1.\" $OpenBSD: ASIdentifiers_new.3,v 1.11 2023/09/30 18:16:44 tb Exp $ 2.\" 3.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: September 30 2023 $ 18.Dt ASIDENTIFIERS_NEW 3 19.Os 20.Sh NAME 21.Nm ASIdentifiers_new , 22.Nm ASIdentifiers_free , 23.Nm d2i_ASIdentifiers , 24.Nm i2d_ASIdentifiers 25.Nd RFC 3779 autonomous system identifier delegation extensions 26.Sh SYNOPSIS 27.In openssl/x509v3.h 28.Ft ASIdentifiers * 29.Fo ASIdentifiers_new 30.Fa "void" 31.Fc 32.Ft void 33.Fo ASIdentifiers_free 34.Fa "ASIdentifiers *asid" 35.Fc 36.Ft ASIdentifiers * 37.Fo d2i_ASIdentifiers 38.Fa "ASIdentifiers **asid" 39.Fa "const unsigned char **in" 40.Fa "long len" 41.Fc 42.Ft int 43.Fo i2d_ASIdentifiers 44.Fa "ASIdentifiers *asid" 45.Fa "unsigned char **out" 46.Fc 47.Sh DESCRIPTION 48RFC 3779 defines two X.509v3 certificate extensions that allow the 49delegation of 50IP addresses and autonomous system (AS) identifiers 51from the issuer to the subject of the certificate. 52An 53.Vt ASIdentifiers 54object contains collections of individual AS numbers and 55ranges of AS numbers to be delegated. 56.Pp 57.Fn ASIdentifiers_new 58allocates and initializes a new, empty 59.Vt ASIdentifiers 60object that can be populated with 61.Xr X509v3_asid_add_id_or_range 3 . 62See 63.Xr ASRange_new 3 64for implementation details. 65.Pp 66.Fn ASIdentifiers_free 67frees 68.Fa asid 69including any data contained in it. 70If 71.Fa asid 72is 73.Dv NULL , 74no action occurs. 75.Pp 76.Fn d2i_ASIdentifiers 77and 78.Fn i2d_ASIdentifiers 79decode and encode ASN.1 80.Vt ASIdentifiers 81objects as defined in RFC 3779, section 3.2.3.1. 82For details about the semantics, examples, caveats, and bugs, see 83.Xr ASN1_item_d2i 3 . 84In order for the encoding produced by 85.Fn i2d_ASIdentifiers 86to conform to RFC 3779, 87.Fa asid 88must be in 89.Dq canonical form , 90see 91.Xr X509v3_asid_canonize 3 . 92.Sh RETURN VALUES 93.Fn ASIdentifiers_new 94returns a new 95.Vt ASIdentifiers 96object or 97.Dv NULL 98if an error occurs. 99.Pp 100.Fn d2i_ASIdentifiers 101returns an 102.Vt ASIdentifiers 103object or 104.Dv NULL 105if a decoding or memory allocation error occurs. 106.Pp 107.Fn i2d_ASIdentifiers 108returns the number of bytes successfully encoded 109or a value <= 0 if an error occurs. 110.Sh SEE ALSO 111.Xr ASRange_new 3 , 112.Xr crypto 3 , 113.Xr IPAddressRange_new 3 , 114.Xr X509_new 3 , 115.Xr X509v3_addr_add_inherit 3 , 116.Xr X509v3_addr_get_range 3 , 117.Xr X509v3_addr_inherits 3 , 118.Xr X509v3_addr_subset 3 , 119.Xr X509v3_addr_validate_path 3 , 120.Xr X509v3_asid_add_id_or_range 3 121.Sh STANDARDS 122RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers: 123.Bl -dash -compact 124.It 125section 3: Autonomous System Identifier Delegation Extension 126.El 127.Pp 128RFC 7020: The Internet Numbers Registry System 129.Pp 130RFC 7249: Internet Numbers Registries 131.Sh HISTORY 132These functions first appeared in OpenSSL 0.9.8e 133and have been available since 134.Ox 7.1 . 135.Sh BUGS 136There are no corresponding functions for the RFC 3779 137IP address delegation extension represented by 138.Vt IPAddrBlocks . 139