sync with OpenBSD -current

lib/libcrypto/man/ASN1_STRING_new.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ASN1_STRING_new.3,v 1.25 2023/07/28 05:48:33 tb Exp $
+.\"	$OpenBSD: ASN1_STRING_new.3,v 1.26 2024/03/05 18:30:40 tb Exp $
 .\"	OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400
 .\"
 .\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 28 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt ASN1_STRING_NEW 3
 .Os
 .Sh NAME
@@ -212,7 +212,6 @@ is returned and an error code can be retrieved with
 .Xr ASN1_PRINTABLE_type 3 ,
 .Xr ASN1_STRING_length 3 ,
 .Xr ASN1_STRING_print_ex 3 ,
-.Xr ASN1_time_parse 3 ,
 .Xr ASN1_TIME_set 3 ,
 .Xr ASN1_TYPE_get 3 ,
 .Xr ASN1_UNIVERSALSTRING_to_string 3 ,

lib/libcrypto/man/ASN1_TIME_set.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.22 2024/02/18 16:30:17 tb Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.23 2024/03/05 18:30:40 tb Exp $
 .\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2024 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -659,7 +659,6 @@ BIO_free(b);
 .Ed
 .Sh SEE ALSO
 .Xr ASN1_TIME_new 3 ,
-.Xr ASN1_time_parse 3 ,
 .Xr X509_cmp_time 3
 .Sh STANDARDS
 The usage of the ASN.1

lib/libcrypto/man/ASN1_time_parse.3

@@ -1,141 +0,0 @@
-.\" $OpenBSD: ASN1_time_parse.3,v 1.9 2020/11/02 17:45:35 tb Exp $
-.\"
-.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 2 2020 $
-.Dt ASN1_TIME_PARSE 3
-.Os
-.Sh NAME
-.Nm ASN1_time_parse ,
-.Nm ASN1_time_tm_cmp ,
-.Nm ASN1_TIME_set_tm
-.Nd LibreSSL utilities for ASN.1 time types
-.Sh SYNOPSIS
-.In openssl/asn1.h
-.Ft int
-.Fn ASN1_time_parse "const char *bytes" "size_t len" "struct tm *tm" "int mode"
-.Ft int
-.Fn ASN1_time_tm_cmp "struct tm *tm1" "struct tm *tm2"
-.Ft ASN1_TIME *
-.Fn ASN1_TIME_set_tm "ASN1_TIME *s" "struct tm *tm"
-.Sh DESCRIPTION
-The
-.Fn ASN1_time_parse
-function parses an ASN.1 time string of
-.Ar len
-bytes starting at
-.Ar bytes .
-The resulting time is stored in
-.Ar tm
-if
-.Ar tm
-is not
-.Dv NULL .
-.Pp
-The
-.Ar mode
-parameter must be one of
-.Bl -bullet -offset four
-.It
-0 to parse a time as specified in RFC 5280 for an X509 object,
-which may be either a UTC time or a Generalized time.
-.It
-.Dv V_ASN1_UTCTIME
-to parse an RFC 5280 format UTC time.
-.It
-.Dv V_ASN1_GENERALIZEDTIME
-to parse an RFC 5280 format Generalized time.
-.El
-.Pp
-The
-.Fn ASN1_time_tm_cmp
-function compares two times in
-.Ar tm1
-and
-.Ar tm2 .
-.Pp
-The function
-.Fn ASN1_TIME_set_tm
-sets the
-.Vt ASN1_TIME
-structure
-.Fa s
-to the time represented by the
-.Vt struct tm
-value pointed to by
-.Fa tm .
-If
-.Fa s
-is
-.Dv NULL ,
-a new
-.Vt ASN1_TIME
-structure is allocated and returned.
-.Sh RETURN VALUES
-.Fn ASN1_time_parse
-returns
-.Bl -bullet -offset four
-.It
--1 if the string was invalid for the
-.Ar mode
-specified.
-.It
-.Dv V_ASN1_UTCTIME
-if the string parsed as a valid UTC time.
-.It
-.Dv V_ASN1_GENERALIZEDTIME
-if the string parsed as a valid Generalized time.
-.El
-.Pp
-.Fn ASN1_time_tm_cmp
-returns
-.Bl -bullet -offset four
-.It
--1 if
-.Ar tm1
-is less than
-.Ar tm2 .
-.It
-1 if
-.Ar tm1
-is greater than
-.Ar tm2 .
-.It
-0 if
-.Ar tm1
-is the same as
-.Ar tm2 .
-.El
-.Pp
-.Fn ASN1_TIME_set_tm
-returns a pointer to an
-.Vt ASN1_TIME
-structure or
-.Dv NULL
-if an error occurred.
-.Sh SEE ALSO
-.Xr ASN1_TIME_new 3 ,
-.Xr ASN1_TIME_set 3 ,
-.Xr X509_cmp_time 3
-.Sh HISTORY
-.Fn ASN1_time_parse
-and
-.Fn ASN1_time_tm_cmp
-first appeared in
-.Ox 6.1
-and
-.Fn ASN1_TIME_set_tm
-in
-.Ox 6.2 .

lib/libcrypto/man/ERR_load_crypto_strings.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.11 2023/07/21 10:45:44 tb Exp $
+.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.12 2024/03/05 19:21:31 tb Exp $
 .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
 .\" selective merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt ERR_LOAD_CRYPTO_STRINGS 3
 .Os
 .Sh NAME
@@ -89,7 +89,6 @@
 .\" ERR_load_EC_strings()
 .\" ERR_load_ERR_strings()
 .\" ERR_load_EVP_strings()
-.\" ERR_load_GOST_strings()
 .\" ERR_load_OBJ_strings()
 .\" ERR_load_OCSP_strings()
 .\" ERR_load_PEM_strings()

lib/libcrypto/man/EVP_PKCS82PKEY.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.2 2023/12/21 21:32:01 tb Exp $
+.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.3 2024/03/05 19:21:31 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 21 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_PKCS82PKEY 3
 .Os
 .Sh NAME
@@ -39,7 +39,7 @@ creates a PKCS#8
 structure representing the private key contained in
 .Fa pkey .
 .Pp
-Supported algorithms include DH, DSA, EC, GOST2001, and RSA.
+Supported algorithms include DH, DSA, EC, and RSA.
 .Sh RETURN VALUES
 These functions return a newly allocated object or
 .Dv NULL

lib/libcrypto/man/EVP_PKEY_cmp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.13 2023/09/08 11:37:58 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.14 2024/03/05 19:21:31 tb Exp $
 .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 8 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_PKEY_CMP 3
 .Os
 .Sh NAME
@@ -77,7 +77,7 @@
 .Nm EVP_PKEY_cmp
 .\" .Nm EVP_PKEY_save_parameters is intentionally undocumented
 .\" because nothing uses it according to codesearch.debian.net
-.\" and it only affects X509_PUBKEY_set(3) for DSA and GOST2001 keys,
+.\" and it only affects X509_PUBKEY_set(3) for DSA,
 .\" resulting in incomplete output without the public key parameters.
 .Nd public key parameter and comparison functions
 .Sh SYNOPSIS

lib/libcrypto/man/EVP_PKEY_derive.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_derive.3,v 1.9 2023/09/09 14:26:35 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_derive.3,v 1.10 2024/03/05 19:21:31 tb Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_PKEY_DERIVE 3
 .Os
 .Sh NAME
@@ -109,7 +109,6 @@ The library provides built-in support for keys with an
 of
 .Dv EVP_PKEY_DH ,
 .Dv EVP_PKEY_EC ,
-.Dv EVP_PKEY_GOSTR01 ,
 .Dv EVP_PKEY_HKDF ,
 and
 .Dv EVP_PKEY_X25519 .

lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.7 2023/09/13 14:57:21 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.8 2024/03/05 19:21:31 tb Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 13 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
 .Os
 .Sh NAME
@@ -103,8 +103,6 @@ Support for the following public key algorithms is built into the library:
 .It Dv EVP_PKEY_DSA       Ta Dv NID_sha1                Ta mandatory
 .It Dv EVP_PKEY_EC        Ta Dv NID_sha1                Ta mandatory
 .It Dv EVP_PKEY_ED25519   Ta Dv NID_undef               Ta mandatory
-.It Dv EVP_PKEY_GOSTIMIT  Ta Dv NID_id_Gost28147_89_MAC Ta mandatory
-.It Dv EVP_PKEY_GOSTR01   Ta variable                   Ta mandatory
 .It Dv EVP_PKEY_HMAC      Ta Dv NID_sha1                Ta advisory
 .It Dv EVP_PKEY_RSA       Ta Dv NID_sha256              Ta advisory
 .El

lib/libcrypto/man/EVP_PKEY_set1_RSA.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.21 2023/12/21 21:32:01 tb Exp $
+.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.22 2024/03/05 19:21:31 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 21 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_PKEY_SET1_RSA 3
 .Os
 .Sh NAME
@@ -87,7 +87,6 @@
 .Nm EVP_PKEY_assign_DSA ,
 .Nm EVP_PKEY_assign_DH ,
 .Nm EVP_PKEY_assign_EC_KEY ,
-.Nm EVP_PKEY_assign_GOST ,
 .Nm EVP_PKEY_assign ,
 .Nm EVP_PKEY_base_id ,
 .Nm EVP_PKEY_id ,
@@ -182,11 +181,6 @@
 .Fa "EC_KEY *key"
 .Fc
 .Ft int
-.Fo EVP_PKEY_assign_GOST
-.Fa "EVP_PKEY *pkey"
-.Fa "GOST_KEY *key"
-.Fc
-.Ft int
 .Fo EVP_PKEY_assign
 .Fa "EVP_PKEY *pkey"
 .Fa "int type"
@@ -268,7 +262,6 @@ becomes unspecified.
 .Fn EVP_PKEY_assign_DSA ,
 .Fn EVP_PKEY_assign_DH ,
 .Fn EVP_PKEY_assign_EC_KEY ,
-.Fn EVP_PKEY_assign_GOST ,
 and
 .Fn EVP_PKEY_assign
 also set the referenced key to
@@ -292,9 +285,8 @@ The following types are supported:
 .Dv EVP_PKEY_RSA ,
 .Dv EVP_PKEY_DSA ,
 .Dv EVP_PKEY_DH ,
-.Dv EVP_PKEY_EC ,
 and
-.Dv EVP_PKEY_GOSTR01 .
+.Dv EVP_PKEY_EC .
 .Pp
 .Fn EVP_PKEY_base_id
 returns the type of
@@ -307,8 +299,6 @@ according to the following table:
 .It Dv EVP_PKEY_DH       Ta = Dv NID_dhKeyAgreement       Ta DH
 .It Dv EVP_PKEY_DSA      Ta = Dv NID_dsa                  Ta DSA
 .It Dv EVP_PKEY_EC       Ta = Dv NID_X9_62_id_ecPublicKey Ta EC
-.It Dv EVP_PKEY_GOSTIMIT Ta = Dv NID_id_Gost28147_89_MAC  Ta GOST-MAC
-.It Dv EVP_PKEY_GOSTR01  Ta = Dv NID_id_GostR3410_2001    Ta GOST2001
 .It Dv EVP_PKEY_HMAC     Ta = Dv NID_hmac                 Ta HMAC
 .It Dv EVP_PKEY_RSA      Ta = Dv NID_rsaEncryption        Ta RSA
 .It Dv EVP_PKEY_RSA_PSS  Ta = Dv NID_rsassaPss            Ta RSA-PSS
@@ -326,8 +316,6 @@ The following deprecated aliases are still supported:
 .It Dv EVP_PKEY_DSA2        Ta = Dv NID_dsaWithSHA                Ta DSA
 .It Dv EVP_PKEY_DSA3        Ta = Dv NID_dsaWithSHA1               Ta DSA
 .It Dv EVP_PKEY_DSA4        Ta = Dv NID_dsaWithSHA1_2             Ta DSA
-.It Dv EVP_PKEY_GOSTR12_256 Ta = Dv NID_id_tc26_gost3410_2012_256 Ta GOST2001
-.It Dv EVP_PKEY_GOSTR12_512 Ta = Dv NID_id_tc26_gost3410_2012_512 Ta GOST2001
 .It Dv EVP_PKEY_RSA2        Ta = Dv NID_rsa                       Ta RSA
 .El
 .Pp
@@ -408,7 +396,6 @@ functions must be freed as well as
 .Fn EVP_PKEY_assign_DSA ,
 .Fn EVP_PKEY_assign_DH ,
 .Fn EVP_PKEY_assign_EC_KEY ,
-.Fn EVP_PKEY_assign_GOST ,
 .Fn EVP_PKEY_assign ,
 .Fn EVP_PKEY_set_type ,
 and
@@ -436,7 +423,6 @@ the return value points to an
 .Vt DSA ,
 .Vt DH ,
 .Vt EC_KEY ,
-.Vt GOST_KEY ,
 or
 .Vt ASN1_OCTET_STRING
 object depending on the type of
@@ -494,10 +480,6 @@ and
 first appeared in OpenSSL 1.0.0 and have been available since
 .Ox 4.9 .
 .Pp
-.Fn EVP_PKEY_assign_GOST
-first appeared in
-.Ox 5.7 .
-.Pp
 .Fn EVP_PKEY_get0_RSA ,
 .Fn EVP_PKEY_get0_DSA ,
 .Fn EVP_PKEY_get0_DH ,

lib/libcrypto/man/EVP_PKEY_size.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_size.3,v 1.3 2024/03/05 19:21:31 tb Exp $
 .\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 12 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt EVP_PKEY_SIZE 3
 .Os
 .Sh NAME
@@ -144,7 +144,6 @@ is supported for the following algorithms:
 .It DSA    Ta Xr DSA_size 3
 .It EC     Ta Xr ECDSA_size 3
 .It ED25519 Ta 64, but see below
-.It GOST01 Ta 64 or 128
 .It HMAC   Ta Dv EVP_MAX_MD_SIZE No = 64
 .It RSA    Ta Xr RSA_size 3
 .It X25519 Ta Dv X25519_KEYLEN No = 32
@@ -173,7 +172,6 @@ By default, the following algorithms are supported:
 .It DSA    Ta the public domain parameter Fa p Ta Xr DSA_bits 3
 .It EC     Ta the order of the group Ta Xr EC_GROUP_order_bits 3
 .It ED25519 Ta 253 Ta \(em
-.It GOST01 Ta 256 or 512 Ta \(em
 .It RSA    Ta the public modulus Ta Xr RSA_bits 3
 .It X25519 Ta 253 Ta \(em
 .El
@@ -192,7 +190,6 @@ By default, the following algorithms are supported:
 .It DSA    Ta Xr DSA_security_bits 3
 .It EC     Ta Xr EC_GROUP_order_bits 3 divided by 2
 .It ED25519 Ta 128
-.It GOST01 Ta not supported, return value is \-2
 .It RSA    Ta Xr RSA_security_bits 3
 .It X25519 Ta 128
 .El

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.284 2024/03/05 17:21:40 tb Exp $
+# $OpenBSD: Makefile,v 1.286 2024/03/06 02:34:14 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -29,7 +29,6 @@ MAN=	\
 	ASN1_mbstring_copy.3 \
 	ASN1_parse_dump.3 \
 	ASN1_put_object.3 \
-	ASN1_time_parse.3 \
 	ASRange_new.3 \
 	AUTHORITY_KEYID_new.3 \
 	BASIC_CONSTRAINTS_new.3 \
@@ -313,7 +312,6 @@ MAN=	\
 	X509_ATTRIBUTE_new.3 \
 	X509_ATTRIBUTE_set1_object.3 \
 	X509_CINF_new.3 \
-	X509_CRL_METHOD_new.3 \
 	X509_CRL_get0_by_serial.3 \
 	X509_CRL_new.3 \
 	X509_CRL_print.3 \

lib/libcrypto/man/X509_CRL_METHOD_new.3

@@ -1,182 +0,0 @@
-.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: October 30 2021 $
-.Dt X509_CRL_METHOD_NEW 3
-.Os
-.Sh NAME
-.Nm X509_CRL_METHOD_new ,
-.Nm X509_CRL_METHOD_free ,
-.Nm X509_CRL_set_default_method ,
-.Nm X509_CRL_set_meth_data ,
-.Nm X509_CRL_get_meth_data
-.Nd customize CRL handling
-.Sh SYNOPSIS
-.In openssl/x509.h
-.Ft X509_CRL_METHOD *
-.Fo X509_CRL_METHOD_new
-.Fa "int (*crl_init)(X509_CRL *crl)"
-.Fa "int (*crl_free)(X509_CRL *crl)"
-.Fa "int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,\
- ASN1_INTEGER *ser, X509_NAME *issuer)"
-.Fa "int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)"
-.Fc
-.Ft void
-.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method"
-.Ft void
-.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method"
-.Ft void
-.Fn X509_CRL_set_meth_data "X509_CRL *crl" "void *data"
-.Ft void *
-.Fn X509_CRL_get_meth_data "X509_CRL *crl"
-.Sh DESCRIPTION
-These functions customize BER decoding and signature verification
-of X.509 certificate revocation lists,
-as well as retrieval of revoked entries from such lists.
-.Pp
-.Fn X509_CRL_METHOD_new
-allocates and initializes a new
-.Vt X509_CRL_METHOD
-object, storing the four pointers to callback functions in it
-that are provided as arguments.
-.Pp
-.Fn X509_CRL_METHOD_free
-frees the given
-.Fa method
-object.
-If
-.Fa method
-is a
-.Dv NULL
-pointer or points to the static object built into the library,
-no action occurs.
-.Pp
-.Fn X509_CRL_set_default_method
-designates the given
-.Fa method
-to be used for objects that will be created with
-.Xr X509_CRL_new 3
-in the future.
-It has no effect on
-.Vt X509_CRL
-objects that already exist.
-If
-.Fa method
-is
-.Dv NULL ,
-any previously installed method will no longer be used for new
-.Vt X509_CRL
-objects created in the future, and those future objects will adhere
-to the default behaviour instead.
-.Pp
-The optional function
-.Fn crl_init
-will be called at the end of
-.Xr d2i_X509_CRL 3 ,
-the optional function
-.Fn crl_free
-near the end of
-.Xr X509_CRL_free 3 ,
-immediately before freeing
-.Fa crl
-itself.
-The function
-.Fn crl_lookup
-will be called by
-.Xr X509_CRL_get0_by_serial 3 ,
-setting
-.Fa issuer
-to
-.Dv NULL ,
-and by
-.Xr X509_CRL_get0_by_cert 3 ,
-both instead of performing the default action.
-The function
-.Fn crl_verify
-will be called by
-.Xr X509_CRL_verify 3
-instead of performing the default action.
-.Pp
-.Fn X509_CRL_set_meth_data
-stores the pointer to the auxiliary
-.Fa data
-inside the
-.Fa crl
-object.
-The pointer is expected to remain valid during the whole lifetime of the
-.Fa crl
-object but is not automatically freed when the
-.Fa crl
-object is freed.
-.Pp
-.Fn X509_CRL_get_meth_data
-retrieves the
-.Fa data
-from
-.Fa crl
-the was added with
-.Fn X509_CRL_set_meth_data .
-This may for example be useful inside the four callback methods
-installed with
-.Fn X509_CRL_METHOD_new .
-.Sh RETURN VALUES
-.Fn X509_CRL_METHOD_new
-returns a pointer to the new object or
-.Dv NULL
-if memory allocation fails.
-.Pp
-.Fn X509_CRL_get_meth_data
-returns the pointer previously installed with
-.Fn X509_CRL_set_meth_data
-or
-.Dv NULL
-if
-.Fn X509_CRL_set_meth_data
-was not called on
-.Fa crl .
-.Pp
-The callback functions
-.Fn crl_init
-and
-.Fn crl_free
-are supposed to return 1 for success or 0 for failure.
-.Pp
-The callback function
-.Fn crl_lookup
-is supposed to return 0 for failure or 1 for success,
-except if the revoked entry has the reason
-.Qq removeFromCRL ,
-in which case it is supposed to return 2.
-.Pp
-The callback function
-.Fn crl_verify
-is supposed to return 1 if the signature is valid
-or 0 if the signature check fails.
-If the signature could not be checked at all because it was invalid
-or some other error occurred, \-1 may be returned.
-.Sh SEE ALSO
-.Xr ASN1_INTEGER_new 3 ,
-.Xr d2i_X509_CRL 3 ,
-.Xr EVP_PKEY_new 3 ,
-.Xr X509_CRL_get0_by_serial 3 ,
-.Xr X509_CRL_new 3 ,
-.Xr X509_CRL_verify 3 ,
-.Xr X509_NAME_new 3 ,
-.Xr X509_REVOKED_new 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.0.0
-and have been available since
-.Ox 4.9 .

lib/libcrypto/man/X509_CRL_get0_by_serial.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $
 .\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt X509_CRL_GET0_BY_SERIAL 3
 .Os
 .Sh NAME
@@ -105,18 +105,6 @@ except that it looks for a revoked entry using the serial number
 of certificate
 .Fa x .
 .Pp
-If
-.Xr X509_CRL_set_default_method 3
-was in effect at the time the
-.Fa crl
-object was created,
-.Fn X509_CRL_get0_by_serial
-and
-.Fn X509_CRL_get0_by_cert
-invoke the
-.Fn crl_lookup
-callback function instead of performing the default action.
-.Pp
 .Fn X509_CRL_get_REVOKED
 returns an internal pointer to a stack of all revoked entries for
 .Fa crl .
@@ -170,7 +158,6 @@ returns a STACK of revoked entries.
 .Xr X509_CRL_get_ext 3 ,
 .Xr X509_CRL_get_issuer 3 ,
 .Xr X509_CRL_get_version 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_REVOKED_new 3 ,
 .Xr X509V3_get_d2i 3

lib/libcrypto/man/X509_CRL_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: X509_CRL_new.3,v 1.14 2024/03/06 02:34:14 tb Exp $
 .\"
 .\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt X509_CRL_NEW 3
 .Os
 .Sh NAME
@@ -67,19 +67,6 @@ decrements the reference count of
 by 1.
 If the reference count reaches 0, it frees
 .Fa crl .
-If
-.Xr X509_CRL_set_default_method 3
-was in effect at the time
-.Fa crl
-was created and the
-.Fn crl_free
-callback is not
-.Dv NULL ,
-that callback is invoked near the end of
-.Fn X509_CRL_free ,
-right before freeing
-.Fa crl
-itself.
 .Pp
 .Fn X509_CRL_INFO_new
 allocates and initializes an empty
@@ -125,7 +112,6 @@ returns 1 on success or 0 on error.
 .Xr X509_CRL_get_issuer 3 ,
 .Xr X509_CRL_get_version 3 ,
 .Xr X509_CRL_match 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_print 3 ,
 .Xr X509_CRL_sign 3 ,
 .Xr X509_EXTENSION_new 3 ,

lib/libcrypto/man/X509_cmp_time.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_cmp_time.3,v 1.11 2021/11/12 14:34:57 schwarze Exp $
+.\" $OpenBSD: X509_cmp_time.3,v 1.12 2024/03/05 18:30:40 tb Exp $
 .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 12 2021 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt X509_CMP_TIME 3
 .Os
 .Sh NAME
@@ -108,8 +108,6 @@
 .Fn X509_cmp_time
 parses
 .Fa asn1_time
-with
-.Xr ASN1_time_parse 3
 and compares it to
 .Fa cmp_time ,
 or to the current time if
@@ -182,7 +180,6 @@ structure or
 on error.
 .Sh SEE ALSO
 .Xr ASN1_TIME_new 3 ,
-.Xr ASN1_time_parse 3 ,
 .Xr ASN1_TIME_set 3 ,
 .Xr time 3
 .Sh HISTORY

lib/libcrypto/man/X509_get0_notBefore.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get0_notBefore.3,v 1.6 2023/06/06 16:20:13 schwarze Exp $
+.\" $OpenBSD: X509_get0_notBefore.3,v 1.7 2024/03/05 18:30:40 tb Exp $
 .\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000
 .\"
 .\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2023 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt X509_GET0_NOTBEFORE 3
 .Os
 .Sh NAME
@@ -230,7 +230,6 @@ determining reasons for failure with
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr ASN1_TIME_set 3 ,
-.Xr ASN1_TIME_set_tm 3 ,
 .Xr X509_cmp_time 3 ,
 .Xr X509_CRL_get0_by_serial 3 ,
 .Xr X509_CRL_new 3 ,

lib/libcrypto/man/X509_sign.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $
+.\" $OpenBSD: X509_sign.3,v 1.11 2024/03/06 02:34:14 tb Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 28 2023 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt X509_SIGN 3
 .Os
 .Sh NAME
@@ -145,16 +145,6 @@ and
 .Fn X509_CRL_verify
 sign and verify certificate requests and CRLs, respectively.
 .Pp
-If
-.Xr X509_CRL_set_default_method 3
-was in effect at the time the
-.Vt X509_CRL
-object was created,
-.Fn X509_CRL_verify
-calls the
-.Fn crl_verify
-callback function instead of performing the default action.
-.Pp
 .Fn X509_sign_ctx
 is used where the default parameters for the corresponding public key
 and digest are not suitable.
@@ -183,7 +173,6 @@ In some cases of failure, the reason can be determined with
 .Xr d2i_X509 3 ,
 .Xr EVP_DigestInit 3 ,
 .Xr X509_CRL_get0_by_serial 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_get_pubkey 3 ,
 .Xr X509_get_subject_name 3 ,

lib/libcrypto/man/d2i_X509_CRL.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $
 .\"
 .\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt D2I_X509_CRL 3
 .Os
 .Sh NAME
@@ -96,15 +96,6 @@ decode and encode an ASN.1
 .Vt CertificateList
 structure defined in RFC 5280 section 5.1.
 .Pp
-If
-.Xr X509_CRL_set_default_method 3
-is in effect and the
-.Fn crl_init
-callback is not
-.Dv NULL ,
-that callback is invoked at the end of
-.Fn d2i_X509_CRL .
-.Pp
 .Fn d2i_X509_CRL_bio ,
 .Fn d2i_X509_CRL_fp ,
 .Fn i2d_X509_CRL_bio ,
@@ -132,7 +123,6 @@ the revokedCertificates field of the ASN.1
 structure.
 .Sh SEE ALSO
 .Xr ASN1_item_d2i 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_REVOKED_new 3
 .Sh STANDARDS

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $
+.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -234,7 +234,6 @@ family of functions provides base64 encoding and decoding.
 .Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
 .Xr X509_ALGOR_set_md 3 ,
 .Xr X509_check_private_key 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_digest 3 ,
 .Xr X509_get_pubkey 3 ,
 .Xr X509_PUBKEY_set 3 ,

lib/libcrypto/man/lh_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: lh_new.3,v 1.12 2024/03/04 19:03:31 tb Exp $
+.\" $OpenBSD: lh_new.3,v 1.13 2024/03/05 22:15:29 tb Exp $
 .\" full merge up to:
 .\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400
 .\" selective merge up to:
@@ -118,7 +118,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: March 4 2024 $
+.Dd $Mdocdate: March 5 2024 $
 .Dt LH_NEW 3
 .Os
 .Sh NAME
@@ -379,8 +379,6 @@ lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
 .Pp
 .Fn lh_<type>_error
 can be used to determine if an error occurred in the last operation.
-.Fn lh_<type>_error
-is a macro.
 .Sh RETURN VALUES
 .Fn lh_<type>_new
 returns