sync with OpenBSD -current

This commit is contained in:
purplerain 2024-03-06 04:23:46 +00:00
parent 85f0c6497f
commit 4bba23b895
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
36 changed files with 646 additions and 476 deletions

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ASN1_STRING_new.3,v 1.25 2023/07/28 05:48:33 tb Exp $
.\" $OpenBSD: ASN1_STRING_new.3,v 1.26 2024/03/05 18:30:40 tb Exp $
.\" OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 28 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt ASN1_STRING_NEW 3
.Os
.Sh NAME
@ -212,7 +212,6 @@ is returned and an error code can be retrieved with
.Xr ASN1_PRINTABLE_type 3 ,
.Xr ASN1_STRING_length 3 ,
.Xr ASN1_STRING_print_ex 3 ,
.Xr ASN1_time_parse 3 ,
.Xr ASN1_TIME_set 3 ,
.Xr ASN1_TYPE_get 3 ,
.Xr ASN1_UNIVERSALSTRING_to_string 3 ,

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ASN1_TIME_set.3,v 1.22 2024/02/18 16:30:17 tb Exp $
.\" $OpenBSD: ASN1_TIME_set.3,v 1.23 2024/03/05 18:30:40 tb Exp $
.\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
@ -68,7 +68,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: February 18 2024 $
.Dd $Mdocdate: March 5 2024 $
.Dt ASN1_TIME_SET 3
.Os
.Sh NAME
@ -659,7 +659,6 @@ BIO_free(b);
.Ed
.Sh SEE ALSO
.Xr ASN1_TIME_new 3 ,
.Xr ASN1_time_parse 3 ,
.Xr X509_cmp_time 3
.Sh STANDARDS
The usage of the ASN.1

View file

@ -1,141 +0,0 @@
.\" $OpenBSD: ASN1_time_parse.3,v 1.9 2020/11/02 17:45:35 tb Exp $
.\"
.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 2 2020 $
.Dt ASN1_TIME_PARSE 3
.Os
.Sh NAME
.Nm ASN1_time_parse ,
.Nm ASN1_time_tm_cmp ,
.Nm ASN1_TIME_set_tm
.Nd LibreSSL utilities for ASN.1 time types
.Sh SYNOPSIS
.In openssl/asn1.h
.Ft int
.Fn ASN1_time_parse "const char *bytes" "size_t len" "struct tm *tm" "int mode"
.Ft int
.Fn ASN1_time_tm_cmp "struct tm *tm1" "struct tm *tm2"
.Ft ASN1_TIME *
.Fn ASN1_TIME_set_tm "ASN1_TIME *s" "struct tm *tm"
.Sh DESCRIPTION
The
.Fn ASN1_time_parse
function parses an ASN.1 time string of
.Ar len
bytes starting at
.Ar bytes .
The resulting time is stored in
.Ar tm
if
.Ar tm
is not
.Dv NULL .
.Pp
The
.Ar mode
parameter must be one of
.Bl -bullet -offset four
.It
0 to parse a time as specified in RFC 5280 for an X509 object,
which may be either a UTC time or a Generalized time.
.It
.Dv V_ASN1_UTCTIME
to parse an RFC 5280 format UTC time.
.It
.Dv V_ASN1_GENERALIZEDTIME
to parse an RFC 5280 format Generalized time.
.El
.Pp
The
.Fn ASN1_time_tm_cmp
function compares two times in
.Ar tm1
and
.Ar tm2 .
.Pp
The function
.Fn ASN1_TIME_set_tm
sets the
.Vt ASN1_TIME
structure
.Fa s
to the time represented by the
.Vt struct tm
value pointed to by
.Fa tm .
If
.Fa s
is
.Dv NULL ,
a new
.Vt ASN1_TIME
structure is allocated and returned.
.Sh RETURN VALUES
.Fn ASN1_time_parse
returns
.Bl -bullet -offset four
.It
-1 if the string was invalid for the
.Ar mode
specified.
.It
.Dv V_ASN1_UTCTIME
if the string parsed as a valid UTC time.
.It
.Dv V_ASN1_GENERALIZEDTIME
if the string parsed as a valid Generalized time.
.El
.Pp
.Fn ASN1_time_tm_cmp
returns
.Bl -bullet -offset four
.It
-1 if
.Ar tm1
is less than
.Ar tm2 .
.It
1 if
.Ar tm1
is greater than
.Ar tm2 .
.It
0 if
.Ar tm1
is the same as
.Ar tm2 .
.El
.Pp
.Fn ASN1_TIME_set_tm
returns a pointer to an
.Vt ASN1_TIME
structure or
.Dv NULL
if an error occurred.
.Sh SEE ALSO
.Xr ASN1_TIME_new 3 ,
.Xr ASN1_TIME_set 3 ,
.Xr X509_cmp_time 3
.Sh HISTORY
.Fn ASN1_time_parse
and
.Fn ASN1_time_tm_cmp
first appeared in
.Ox 6.1
and
.Fn ASN1_TIME_set_tm
in
.Ox 6.2 .

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.11 2023/07/21 10:45:44 tb Exp $
.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.12 2024/03/05 19:21:31 tb Exp $
.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
.\" selective merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
.\"
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 21 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt ERR_LOAD_CRYPTO_STRINGS 3
.Os
.Sh NAME
@ -89,7 +89,6 @@
.\" ERR_load_EC_strings()
.\" ERR_load_ERR_strings()
.\" ERR_load_EVP_strings()
.\" ERR_load_GOST_strings()
.\" ERR_load_OBJ_strings()
.\" ERR_load_OCSP_strings()
.\" ERR_load_PEM_strings()

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.2 2023/12/21 21:32:01 tb Exp $
.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.3 2024/03/05 19:21:31 tb Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 21 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt EVP_PKCS82PKEY 3
.Os
.Sh NAME
@ -39,7 +39,7 @@ creates a PKCS#8
structure representing the private key contained in
.Fa pkey .
.Pp
Supported algorithms include DH, DSA, EC, GOST2001, and RSA.
Supported algorithms include DH, DSA, EC, and RSA.
.Sh RETURN VALUES
These functions return a newly allocated object or
.Dv NULL

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.13 2023/09/08 11:37:58 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.14 2024/03/05 19:21:31 tb Exp $
.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
@ -67,7 +67,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 8 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt EVP_PKEY_CMP 3
.Os
.Sh NAME
@ -77,7 +77,7 @@
.Nm EVP_PKEY_cmp
.\" .Nm EVP_PKEY_save_parameters is intentionally undocumented
.\" because nothing uses it according to codesearch.debian.net
.\" and it only affects X509_PUBKEY_set(3) for DSA and GOST2001 keys,
.\" and it only affects X509_PUBKEY_set(3) for DSA,
.\" resulting in incomplete output without the public key parameters.
.Nd public key parameter and comparison functions
.Sh SYNOPSIS

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_derive.3,v 1.9 2023/09/09 14:26:35 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_derive.3,v 1.10 2024/03/05 19:21:31 tb Exp $
.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
.\"
.\" This file is a derived work.
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 9 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt EVP_PKEY_DERIVE 3
.Os
.Sh NAME
@ -109,7 +109,6 @@ The library provides built-in support for keys with an
of
.Dv EVP_PKEY_DH ,
.Dv EVP_PKEY_EC ,
.Dv EVP_PKEY_GOSTR01 ,
.Dv EVP_PKEY_HKDF ,
and
.Dv EVP_PKEY_X25519 .

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.7 2023/09/13 14:57:21 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.8 2024/03/05 19:21:31 tb Exp $
.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
.\"
.\" This file is a derived work.
@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 13 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
.Os
.Sh NAME
@ -103,8 +103,6 @@ Support for the following public key algorithms is built into the library:
.It Dv EVP_PKEY_DSA Ta Dv NID_sha1 Ta mandatory
.It Dv EVP_PKEY_EC Ta Dv NID_sha1 Ta mandatory
.It Dv EVP_PKEY_ED25519 Ta Dv NID_undef Ta mandatory
.It Dv EVP_PKEY_GOSTIMIT Ta Dv NID_id_Gost28147_89_MAC Ta mandatory
.It Dv EVP_PKEY_GOSTR01 Ta variable Ta mandatory
.It Dv EVP_PKEY_HMAC Ta Dv NID_sha1 Ta advisory
.It Dv EVP_PKEY_RSA Ta Dv NID_sha256 Ta advisory
.El

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.21 2023/12/21 21:32:01 tb Exp $
.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.22 2024/03/05 19:21:31 tb Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 21 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt EVP_PKEY_SET1_RSA 3
.Os
.Sh NAME
@ -87,7 +87,6 @@
.Nm EVP_PKEY_assign_DSA ,
.Nm EVP_PKEY_assign_DH ,
.Nm EVP_PKEY_assign_EC_KEY ,
.Nm EVP_PKEY_assign_GOST ,
.Nm EVP_PKEY_assign ,
.Nm EVP_PKEY_base_id ,
.Nm EVP_PKEY_id ,
@ -182,11 +181,6 @@
.Fa "EC_KEY *key"
.Fc
.Ft int
.Fo EVP_PKEY_assign_GOST
.Fa "EVP_PKEY *pkey"
.Fa "GOST_KEY *key"
.Fc
.Ft int
.Fo EVP_PKEY_assign
.Fa "EVP_PKEY *pkey"
.Fa "int type"
@ -268,7 +262,6 @@ becomes unspecified.
.Fn EVP_PKEY_assign_DSA ,
.Fn EVP_PKEY_assign_DH ,
.Fn EVP_PKEY_assign_EC_KEY ,
.Fn EVP_PKEY_assign_GOST ,
and
.Fn EVP_PKEY_assign
also set the referenced key to
@ -292,9 +285,8 @@ The following types are supported:
.Dv EVP_PKEY_RSA ,
.Dv EVP_PKEY_DSA ,
.Dv EVP_PKEY_DH ,
.Dv EVP_PKEY_EC ,
and
.Dv EVP_PKEY_GOSTR01 .
.Dv EVP_PKEY_EC .
.Pp
.Fn EVP_PKEY_base_id
returns the type of
@ -307,8 +299,6 @@ according to the following table:
.It Dv EVP_PKEY_DH Ta = Dv NID_dhKeyAgreement Ta DH
.It Dv EVP_PKEY_DSA Ta = Dv NID_dsa Ta DSA
.It Dv EVP_PKEY_EC Ta = Dv NID_X9_62_id_ecPublicKey Ta EC
.It Dv EVP_PKEY_GOSTIMIT Ta = Dv NID_id_Gost28147_89_MAC Ta GOST-MAC
.It Dv EVP_PKEY_GOSTR01 Ta = Dv NID_id_GostR3410_2001 Ta GOST2001
.It Dv EVP_PKEY_HMAC Ta = Dv NID_hmac Ta HMAC
.It Dv EVP_PKEY_RSA Ta = Dv NID_rsaEncryption Ta RSA
.It Dv EVP_PKEY_RSA_PSS Ta = Dv NID_rsassaPss Ta RSA-PSS
@ -326,8 +316,6 @@ The following deprecated aliases are still supported:
.It Dv EVP_PKEY_DSA2 Ta = Dv NID_dsaWithSHA Ta DSA
.It Dv EVP_PKEY_DSA3 Ta = Dv NID_dsaWithSHA1 Ta DSA
.It Dv EVP_PKEY_DSA4 Ta = Dv NID_dsaWithSHA1_2 Ta DSA
.It Dv EVP_PKEY_GOSTR12_256 Ta = Dv NID_id_tc26_gost3410_2012_256 Ta GOST2001
.It Dv EVP_PKEY_GOSTR12_512 Ta = Dv NID_id_tc26_gost3410_2012_512 Ta GOST2001
.It Dv EVP_PKEY_RSA2 Ta = Dv NID_rsa Ta RSA
.El
.Pp
@ -408,7 +396,6 @@ functions must be freed as well as
.Fn EVP_PKEY_assign_DSA ,
.Fn EVP_PKEY_assign_DH ,
.Fn EVP_PKEY_assign_EC_KEY ,
.Fn EVP_PKEY_assign_GOST ,
.Fn EVP_PKEY_assign ,
.Fn EVP_PKEY_set_type ,
and
@ -436,7 +423,6 @@ the return value points to an
.Vt DSA ,
.Vt DH ,
.Vt EC_KEY ,
.Vt GOST_KEY ,
or
.Vt ASN1_OCTET_STRING
object depending on the type of
@ -494,10 +480,6 @@ and
first appeared in OpenSSL 1.0.0 and have been available since
.Ox 4.9 .
.Pp
.Fn EVP_PKEY_assign_GOST
first appeared in
.Ox 5.7 .
.Pp
.Fn EVP_PKEY_get0_RSA ,
.Fn EVP_PKEY_get0_DSA ,
.Fn EVP_PKEY_get0_DH ,

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_size.3,v 1.3 2024/03/05 19:21:31 tb Exp $
.\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 12 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt EVP_PKEY_SIZE 3
.Os
.Sh NAME
@ -144,7 +144,6 @@ is supported for the following algorithms:
.It DSA Ta Xr DSA_size 3
.It EC Ta Xr ECDSA_size 3
.It ED25519 Ta 64, but see below
.It GOST01 Ta 64 or 128
.It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64
.It RSA Ta Xr RSA_size 3
.It X25519 Ta Dv X25519_KEYLEN No = 32
@ -173,7 +172,6 @@ By default, the following algorithms are supported:
.It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3
.It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3
.It ED25519 Ta 253 Ta \(em
.It GOST01 Ta 256 or 512 Ta \(em
.It RSA Ta the public modulus Ta Xr RSA_bits 3
.It X25519 Ta 253 Ta \(em
.El
@ -192,7 +190,6 @@ By default, the following algorithms are supported:
.It DSA Ta Xr DSA_security_bits 3
.It EC Ta Xr EC_GROUP_order_bits 3 divided by 2
.It ED25519 Ta 128
.It GOST01 Ta not supported, return value is \-2
.It RSA Ta Xr RSA_security_bits 3
.It X25519 Ta 128
.El

View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.284 2024/03/05 17:21:40 tb Exp $
# $OpenBSD: Makefile,v 1.286 2024/03/06 02:34:14 tb Exp $
.include <bsd.own.mk>
@ -29,7 +29,6 @@ MAN= \
ASN1_mbstring_copy.3 \
ASN1_parse_dump.3 \
ASN1_put_object.3 \
ASN1_time_parse.3 \
ASRange_new.3 \
AUTHORITY_KEYID_new.3 \
BASIC_CONSTRAINTS_new.3 \
@ -313,7 +312,6 @@ MAN= \
X509_ATTRIBUTE_new.3 \
X509_ATTRIBUTE_set1_object.3 \
X509_CINF_new.3 \
X509_CRL_METHOD_new.3 \
X509_CRL_get0_by_serial.3 \
X509_CRL_new.3 \
X509_CRL_print.3 \

View file

@ -1,182 +0,0 @@
.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 30 2021 $
.Dt X509_CRL_METHOD_NEW 3
.Os
.Sh NAME
.Nm X509_CRL_METHOD_new ,
.Nm X509_CRL_METHOD_free ,
.Nm X509_CRL_set_default_method ,
.Nm X509_CRL_set_meth_data ,
.Nm X509_CRL_get_meth_data
.Nd customize CRL handling
.Sh SYNOPSIS
.In openssl/x509.h
.Ft X509_CRL_METHOD *
.Fo X509_CRL_METHOD_new
.Fa "int (*crl_init)(X509_CRL *crl)"
.Fa "int (*crl_free)(X509_CRL *crl)"
.Fa "int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,\
ASN1_INTEGER *ser, X509_NAME *issuer)"
.Fa "int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)"
.Fc
.Ft void
.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method"
.Ft void
.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method"
.Ft void
.Fn X509_CRL_set_meth_data "X509_CRL *crl" "void *data"
.Ft void *
.Fn X509_CRL_get_meth_data "X509_CRL *crl"
.Sh DESCRIPTION
These functions customize BER decoding and signature verification
of X.509 certificate revocation lists,
as well as retrieval of revoked entries from such lists.
.Pp
.Fn X509_CRL_METHOD_new
allocates and initializes a new
.Vt X509_CRL_METHOD
object, storing the four pointers to callback functions in it
that are provided as arguments.
.Pp
.Fn X509_CRL_METHOD_free
frees the given
.Fa method
object.
If
.Fa method
is a
.Dv NULL
pointer or points to the static object built into the library,
no action occurs.
.Pp
.Fn X509_CRL_set_default_method
designates the given
.Fa method
to be used for objects that will be created with
.Xr X509_CRL_new 3
in the future.
It has no effect on
.Vt X509_CRL
objects that already exist.
If
.Fa method
is
.Dv NULL ,
any previously installed method will no longer be used for new
.Vt X509_CRL
objects created in the future, and those future objects will adhere
to the default behaviour instead.
.Pp
The optional function
.Fn crl_init
will be called at the end of
.Xr d2i_X509_CRL 3 ,
the optional function
.Fn crl_free
near the end of
.Xr X509_CRL_free 3 ,
immediately before freeing
.Fa crl
itself.
The function
.Fn crl_lookup
will be called by
.Xr X509_CRL_get0_by_serial 3 ,
setting
.Fa issuer
to
.Dv NULL ,
and by
.Xr X509_CRL_get0_by_cert 3 ,
both instead of performing the default action.
The function
.Fn crl_verify
will be called by
.Xr X509_CRL_verify 3
instead of performing the default action.
.Pp
.Fn X509_CRL_set_meth_data
stores the pointer to the auxiliary
.Fa data
inside the
.Fa crl
object.
The pointer is expected to remain valid during the whole lifetime of the
.Fa crl
object but is not automatically freed when the
.Fa crl
object is freed.
.Pp
.Fn X509_CRL_get_meth_data
retrieves the
.Fa data
from
.Fa crl
the was added with
.Fn X509_CRL_set_meth_data .
This may for example be useful inside the four callback methods
installed with
.Fn X509_CRL_METHOD_new .
.Sh RETURN VALUES
.Fn X509_CRL_METHOD_new
returns a pointer to the new object or
.Dv NULL
if memory allocation fails.
.Pp
.Fn X509_CRL_get_meth_data
returns the pointer previously installed with
.Fn X509_CRL_set_meth_data
or
.Dv NULL
if
.Fn X509_CRL_set_meth_data
was not called on
.Fa crl .
.Pp
The callback functions
.Fn crl_init
and
.Fn crl_free
are supposed to return 1 for success or 0 for failure.
.Pp
The callback function
.Fn crl_lookup
is supposed to return 0 for failure or 1 for success,
except if the revoked entry has the reason
.Qq removeFromCRL ,
in which case it is supposed to return 2.
.Pp
The callback function
.Fn crl_verify
is supposed to return 1 if the signature is valid
or 0 if the signature check fails.
If the signature could not be checked at all because it was invalid
or some other error occurred, \-1 may be returned.
.Sh SEE ALSO
.Xr ASN1_INTEGER_new 3 ,
.Xr d2i_X509_CRL 3 ,
.Xr EVP_PKEY_new 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_CRL_verify 3 ,
.Xr X509_NAME_new 3 ,
.Xr X509_REVOKED_new 3
.Sh HISTORY
These functions first appeared in OpenSSL 1.0.0
and have been available since
.Ox 4.9 .

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $
.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $
.\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 30 2021 $
.Dd $Mdocdate: March 6 2024 $
.Dt X509_CRL_GET0_BY_SERIAL 3
.Os
.Sh NAME
@ -105,18 +105,6 @@ except that it looks for a revoked entry using the serial number
of certificate
.Fa x .
.Pp
If
.Xr X509_CRL_set_default_method 3
was in effect at the time the
.Fa crl
object was created,
.Fn X509_CRL_get0_by_serial
and
.Fn X509_CRL_get0_by_cert
invoke the
.Fn crl_lookup
callback function instead of performing the default action.
.Pp
.Fn X509_CRL_get_REVOKED
returns an internal pointer to a stack of all revoked entries for
.Fa crl .
@ -170,7 +158,6 @@ returns a STACK of revoked entries.
.Xr X509_CRL_get_ext 3 ,
.Xr X509_CRL_get_issuer 3 ,
.Xr X509_CRL_get_version 3 ,
.Xr X509_CRL_METHOD_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_REVOKED_new 3 ,
.Xr X509V3_get_d2i 3

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $
.\" $OpenBSD: X509_CRL_new.3,v 1.14 2024/03/06 02:34:14 tb Exp $
.\"
.\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 30 2021 $
.Dd $Mdocdate: March 6 2024 $
.Dt X509_CRL_NEW 3
.Os
.Sh NAME
@ -67,19 +67,6 @@ decrements the reference count of
by 1.
If the reference count reaches 0, it frees
.Fa crl .
If
.Xr X509_CRL_set_default_method 3
was in effect at the time
.Fa crl
was created and the
.Fn crl_free
callback is not
.Dv NULL ,
that callback is invoked near the end of
.Fn X509_CRL_free ,
right before freeing
.Fa crl
itself.
.Pp
.Fn X509_CRL_INFO_new
allocates and initializes an empty
@ -125,7 +112,6 @@ returns 1 on success or 0 on error.
.Xr X509_CRL_get_issuer 3 ,
.Xr X509_CRL_get_version 3 ,
.Xr X509_CRL_match 3 ,
.Xr X509_CRL_METHOD_new 3 ,
.Xr X509_CRL_print 3 ,
.Xr X509_CRL_sign 3 ,
.Xr X509_EXTENSION_new 3 ,

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_cmp_time.3,v 1.11 2021/11/12 14:34:57 schwarze Exp $
.\" $OpenBSD: X509_cmp_time.3,v 1.12 2024/03/05 18:30:40 tb Exp $
.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 12 2021 $
.Dd $Mdocdate: March 5 2024 $
.Dt X509_CMP_TIME 3
.Os
.Sh NAME
@ -108,8 +108,6 @@
.Fn X509_cmp_time
parses
.Fa asn1_time
with
.Xr ASN1_time_parse 3
and compares it to
.Fa cmp_time ,
or to the current time if
@ -182,7 +180,6 @@ structure or
on error.
.Sh SEE ALSO
.Xr ASN1_TIME_new 3 ,
.Xr ASN1_time_parse 3 ,
.Xr ASN1_TIME_set 3 ,
.Xr time 3
.Sh HISTORY

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_get0_notBefore.3,v 1.6 2023/06/06 16:20:13 schwarze Exp $
.\" $OpenBSD: X509_get0_notBefore.3,v 1.7 2024/03/05 18:30:40 tb Exp $
.\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000
.\"
.\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: June 6 2023 $
.Dd $Mdocdate: March 5 2024 $
.Dt X509_GET0_NOTBEFORE 3
.Os
.Sh NAME
@ -230,7 +230,6 @@ determining reasons for failure with
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ASN1_TIME_set 3 ,
.Xr ASN1_TIME_set_tm 3 ,
.Xr X509_cmp_time 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $
.\" $OpenBSD: X509_sign.3,v 1.11 2024/03/06 02:34:14 tb Exp $
.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 28 2023 $
.Dd $Mdocdate: March 6 2024 $
.Dt X509_SIGN 3
.Os
.Sh NAME
@ -145,16 +145,6 @@ and
.Fn X509_CRL_verify
sign and verify certificate requests and CRLs, respectively.
.Pp
If
.Xr X509_CRL_set_default_method 3
was in effect at the time the
.Vt X509_CRL
object was created,
.Fn X509_CRL_verify
calls the
.Fn crl_verify
callback function instead of performing the default action.
.Pp
.Fn X509_sign_ctx
is used where the default parameters for the corresponding public key
and digest are not suitable.
@ -183,7 +173,6 @@ In some cases of failure, the reason can be determined with
.Xr d2i_X509 3 ,
.Xr EVP_DigestInit 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_METHOD_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_get_subject_name 3 ,

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $
.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $
.\"
.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 30 2021 $
.Dd $Mdocdate: March 6 2024 $
.Dt D2I_X509_CRL 3
.Os
.Sh NAME
@ -96,15 +96,6 @@ decode and encode an ASN.1
.Vt CertificateList
structure defined in RFC 5280 section 5.1.
.Pp
If
.Xr X509_CRL_set_default_method 3
is in effect and the
.Fn crl_init
callback is not
.Dv NULL ,
that callback is invoked at the end of
.Fn d2i_X509_CRL .
.Pp
.Fn d2i_X509_CRL_bio ,
.Fn d2i_X509_CRL_fp ,
.Fn i2d_X509_CRL_bio ,
@ -132,7 +123,6 @@ the revokedCertificates field of the ASN.1
structure.
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr X509_CRL_METHOD_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_REVOKED_new 3
.Sh STANDARDS

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $
.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $
.\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org>,
@ -51,7 +51,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: March 5 2024 $
.Dd $Mdocdate: March 6 2024 $
.Dt EVP 3
.Os
.Sh NAME
@ -234,7 +234,6 @@ family of functions provides base64 encoding and decoding.
.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
.Xr X509_ALGOR_set_md 3 ,
.Xr X509_check_private_key 3 ,
.Xr X509_CRL_METHOD_new 3 ,
.Xr X509_digest 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_PUBKEY_set 3 ,

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: lh_new.3,v 1.12 2024/03/04 19:03:31 tb Exp $
.\" $OpenBSD: lh_new.3,v 1.13 2024/03/05 22:15:29 tb Exp $
.\" full merge up to:
.\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400
.\" selective merge up to:
@ -118,7 +118,7 @@
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
.Dd $Mdocdate: March 4 2024 $
.Dd $Mdocdate: March 5 2024 $
.Dt LH_NEW 3
.Os
.Sh NAME
@ -379,8 +379,6 @@ lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
.Pp
.Fn lh_<type>_error
can be used to determine if an error occurred in the last operation.
.Fn lh_<type>_error
is a macro.
.Sh RETURN VALUES
.Fn lh_<type>_new
returns