sync code with last fixes and improvements from OpenBSD

lib/libcrypto/man/ASN1_INTEGER_get.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_INTEGER_get.3,v 1.6 2022/07/09 13:13:34 schwarze Exp $
+.\" $OpenBSD: ASN1_INTEGER_get.3,v 1.7 2023/05/22 19:38:04 tb Exp $
 .\" selective merge up to:
 .\" OpenSSL man3/ASN1_INTEGER_get_int64 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 9 2022 $
+.Dd $Mdocdate: May 22 2023 $
 .Dt ASN1_INTEGER_GET 3
 .Os
 .Sh NAME
@@ -111,7 +111,7 @@
 .Ft int
 .Fo ASN1_INTEGER_set_int64
 .Fa "ASN1_INTEGER *a"
-.Fa "int64_t v";
+.Fa "int64_t v"
 .Fc
 .Ft int
 .Fo ASN1_INTEGER_set

lib/libcrypto/man/CMS_verify.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_verify.3,v 1.8 2022/01/19 20:28:06 tb Exp $
+.\" $OpenBSD: CMS_verify.3,v 1.9 2023/06/05 17:17:23 job Exp $
 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 19 2022 $
+.Dd $Mdocdate: June 5 2023 $
 .Dt CMS_VERIFY 3
 .Os
 .Sh NAME
@@ -92,7 +92,7 @@ if it is not
 .Fn CMS_get0_signers
 retrieves the signing certificate(s) from
 .Fa cms .
-It must be called after a successful
+It may only be called after a successful
 .Fn CMS_verify
 operation.
 The signers must be freed with

lib/libcrypto/man/UI_create_method.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: UI_create_method.3,v 1.5 2018/05/19 23:06:33 schwarze Exp $
+.\"	$OpenBSD: UI_create_method.3,v 1.6 2023/05/22 19:38:04 tb Exp $
 .\"	OpenSSL UI_create_method.pod 8e3d46e5 Mar 11 10:51:04 2017 +0100
 .\"
 .\" This file was written by Richard Levitte <levitte@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 19 2018 $
+.Dd $Mdocdate: May 22 2023 $
 .Dt UI_CREATE_METHOD 3
 .Os
 .Sh NAME
@@ -110,7 +110,7 @@
 .Fc
 .Ft int
 .Fo "(*UI_method_get_opener(const UI_METHOD *method))"
-.Fa "UI *";
+.Fa "UI *"
 .Fc
 .Ft int
 .Fo "(*UI_method_get_writer(const UI_METHOD *method))"

lib/libcrypto/man/X509_NAME_get_index_by_NID.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.15 2023/05/03 08:10:23 beck Exp $
+.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.16 2023/05/29 11:54:50 beck Exp $
 .\"	OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 3 2023 $
+.Dd $Mdocdate: May 29 2023 $
 .Dt X509_NAME_GET_INDEX_BY_NID 3
 .Os
 .Sh NAME
@@ -136,22 +136,32 @@ run from 0 to
 .Fn X509_NAME_get_text_by_NID
 and
 .Fn X509_NAME_get_text_by_OBJ
-retrieve the "text" from the first entry in
+retrieve the bytes encoded as UTF-8 from the first entry in
 .Fa name
 which matches
 .Fa nid
 or
 .Fa obj .
-At most
-.Fa len
-bytes will be written and the text written to
-.Fa buf
-will be NUL terminated.
 If
 .Fa buf
 is
 .Dv NULL ,
 nothing is written, but the return value is calculated as usual.
+If
+.Fa buf
+is not
+.Dv NULL ,
+no more than
+.Fa len
+bytes will be written and the text written to
+.Fa buf
+will be NUL terminated.
+.Pp
+If
+.Fa len
+is not large enough to hold the NUL byte terminated UTF-8 encoding of
+the text, or if the UTF-8 encoding of the text would contains a NUL
+byte, no data will be written and the call will return failure.
 .Pp
 All relevant
 .Dv NID_*
@@ -189,8 +199,8 @@ if the index is invalid.
 .Fn X509_NAME_get_text_by_NID
 and
 .Fn X509_NAME_get_text_by_OBJ
-return the length of the output string written, not counting the
-terminating NUL, or -1 if no match is found.
+return the length of the output UTF-8 string written, not counting the
+terminating NUL, or -1 in the case of an error or no match being found.
 .Pp
 In some cases of failure of
 .Fn X509_NAME_get_index_by_NID

lib/libcrypto/man/X509_STORE_CTX_get_error.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.27 2023/04/30 14:49:47 tb Exp $
+.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.28 2023/06/06 16:20:13 schwarze Exp $
 .\" full merge up to:
 .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100
 .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 30 2023 $
+.Dd $Mdocdate: June 6 2023 $
 .Dt X509_STORE_CTX_GET_ERROR 3
 .Os
 .Sh NAME
@@ -386,7 +386,9 @@ The certificate notBefore field contains an invalid time.
 The certificate notAfter field contains an invalid time.
 .It Dv X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD : \
  No format error in CRL's lastUpdate field
-The CRL lastUpdate field contains an invalid time.
+The CRL thisUpdate field (sic!) contains an invalid time.
+Both the name of the error constant and the text of the error message
+give a wrong name for the field that contains the problem.
 .It Dv X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD : \
  No format error in CRL's nextUpdate field
 The CRL nextUpdate field contains an invalid time.

lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.9 2022/11/16 14:51:08 schwarze Exp $
+.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.12 2023/05/30 07:37:34 op Exp $
 .\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2022 $
+.Dd $Mdocdate: May 30 2023 $
 .Dt X509_STORE_CTX_SET_VERIFY_CB 3
 .Os
 .Sh NAME
@@ -98,13 +98,29 @@ to
 .Fa verify_cb
 overwriting any existing callback.
 .Pp
-The verification callback can be used to customise the operation of
+The verification callback can be used to modify the operation of
 certificate verification, either by overriding error conditions or
 logging errors for debugging purposes.
+The use of a verification callback is not essential, and should not
+be used in security sensitive programs.
 .Pp
-However, a verification callback is
-.Em not
-essential and the default operation is often sufficient.
+Do not use this function.
+It is extremely fragile and unpredictable.
+This callback exposes implementation details of certificate verification,
+which change as the library evolves.
+Attempting to use it for security checks can introduce vulnerabilities if
+making incorrect assumptions about when the callback is called.
+Additionally, overriding
+.Fa ok
+may leave
+.Fa ctx
+in an inconsistent state and break invariants.
+.Pp
+Instead, customize certificate verification by configuring options on the
+.Vt X509_STORE_CTX
+before verification, or applying additional checks after
+.Xr X509_verify_cert 3
+completes successfully.
 .Pp
 The
 .Fa ok
@@ -112,6 +128,10 @@ parameter to the callback indicates the value the callback should return
 to retain the default behaviour.
 If it is zero then an error condition is indicated.
 If it is 1 then no error occurred.
+As the default behaviour is internal to the verifier, and possibly unknown
+to the caller, changing this parameter is inherently dangerous and should not
+normally be done except for debugging purposes, and should not be expected to
+be consistent if the verifier changes.
 If the flag
 .Dv X509_V_FLAG_NOTIFY_POLICY
 is set, then
@@ -158,7 +178,10 @@ verify_callback(int ok, X509_STORE_CTX *ctx)
 }
 .Ed
 .Pp
-Simple example, suppose a certificate in the chain is expired and we
+This is likely the only safe callback to use.
+.Pp
+Simple and terrible example that should not be used.
+Suppose a certificate in the chain is expired and we
 wish to continue after this error:
 .Bd -literal
 int
@@ -172,25 +195,19 @@ verify_callback(int ok, X509_STORE_CTX *ctx)
 }
 .Ed
 .Pp
-More complex example, we don't wish to continue after
-.Sy any
-certificate has expired just one specific case:
-.Bd -literal
-int
-verify_callback(int ok, X509_STORE_CTX *ctx)
-{
-	int err = X509_STORE_CTX_get_error(ctx);
-	X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-
-	if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
-		if (check_is_acceptable_expired_cert(err_cert)
-			return 1;
-	}
-	return ok;
-}
-.Ed
+While this example is presented for historical purposes,
+this is not the correct way to accomplish this.
+The verification flag
+.Dv X509_V_FLAG_NO_CHECK_TIME
+should be set on the
+.Vt STORE_CTX
+using
+.Xr X509_VERIFY_PARAM_set_flags 3
+instead.
 .Pp
-Full featured logging callback.
+Full featured debugging logging callback - note that the output and
+order that things happen from this can change over time and should not
+be parsed or expected to be consistent.
 In this case the
 .Fa bio_err
 is assumed to be a global logging
@@ -280,8 +297,13 @@ first appeared in OpenSSL 1.1.0 and has been available since
 .Sh CAVEATS
 In general a verification callback should
 .Sy NOT
-unconditionally return 1 in all circumstances because this will allow
-verification to succeed no matter what the error.
-This effectively removes all security from the application because
-.Sy any
-certificate (including untrusted generated ones) will be accepted.
+return a changed value of
+.Fa ok
+because this can allow the verification to appear to succeed
+in an unpredictable way.
+This can effectively remove all security from the application because
+untrusted or invalid certificates may be accepted.
+Doing this can possibly make
+.Xr X509_verify_cert 3
+return what appears to be a validated chain of certificates that has not
+been validated or even had the signatures checked.

lib/libcrypto/man/X509_VERIFY_PARAM_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_new.3,v 1.4 2022/09/10 10:22:46 jsg Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_new.3,v 1.5 2023/05/24 09:57:50 tb Exp $
 .\"
 .\" Copyright (c) 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 10 2022 $
+.Dd $Mdocdate: May 24 2023 $
 .Dt X509_VERIFY_PARAM_NEW 3
 .Os
 .Sh NAME
@@ -148,16 +148,13 @@ the acceptable policy set with
 the maximum verification depth set with
 .Xr X509_VERIFY_PARAM_set_depth 3
 .It
+flags that were set with
+.Xr X509_VERIFY_PARAM_set_hostflags 3
+.It
 the list of expected DNS hostnames built with
 .Xr X509_VERIFY_PARAM_set1_host 3
 and
-.Xr X509_VERIFY_PARAM_add1_host 3 ;
-if this list is copied, any flags that were set with
-.Xr X509_VERIFY_PARAM_set_hostflags 3
-are copied together with the list, without inspecting any such flags
-that may already be present in the
-.Fa destination
-object before overwriting them
+.Xr X509_VERIFY_PARAM_add1_host 3
 .It
 the expected RFC 822 email address set with
 .Xr X509_VERIFY_PARAM_set1_email 3

lib/libcrypto/man/X509_get0_notBefore.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get0_notBefore.3,v 1.5 2020/06/24 14:59:41 schwarze Exp $
+.\" $OpenBSD: X509_get0_notBefore.3,v 1.6 2023/06/06 16:20:13 schwarze Exp $
 .\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000
 .\"
 .\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 24 2020 $
+.Dd $Mdocdate: June 6 2023 $
 .Dt X509_GET0_NOTBEFORE 3
 .Os
 .Sh NAME
@@ -142,14 +142,20 @@ and
 are identical except for the const qualifier on the return type.
 .Pp
 .Fn X509_CRL_get0_lastUpdate
-and
+is misnamed in a confusing way: it returns a pointer to the
+.Fa thisUpdate
+field of the
+.Fa crl ,
+indicating the time when this
+.Fa crl
+was issued.
+.Pp
 .Fn X509_CRL_get0_nextUpdate
-return pointers to the
-.Fa lastUpdate
-and
+returns a pointer to the
 .Fa nextUpdate
-fields of
-.Fa crl .
+field of the
+.Fa crl ,
+indicating the time when issuing the subsequent CRL will be due.
 .Pp
 .Fn X509_CRL_get_lastUpdate
 and
@@ -165,7 +171,7 @@ and
 set the
 .Fa notBefore ,
 .Fa notAfter ,
-.Fa lastUpdate ,
+.Fa thisUpdate Pq sic!\& ,
 or
 .Fa nextUpdate
 field of