD: X509_REQ_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 17 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_REQ_NEW 3 .Os .Sh NAME @@ -37,8 +37,9 @@ .Fn X509_REQ_new allocates and initializes an empty .Vt X509_REQ -object, representing an ASN.1 CertificationRequest structure -defined in RFC 2986 section 4.2. +object, representing an ASN.1 +.Vt CertificationRequest +structure defined in RFC 2986 section 4.2. It can hold a pointer to an .Vt X509_REQ_INFO object discussed below together with a cryptographic signature and @@ -50,8 +51,9 @@ frees .Fn X509_REQ_INFO_new allocates and initializes an empty .Vt X509_REQ_INFO -object, representing an ASN.1 CertificationRequestInfo structure -defined in RFC 2986 section 4.1. +object, representing an ASN.1 +.Vt CertificationRequestInfo +structure defined in RFC 2986 section 4.1. It is used inside the .Vt X509_REQ object and can hold the subject and the public key of the requested diff --git a/lib/libcrypto/man/X509_REVOKED_new.3 b/lib/libcrypto/man/X509_REVOKED_new.3 index 2303f9caf20..f06075fcc22 100644 --- a/lib/libcrypto/man/X509_REVOKED_new.3 +++ b/lib/libcrypto/man/X509_REVOKED_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_REVOKED_new.3,v 1.1 2016/12/16 14:50:58 schwarze Exp $ +.\" $OpenBSD: X509_REVOKED_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL X509_CRL_get0_by_serial.pod 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 16 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_REVOKED_NEW 3 .Os .Sh NAME @@ -95,8 +95,9 @@ allocates and initializes an empty .Vt X509_REVOKED object, representing one of the elements of -the revokedCertificates field of the ASN.1 TBSCertList structure -defined in RFC 5280 section 5.1. +the revokedCertificates field of the ASN.1 +.Vt TBSCertList +structure defined in RFC 5280 section 5.1. It is used by .Vt X509_CRL objects and can hold information about one revoked certificate diff --git a/lib/libcrypto/man/X509_SIG_new.3 b/lib/libcrypto/man/X509_SIG_new.3 index e4ad5b0085b..6d41ababc6d 100644 --- a/lib/libcrypto/man/X509_SIG_new.3 +++ b/lib/libcrypto/man/X509_SIG_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_SIG_new.3,v 1.1 2016/12/22 14:06:51 schwarze Exp $ +.\" $OpenBSD: X509_SIG_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 22 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_SIG_NEW 3 .Os .Sh NAME @@ -31,8 +31,10 @@ .Fn X509_SIG_new allocates and initializes an empty .Vt X509_SIG -object, representing an ASN.1 DigestInfo structure defined -in RFC 2315 section 9.4 and equivalently in RFC 8017 section 9.2. +object, representing an ASN.1 +.Vt DigestInfo +structure defined in RFC 2315 section 9.4 +and equivalently in RFC 8017 section 9.2. It can hold a message digest together with information about the algorithm used. .Pp diff --git a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 2f0924c209a..3a871ef3075 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.4 2016/12/05 13:38:05 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 5 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_STORE_CTX_GET_ERROR 3 .Os .Sh NAME @@ -202,7 +202,9 @@ expected value. Unused. .It Dv X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY : \ No unable to decode issuer public key -The public key in the certificate SubjectPublicKeyInfo could not be read. +The public key in the certificate +.Vt SubjectPublicKeyInfo +could not be read. .It Dv X509_V_ERR_CERT_SIGNATURE_FAILURE : No certificate signature failure The signature of the certificate is invalid. .It Dv X509_V_ERR_CRL_SIGNATURE_FAILURE : No CRL signature failure diff --git a/lib/libcrypto/man/X509_new.3 b/lib/libcrypto/man/X509_new.3 index 1294ae3edd6..dbf82bc9742 100644 --- a/lib/libcrypto/man/X509_new.3 +++ b/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_new.3,v 1.9 2016/12/24 01:29:40 schwarze Exp $ +.\" $OpenBSD: X509_new.3,v 1.10 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 24 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509_NEW 3 .Os .Sh NAME @@ -73,8 +73,9 @@ allocates and initializes an empty .Vt X509 object with reference count 1. -It represents an ASN.1 Certificate structure -defined in RFC 5280 section 4.1. +It represents an ASN.1 +.Vt Certificate +structure defined in RFC 5280 section 4.1. It can hold a public key together with information about the person, organization, device, or function the associated private key belongs to. .Pp diff --git a/lib/libcrypto/man/d2i_RSAPublicKey.3 b/lib/libcrypto/man/d2i_RSAPublicKey.3 index 6f51229ec74..22d904157ff 100644 --- a/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_RSAPublicKey.3,v 1.5 2016/12/11 12:21:48 schwarze Exp $ +.\" $OpenBSD: d2i_RSAPublicKey.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 .\" .\" This file was written by Ulf Moeller and @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 11 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt D2I_RSAPUBLICKEY 3 .Os .Sh NAME @@ -140,12 +140,15 @@ .Fn d2i_RSAPublicKey and .Fn i2d_RSAPublicKey -decode and encode a PKCS#1 RSAPublicKey structure. +decode and encode a PKCS#1 +.Vt RSAPublicKey +structure. .Pp .Fn d2i_RSA_PUBKEY and .Fn i2d_RSA_PUBKEY -decode and encode an RSA public key using a SubjectPublicKeyInfo +decode and encode an RSA public key using an ASN.1 +.Vt SubjectPublicKeyInfo (certificate public key) structure. .Pp .Fn d2i_RSA_PUBKEY_bio , @@ -165,7 +168,9 @@ pointer. .Pp .Fn d2i_RSAPrivateKey , .Fn i2d_RSAPrivateKey -decode and encode a PKCS#1 RSAPrivateKey structure. +decode and encode a PKCS#1 +.Vt RSAPrivateKey +structure. .Pp .Fn d2i_Netscape_RSA , .Fn i2d_Netscape_RSA diff --git a/lib/libcrypto/man/d2i_X509_ALGOR.3 b/lib/libcrypto/man/d2i_X509_ALGOR.3 index 858396f5fe1..7514e5fac5f 100644 --- a/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_X509_ALGOR.3,v 1.5 2016/12/15 22:09:22 schwarze Exp $ +.\" $OpenBSD: d2i_X509_ALGOR.3,v 1.6 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 15 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt D2I_X509_ALGOR 3 .Os .Sh NAME @@ -71,8 +71,8 @@ .Sh DESCRIPTION These functions decode and encode an .Vt X509_ALGOR -structure which is equivalent to the -.Sy AlgorithmIdentifier +structure which is equivalent to the ASN.1 +.Vt AlgorithmIdentifier structure. They otherwise behave in a way similar to .Xr d2i_X509 3 diff --git a/lib/libcrypto/man/d2i_X509_NAME.3 b/lib/libcrypto/man/d2i_X509_NAME.3 index 0dacb648c75..d3c085784e2 100644 --- a/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_X509_NAME.3,v 1.6 2016/12/14 17:26:35 schwarze Exp $ +.\" $OpenBSD: d2i_X509_NAME.3,v 1.7 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL d900a015 Oct 8 14:40:42 2015 +0200 .\" .\" Copyright (c) 2016 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 14 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt D2I_X509_NAME 3 .Os .Sh NAME @@ -67,7 +67,9 @@ decodes .Fa length bytes of the DER-encoded string .Pf * Fa in -and stores the resulting Name object in +and stores the resulting +.Vt Name +object in .Pf * Fa name . .Pp .Fn i2d_X509_NAME @@ -89,7 +91,9 @@ decodes .Fa length bytes of the DER-encoded string .Pf * Fa in -and stores the resulting RelativeDistinguishedName object in +and stores the resulting +.Vt RelativeDistinguishedName +object in .Pf * Fa ne . .Pp .Fn i2d_X509_NAME_ENTRY diff --git a/lib/libcrypto/man/d2i_X509_SIG.3 b/lib/libcrypto/man/d2i_X509_SIG.3 index 8466ccfe7f2..33676b6df0a 100644 --- a/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/lib/libcrypto/man/d2i_X509_SIG.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_X509_SIG.3,v 1.4 2016/12/08 20:22:08 jmc Exp $ +.\" $OpenBSD: d2i_X509_SIG.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 8 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt D2I_X509_SIG 3 .Os .Sh NAME @@ -72,7 +72,7 @@ These functions decode and encode an .Vt X509_SIG structure, which is equivalent to the -.Sy DigestInfo +.Vt DigestInfo structure defined in PKCS#1 and PKCS#7. They otherwise behave in a way similar to .Xr d2i_X509 3 diff --git a/lib/libcrypto/man/x509v3.cnf.5 b/lib/libcrypto/man/x509v3.cnf.5 index 1fd4c0cc9f5..19608697e36 100644 --- a/lib/libcrypto/man/x509v3.cnf.5 +++ b/lib/libcrypto/man/x509v3.cnf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: x509v3.cnf.5,v 1.2 2016/12/12 22:02:55 jmc Exp $ +.\" $OpenBSD: x509v3.cnf.5,v 1.3 2016/12/25 22:15:10 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 12 2016 $ +.Dd $Mdocdate: December 25 2016 $ .Dt X509V3.CNF 5 .Os .Sh NAME @@ -530,8 +530,11 @@ The option changes the type of the .Ic organization field. -In RFC 2459, it can only be of type DisplayText. -In RFC 3280, IA5Strring is also permissible. +In RFC 2459, it can only be of type +.Vt DisplayText . +In RFC 3280, +.Vt IA5String +is also permissible. Some software (for example some versions of MSIE) may require .Ic ia5org . .Ss Policy constraints -- cgit v1.2.3