sync with OpenBSD -current

lib/libcrypto/conf/conf_def.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_def.c,v 1.35 2024/08/18 17:50:10 tb Exp $ */
+/* $OpenBSD: conf_def.c,v 1.36 2024/08/24 12:08:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -658,7 +658,7 @@ static CONF_METHOD default_method = {
 	.dump = def_dump,
 	.is_number = def_is_number,
 	.to_int = def_to_int,
-	.load = def_load
+	.load = def_load,
 };
 
 static CONF_METHOD WIN32_method = {
@@ -671,7 +671,7 @@ static CONF_METHOD WIN32_method = {
 	def_dump,
 	def_is_number,
 	def_to_int,
-	def_load
+	def_load,
 };
 
 CONF_METHOD *

lib/libcrypto/hidden/openssl/ui.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ui.h,v 1.3 2023/07/05 21:14:54 bcook Exp $ */
+/* $OpenBSD: ui.h,v 1.4 2024/08/24 07:51:19 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -75,8 +75,8 @@ LCRYPTO_USED(UI_get0_test_string);
 LCRYPTO_USED(UI_get_result_minsize);
 LCRYPTO_USED(UI_get_result_maxsize);
 LCRYPTO_USED(UI_set_result);
-LCRYPTO_USED(UI_UTIL_read_pw_string);
-LCRYPTO_USED(UI_UTIL_read_pw);
+LCRYPTO_UNUSED(UI_UTIL_read_pw_string);
+LCRYPTO_UNUSED(UI_UTIL_read_pw);
 LCRYPTO_USED(ERR_load_UI_strings);
 LCRYPTO_USED(UI_method_get_prompt_constructor);
 

lib/libcrypto/man/EVP_PKEY_add1_attr.3

@@ -1,188 +0,0 @@
-.\" $OpenBSD: EVP_PKEY_add1_attr.3,v 1.3 2021/10/26 18:50:38 jmc Exp $
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: October 26 2021 $
-.Dt EVP_PKEY_ADD1_ATTR 3
-.Os
-.Sh NAME
-.Nm EVP_PKEY_add1_attr ,
-.Nm EVP_PKEY_add1_attr_by_OBJ ,
-.Nm EVP_PKEY_add1_attr_by_NID ,
-.Nm EVP_PKEY_add1_attr_by_txt ,
-.Nm EVP_PKEY_delete_attr ,
-.Nm EVP_PKEY_get_attr ,
-.Nm EVP_PKEY_get_attr_count ,
-.Nm EVP_PKEY_get_attr_by_OBJ ,
-.Nm EVP_PKEY_get_attr_by_NID
-.Nd X.501 Attributes of private keys
-.Sh SYNOPSIS
-.In openssl/x509.h
-.Ft int
-.Fo EVP_PKEY_add1_attr
-.Fa "EVP_PKEY *key"
-.Fa "X509_ATTRIBUTE *attr"
-.Fc
-.Ft int
-.Fo EVP_PKEY_add1_attr_by_OBJ
-.Fa "EVP_PKEY *key"
-.Fa "const ASN1_OBJECT *obj"
-.Fa "int type"
-.Fa "const unsigned char *data"
-.Fa "int len"
-.Fc
-.Ft int
-.Fo EVP_PKEY_add1_attr_by_NID
-.Fa "EVP_PKEY *key"
-.Fa "int nid"
-.Fa "int type"
-.Fa "const unsigned char *data"
-.Fa "int len"
-.Fc
-.Ft int
-.Fo EVP_PKEY_add1_attr_by_txt
-.Fa "EVP_PKEY *key"
-.Fa "const char *name"
-.Fa "int type"
-.Fa "const unsigned char *data"
-.Fa "int len"
-.Fc
-.Ft X509_ATTRIBUTE *
-.Fo EVP_PKEY_delete_attr
-.Fa "EVP_PKEY *key"
-.Fa "int index"
-.Fc
-.Ft X509_ATTRIBUTE *
-.Fo EVP_PKEY_get_attr
-.Fa "const EVP_PKEY *key"
-.Fa "int index"
-.Fc
-.Ft int
-.Fo EVP_PKEY_get_attr_count
-.Fa "const EVP_PKEY *key"
-.Fc
-.Ft int
-.Fo EVP_PKEY_get_attr_by_OBJ
-.Fa "const EVP_PKEY *key"
-.Fa "const ASN1_OBJECT *obj"
-.Fa "int start_after"
-.Fc
-.Ft int
-.Fo EVP_PKEY_get_attr_by_NID
-.Fa "const EVP_PKEY *key"
-.Fa "int nid"
-.Fa "int start_after"
-.Fc
-.Sh DESCRIPTION
-These functions support associating an array of X.501 Attributes
-with a private key.
-Such attributes can for example be included in PKCS#12 structures.
-.Pp
-.Fn EVP_PKEY_add1_attr
-appends a deep copy of the
-.Fa attr
-using
-.Xr X509at_add1_attr 3 .
-.Pp
-.Fn EVP_PKEY_add1_attr_by_OBJ ,
-.Fn EVP_PKEY_add1_attr_by_NID ,
-and
-.Fn EVP_PKEY_add1_attr_by_txt
-create a new X.501 Attribute object using
-.Xr X509_ATTRIBUTE_create_by_OBJ 3 ,
-.Xr X509_ATTRIBUTE_create_by_NID 3 ,
-or
-.Xr X509_ATTRIBUTE_create_by_txt 3 ,
-respectively, and append it using
-.Xr X509at_add1_attr 3 .
-.Pp
-.Fn EVP_PKEY_delete_attr
-deletes the attribute with the zero-based
-.Fa index
-using
-.Xr X509at_delete_attr 3 .
-.Pp
-.Fn EVP_PKEY_get_attr
-returns the attribute with the zero-based
-.Fa index
-using
-.Xr X509at_get_attr 3 .
-.Pp
-.Fn EVP_PKEY_get_attr_count
-returns the number of attributes currently associated with the
-.Fa key
-using
-.Xr X509at_get_attr_count 3 .
-.Pp
-.Fn EVP_PKEY_get_attr_by_OBJ
-and
-.Fn EVP_PKEY_get_attr_by_NID
-search for an attribute of the type
-.Fa obj
-or
-.Fa nid
-using
-.Xr X509at_get_attr_by_OBJ 3
-or
-.Xr X509at_get_attr_by_NID 3 ,
-respectively.
-.Sh RETURN VALUES
-.Fn EVP_PKEY_add1_attr ,
-.Fn EVP_PKEY_add1_attr_by_OBJ ,
-.Fn EVP_PKEY_add1_attr_by_NID ,
-and
-.Fn EVP_PKEY_add1_attr_by_txt
-return 1 for success or 0 for failure.
-.Pp
-.Fn EVP_PKEY_delete_attr
-and
-.Fn EVP_PKEY_get_attr
-return the deleted or requested attribute or
-.Dv NULL
-if the requested index is negative or greater than or equal to
-the current number of attributes associated with the
-.Fa key .
-.Pp
-.Fn EVP_PKEY_get_attr_count
-returns the current number of attributes.
-.Pp
-.Fn EVP_PKEY_get_attr_by_OBJ
-and
-.Fn EVP_PKEY_get_attr_by_NID
-return the index of the first attribute that has an index greater than
-.Fa start_after
-and a type matching
-.Fa obj
-or
-.Fa nid ,
-respectively, or \-1 on failure.
-In addition,
-.Fn EVP_PKEY_get_attr_by_NID
-returns \-2 if
-.Xr OBJ_nid2obj 3
-fails on the requested
-.Fa nid .
-.Sh SEE ALSO
-.Xr EVP_PKEY_new 3 ,
-.Xr OBJ_nid2obj 3 ,
-.Xr PKCS12_create 3 ,
-.Xr X509_ATTRIBUTE_create_by_OBJ 3 ,
-.Xr X509_ATTRIBUTE_new 3 ,
-.Xr X509at_add1_attr 3 ,
-.Xr X509at_get_attr 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.8
-and have been available since
-.Ox 4.5 .

lib/libcrypto/man/EVP_PKEY_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_new.3,v 1.19 2024/07/21 08:36:43 tb Exp $
+.\" $OpenBSD: EVP_PKEY_new.3,v 1.20 2024/08/24 09:15:36 tb Exp $
 .\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2024 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt EVP_PKEY_NEW 3
 .Os
 .Sh NAME
@@ -269,7 +269,6 @@ return 1 for success or 0 for failure.
 .Xr d2i_PrivateKey 3 ,
 .Xr evp 3 ,
 .Xr EVP_PKCS82PKEY 3 ,
-.Xr EVP_PKEY_add1_attr 3 ,
 .Xr EVP_PKEY_asn1_new 3 ,
 .Xr EVP_PKEY_check 3 ,
 .Xr EVP_PKEY_cmp 3 ,

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.289 2024/08/17 09:16:37 tb Exp $
+# $OpenBSD: Makefile,v 1.291 2024/08/24 09:15:36 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -177,7 +177,6 @@ MAN=	\
 	EVP_PKEY_CTX_new.3 \
 	EVP_PKEY_CTX_set_hkdf_md.3 \
 	EVP_PKEY_CTX_set_tls1_prf_md.3 \
-	EVP_PKEY_add1_attr.3 \
 	EVP_PKEY_asn1_get_count.3 \
 	EVP_PKEY_asn1_new.3 \
 	EVP_PKEY_check.3 \
@@ -300,7 +299,6 @@ MAN=	\
 	SMIME_write_PKCS7.3 \
 	STACK_OF.3 \
 	TS_REQ_new.3 \
-	UI_UTIL_read_pw.3 \
 	UI_create_method.3 \
 	UI_get_string_type.3 \
 	UI_new.3 \

lib/libcrypto/man/OCSP_cert_to_id.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: OCSP_cert_to_id.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
+.\"	$OpenBSD: OCSP_cert_to_id.3,v 1.13 2024/08/24 19:31:09 tb Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt OCSP_CERT_TO_ID 3
 .Os
 .Sh NAME
@@ -162,19 +162,25 @@ issuer key hash
 and serial number
 .Fa serialNumber .
 .Pp
-.Fn OCSP_id_cmp
-compares
+.Fn OCSP_id_issuer_cmp
+compares the hash algorithms,
+the hashed issuer distinguished names and
+the hashed public keys of
 .Vt OCSP_CERTID
 .Fa a
 and
 .Fa b .
 .Pp
-.Fn OCSP_id_issuer_cmp
-compares only the issuer name of
+.Fn OCSP_id_cmp
+compares
 .Vt OCSP_CERTID
 .Fa a
 and
-.Fa b .
+.Fa b
+using
+.Fn OCSP_id_issuer_cmp
+followed by a comparison of the certificate serial numbers with
+.Xr ASN1_INTEGER_cmp 3 .
 .Pp
 .Fn OCSP_id_get0_info
 returns the issuer name hash, hash OID, issuer key hash and serial
@@ -214,6 +220,7 @@ return 0 for a match or non-zero otherwise.
 .Fn OCSP_id_get0_info
 returns 1 for success or 0 for failure.
 .Sh SEE ALSO
+.Xr ASN1_INTEGER_cmp 3 ,
 .Xr EVP_DigestInit 3 ,
 .Xr OCSP_request_add1_nonce 3 ,
 .Xr OCSP_REQUEST_new 3 ,

lib/libcrypto/man/UI_UTIL_read_pw.3

@@ -1,107 +0,0 @@
-.\" $OpenBSD: UI_UTIL_read_pw.3,v 1.3 2018/03/22 21:08:22 schwarze Exp $
-.\" full merge up to: OpenSSL 23103a52 Jan 12 15:17:42 2017 +0100
-.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
-.\"
-.\" This file was written by Richard Levitte <levitte@openssl.org>.
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 22 2018 $
-.Dt UI_UTIL_READ_PW 3
-.Os
-.Sh NAME
-.Nm UI_UTIL_read_pw ,
-.Nm UI_UTIL_read_pw_string
-.Nd get a password from the user
-.Sh SYNOPSIS
-.In openssl/ui.h
-.Ft int
-.Fo UI_UTIL_read_pw_string
-.Fa "char *buf"
-.Fa "int length"
-.Fa "const char *prompt"
-.Fa "int verify"
-.Fc
-.Ft int
-.Fo UI_UTIL_read_pw
-.Fa "char *buf"
-.Fa "char *buff"
-.Fa "int size"
-.Fa "const char *prompt"
-.Fa "int verify"
-.Fc
-.Sh DESCRIPTION
-.Fn UI_UTIL_read_pw_string
-asks for a passphrase, using
-.Fa prompt
-as a prompt, and stores it in
-.Fa buf .
-The maximum allowed size is given with
-.Fa length ,
-including the terminating NUL byte.
-If
-.Fa verify
-is non-zero, the password will be verified as well.
-.Pp
-.Fn UI_UTIL_read_pw
-does the same as
-.Fn UI_UTIL_read_pw_string ,
-but takes an external buffer
-.Fa buff
-for the verification passphrase.
-.Sh RETURN VALUES
-.Fn UI_UTIL_read_pw_string
-and
-.Fn UI_UTIL_read_pw
-return 0 on success or a negative value on error.
-.Sh SEE ALSO
-.Xr UI_new 3
-.Sh HISTORY
-.Fn UI_UTIL_read_pw
-and
-.Fn UI_UTIL_read_pw_string
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .

lib/libcrypto/man/UI_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: UI_new.3,v 1.11 2022/12/17 22:23:31 tb Exp $
+.\" $OpenBSD: UI_new.3,v 1.12 2024/08/24 07:48:37 tb Exp $
 .\" full merge up to: OpenSSL 78b19e90 Jan 11 00:12:01 2017 +0100
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 17 2022 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt UI_NEW 3
 .Os
 .Sh NAME
@@ -515,8 +515,7 @@ argument.
 .Sh SEE ALSO
 .Xr crypto 3 ,
 .Xr UI_create_method 3 ,
-.Xr UI_get_string_type 3 ,
-.Xr UI_UTIL_read_pw 3
+.Xr UI_get_string_type 3
 .Sh HISTORY
 These functions first appeared in  OpenSSL 0.9.7
 and have been available since

lib/libcrypto/man/X509_ATTRIBUTE_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.16 2021/10/26 12:56:48 schwarze Exp $
+.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.17 2024/08/24 09:15:36 tb Exp $
 .\"
 .\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt X509_ATTRIBUTE_NEW 3
 .Os
 .Sh NAME
@@ -111,7 +111,6 @@ fails on
 .Fa nid .
 .Sh SEE ALSO
 .Xr d2i_X509_ATTRIBUTE 3 ,
-.Xr EVP_PKEY_add1_attr 3 ,
 .Xr OBJ_nid2obj 3 ,
 .Xr PKCS12_SAFEBAG_new 3 ,
 .Xr PKCS7_add_attribute 3 ,

lib/libcrypto/man/X509at_add1_attr.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509at_add1_attr.3,v 1.5 2021/10/26 12:56:48 schwarze Exp $
+.\" $OpenBSD: X509at_add1_attr.3,v 1.6 2024/08/24 09:15:36 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt X509AT_ADD1_ATTR 3
 .Os
 .Sh NAME
@@ -120,7 +120,6 @@ or if the requested
 is negative or greater than or equal to the number of objects in
 .Pf * Fa attrs .
 .Sh SEE ALSO
-.Xr EVP_PKEY_add1_attr 3 ,
 .Xr OBJ_nid2obj 3 ,
 .Xr PKCS8_pkey_add1_attr_by_NID 3 ,
 .Xr STACK_OF 3 ,

lib/libcrypto/man/X509at_get_attr.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509at_get_attr.3,v 1.7 2022/03/28 08:18:13 claudio Exp $
+.\" $OpenBSD: X509at_get_attr.3,v 1.9 2024/08/24 09:23:09 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 28 2022 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt X509AT_GET_ATTR 3
 .Os
 .Sh NAME
@@ -138,14 +138,12 @@ or
 .Dv NULL
 on failure.
 .Sh SEE ALSO
-.Xr EVP_PKEY_get_attr 3 ,
 .Xr OBJ_nid2obj 3 ,
 .Xr PKCS8_pkey_get0_attrs 3 ,
 .Xr STACK_OF 3 ,
 .Xr X509_ATTRIBUTE_get0_data 3 ,
 .Xr X509_ATTRIBUTE_new 3 ,
-.Xr X509_REQ_get_attr 3 ,
-.Xr X509at_add1_attr 3
+.Xr X509_REQ_get_attr 3
 .Sh HISTORY
 .Fn X509at_get_attr ,
 .Fn X509at_get_attr_count ,

lib/libcrypto/man/des_read_pw.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: des_read_pw.3,v 1.11 2023/09/10 13:58:46 schwarze Exp $
+.\" $OpenBSD: des_read_pw.3,v 1.12 2024/08/24 07:48:37 tb Exp $
 .\" full merge up to: OpenSSL doc/crypto/des.pod
 .\" 53934822 Jun 9 16:39:19 2016 -0400
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 10 2023 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt DES_READ_PW 3
 .Os
 .Sh NAME
@@ -99,11 +99,6 @@
 .Ft char *
 .Fn EVP_get_pw_prompt void
 .Sh DESCRIPTION
-These functions are deprecated.
-Use
-.Xr UI_UTIL_read_pw 3
-instead.
-.Pp
 .Fn EVP_read_pw_string
 writes the
 .Fa prompt
@@ -185,8 +180,7 @@ returns an internal pointer to static memory containing the default prompt, or
 .Dv NULL
 if no default prompt is set.
 .Sh SEE ALSO
-.Xr UI_new 3 ,
-.Xr UI_UTIL_read_pw 3
+.Xr UI_new 3
 .Sh HISTORY
 .Fn EVP_read_pw_string
 first appeared in SSLeay 0.5.1 and

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.30 2024/03/19 17:34:05 tb Exp $
+.\" $OpenBSD: evp.3,v 1.31 2024/08/24 09:15:36 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 19 2024 $
+.Dd $Mdocdate: August 24 2024 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -189,7 +189,6 @@ family of functions provides base64 encoding and decoding.
 .Xr EVP_MD_nid 3 ,
 .Xr EVP_OpenInit 3 ,
 .Xr EVP_PKCS82PKEY 3 ,
-.Xr EVP_PKEY_add1_attr 3 ,
 .Xr EVP_PKEY_asn1_get_count 3 ,
 .Xr EVP_PKEY_asn1_new 3 ,
 .Xr EVP_PKEY_check 3 ,

lib/libcrypto/ui/ui_util.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ui_util.c,v 1.15 2024/08/08 09:56:51 tb Exp $ */
+/* $OpenBSD: ui_util.c,v 1.16 2024/08/24 07:50:23 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -58,40 +58,18 @@
 
 #include <openssl/ui.h>
 
+/* XXX - remove in next bump. */
+
 int
 UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
 {
-	char buff[BUFSIZ];
-	int ret;
-
-	ret = UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
-	    prompt, verify);
-	explicit_bzero(buff, BUFSIZ);
-	return (ret);
+	return -1;
 }
 LCRYPTO_ALIAS(UI_UTIL_read_pw_string);
 
 int
 UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
 {
-	int ok = 0;
-	UI *ui;
-
-	if (size < 1)
-		return -1;
-
-	ui = UI_new();
-	if (ui) {
-		ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
-		if (ok >= 0 && verify)
-			ok = UI_add_verify_string(ui, prompt, 0, buff, 0,
-			    size - 1, buf);
-		if (ok >= 0)
-			ok = UI_process(ui);
-		UI_free(ui);
-	}
-	if (ok > 0)
-		ok = 0;
-	return (ok);
+	return -1;
 }
 LCRYPTO_ALIAS(UI_UTIL_read_pw);