sync with OpenBSD -current

lib/libcrypto/man/X509_STORE_CTX_set_verify.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.7 2023/08/10 16:15:42 schwarze Exp $
+.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.8 2024/06/07 05:51:39 tb Exp $
 .\"
 .\" Copyright (c) 2021, 2022 Ingo Schwarze <schwarze@openbsd.org>
 .\" Copyright (c) 2023 Job Snijders <job@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 10 2023 $
+.Dd $Mdocdate: June 7 2024 $
 .Dt X509_STORE_CTX_SET_VERIFY 3
 .Os
 .Sh NAME
@@ -142,6 +142,28 @@ function provided by the user should check whether a given certificate
 was issued using the CA certificate
 .Fa issuer ,
 and must return 0 on failure and 1 on success.
+The default implementation ignores the
+.Fa ctx
+argument and returns success if and only if
+.Xr X509_check_issued 3
+returns
+.Dv X509_V_OK .
+It is important to pay close attention to the order of the
+.Fa issuer
+and
+.Fa subject
+arguments.
+In
+.Xr X509_check_issued 3
+the
+.Fa issuer
+precedes the
+.Fa subject
+while in
+.Fn check_issued
+the
+.Fa subject
+comes first.
 .Sh RETURN VALUES
 .Fn X509_STORE_CTX_verify_fn
 is supposed to return 1 to indicate that the chain is valid
@@ -221,3 +243,14 @@ and
 .Fn X509_STORE_CTX_get_check_issued
 first appeared in OpenSSL 1.1.0 and have been available since
 .Ox 7.3 .
+.Sh BUGS
+The reversal of order of
+.Fa subject
+and
+.Fa issuer
+between
+.Fn check_issued
+and
+.Xr X509_check_issued 3
+is very confusing.
+It has led to bugs and will cause many more.

lib/libcrypto/man/X509_cmp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_cmp.3,v 1.3 2021/07/02 10:50:39 schwarze Exp $
+.\" $OpenBSD: X509_cmp.3,v 1.4 2024/06/07 14:00:09 job Exp $
 .\" full merge up to: OpenSSL ea5d4b89 Jun 6 11:42:02 2019 +0800
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 2 2021 $
+.Dd $Mdocdate: June 7 2024 $
 .Dt X509_CMP 3
 .Os
 .Sh NAME
@@ -123,8 +123,10 @@
 .Fn X509_cmp
 compares two X.509 certificates using
 .Xr memcmp 3
-on the SHA1 hashes of their canonical (DER) representations as generated with
+on the hashes of their canonical (DER) representations as generated with
 .Xr X509_digest 3 .
+The digest function is implementation-specific: LibreSSL uses SHA-512, other
+implementations use SHA-1.
 .Pp
 .Fn X509_NAME_cmp
 compares two X.501
@@ -172,8 +174,10 @@ structures using
 .Fn X509_CRL_match
 compares two certificate revocation lists using
 .Xr memcmp 3
-on the SHA1 hashes of their canonical (DER) representations as generated with
+on the hashes of their canonical (DER) representations as generated with
 .Xr X509_CRL_digest 3 .
+The digest function is implementation-specific: LibreSSL uses SHA-512, other
+implementations use SHA-1.
 .Sh RETURN VALUES
 All these functions return 0 to indicate a match or a non-zero value
 to indicate a mismatch.

lib/libcrypto/x509/x509_verify.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.69 2024/04/08 23:46:21 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.70 2024/06/07 06:21:40 tb Exp $ */
 /*
  * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
  *
@@ -528,7 +528,7 @@ x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent,
 		return (ctx->xsc->check_issued(ctx->xsc, child, parent));
 
 	/* XXX key usage */
-	return X509_check_issued(child, parent) != X509_V_OK;
+	return X509_check_issued(parent, child) == X509_V_OK;
 }
 
 static int