Remove CRL method API documentation

author: tb <> 2024-03-06 02:34:14 +0000
committer: tb <> 2024-03-06 02:34:14 +0000
commit: f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca (patch)
tree: 129dc159082eecd6f8f99cc246fee06dea39895e
parent: 3899ef156694a143c9b6b8c1f1f798367ba05386 (diff)
download: openbsd-f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca.tar.gz
openbsd-f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca.tar.bz2
openbsd-f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca.zip
7 files changed, 11 insertions, 243 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 1eec56fd0e..5f213edcd9 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.285 2024/03/05 18:30:40 tb Exp $
+# $OpenBSD: Makefile,v 1.286 2024/03/06 02:34:14 tb Exp $
 .include <bsd.own.mk>
@@ -312,7 +312,6 @@ MAN=	\
        X509_ATTRIBUTE_new.3 \
        X509_ATTRIBUTE_set1_object.3 \
        X509_CINF_new.3 \
-        X509_CRL_METHOD_new.3 \
        X509_CRL_get0_by_serial.3 \
        X509_CRL_new.3 \
        X509_CRL_print.3 \
diff --git a/src/lib/libcrypto/man/X509_CRL_METHOD_new.3 b/src/lib/libcrypto/man/X509_CRL_METHOD_new.3
deleted file mode 100644
index f80ce743cd..0000000000
--- a/src/lib/libcrypto/man/X509_CRL_METHOD_new.3
+++ /dev/null
@@ -1,182 +0,0 @@
-.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: October 30 2021 $
-.Dt X509_CRL_METHOD_NEW 3
-.Os
-.Sh NAME
-.Nm X509_CRL_METHOD_new ,
-.Nm X509_CRL_METHOD_free ,
-.Nm X509_CRL_set_default_method ,
-.Nm X509_CRL_set_meth_data ,
-.Nm X509_CRL_get_meth_data
-.Nd customize CRL handling
-.Sh SYNOPSIS
-.In openssl/x509.h
-.Ft X509_CRL_METHOD *
-.Fo X509_CRL_METHOD_new
-.Fa "int (*crl_init)(X509_CRL *crl)"
-.Fa "int (*crl_free)(X509_CRL *crl)"
-.Fa "int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,\
- ASN1_INTEGER *ser, X509_NAME *issuer)"
-.Fa "int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)"
-.Fc
-.Ft void
-.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method"
-.Ft void
-.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method"
-.Ft void
-.Fn X509_CRL_set_meth_data "X509_CRL *crl" "void *data"
-.Ft void *
-.Fn X509_CRL_get_meth_data "X509_CRL *crl"
-.Sh DESCRIPTION
-These functions customize BER decoding and signature verification
-of X.509 certificate revocation lists,
-as well as retrieval of revoked entries from such lists.
-.Pp
-.Fn X509_CRL_METHOD_new
-allocates and initializes a new
-.Vt X509_CRL_METHOD
-object, storing the four pointers to callback functions in it
-that are provided as arguments.
-.Pp
-.Fn X509_CRL_METHOD_free
-frees the given
-.Fa method
-object.
-If
-.Fa method
-is a
-.Dv NULL
-pointer or points to the static object built into the library,
-no action occurs.
-.Pp
-.Fn X509_CRL_set_default_method
-designates the given
-.Fa method
-to be used for objects that will be created with
-.Xr X509_CRL_new 3
-in the future.
-It has no effect on
-.Vt X509_CRL
-objects that already exist.
-If
-.Fa method
-is
-.Dv NULL ,
-any previously installed method will no longer be used for new
-.Vt X509_CRL
-objects created in the future, and those future objects will adhere
-to the default behaviour instead.
-.Pp
-The optional function
-.Fn crl_init
-will be called at the end of
-.Xr d2i_X509_CRL 3 ,
-the optional function
-.Fn crl_free
-near the end of
-.Xr X509_CRL_free 3 ,
-immediately before freeing
-.Fa crl
-itself.
-The function
-.Fn crl_lookup
-will be called by
-.Xr X509_CRL_get0_by_serial 3 ,
-setting
-.Fa issuer
-to
-.Dv NULL ,
-and by
-.Xr X509_CRL_get0_by_cert 3 ,
-both instead of performing the default action.
-The function
-.Fn crl_verify
-will be called by
-.Xr X509_CRL_verify 3
-instead of performing the default action.
-.Pp
-.Fn X509_CRL_set_meth_data
-stores the pointer to the auxiliary
-.Fa data
-inside the
-.Fa crl
-object.
-The pointer is expected to remain valid during the whole lifetime of the
-.Fa crl
-object but is not automatically freed when the
-.Fa crl
-object is freed.
-.Pp
-.Fn X509_CRL_get_meth_data
-retrieves the
-.Fa data
-from
-.Fa crl
-the was added with
-.Fn X509_CRL_set_meth_data .
-This may for example be useful inside the four callback methods
-installed with
-.Fn X509_CRL_METHOD_new .
-.Sh RETURN VALUES
-.Fn X509_CRL_METHOD_new
-returns a pointer to the new object or
-.Dv NULL
-if memory allocation fails.
-.Pp
-.Fn X509_CRL_get_meth_data
-returns the pointer previously installed with
-.Fn X509_CRL_set_meth_data
-or
-.Dv NULL
-if
-.Fn X509_CRL_set_meth_data
-was not called on
-.Fa crl .
-.Pp
-The callback functions
-.Fn crl_init
-and
-.Fn crl_free
-are supposed to return 1 for success or 0 for failure.
-.Pp
-The callback function
-.Fn crl_lookup
-is supposed to return 0 for failure or 1 for success,
-except if the revoked entry has the reason
-.Qq removeFromCRL ,
-in which case it is supposed to return 2.
-.Pp
-The callback function
-.Fn crl_verify
-is supposed to return 1 if the signature is valid
-or 0 if the signature check fails.
-If the signature could not be checked at all because it was invalid
-or some other error occurred, \-1 may be returned.
-.Sh SEE ALSO
-.Xr ASN1_INTEGER_new 3 ,
-.Xr d2i_X509_CRL 3 ,
-.Xr EVP_PKEY_new 3 ,
-.Xr X509_CRL_get0_by_serial 3 ,
-.Xr X509_CRL_new 3 ,
-.Xr X509_CRL_verify 3 ,
-.Xr X509_NAME_new 3 ,
-.Xr X509_REVOKED_new 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.0.0
-and have been available since
-.Ox 4.9 .
diff --git a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3
index 865e86feb9..f5edee6085 100644
--- a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3
+++ b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $
 .\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt X509_CRL_GET0_BY_SERIAL 3
 .Os
 .Sh NAME
@@ -105,18 +105,6 @@ except that it looks for a revoked entry using the serial number
 of certificate
 .Fa x .
 .Pp
-If
-.Xr X509_CRL_set_default_method 3
-was in effect at the time the
-.Fa crl
-object was created,
-.Fn X509_CRL_get0_by_serial
-and
-.Fn X509_CRL_get0_by_cert
-invoke the
-.Fn crl_lookup
-callback function instead of performing the default action.
-.Pp
 .Fn X509_CRL_get_REVOKED
 returns an internal pointer to a stack of all revoked entries for
 .Fa crl .
@@ -170,7 +158,6 @@ returns a STACK of revoked entries.
 .Xr X509_CRL_get_ext 3 ,
 .Xr X509_CRL_get_issuer 3 ,
 .Xr X509_CRL_get_version 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_REVOKED_new 3 ,
 .Xr X509V3_get_d2i 3
diff --git a/src/lib/libcrypto/man/X509_CRL_new.3 b/src/lib/libcrypto/man/X509_CRL_new.3
index 82ba18266a..f9355fcfd3 100644
--- a/src/lib/libcrypto/man/X509_CRL_new.3
+++ b/src/lib/libcrypto/man/X509_CRL_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: X509_CRL_new.3,v 1.14 2024/03/06 02:34:14 tb Exp $
 .\"
 .\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt X509_CRL_NEW 3
 .Os
 .Sh NAME
@@ -67,19 +67,6 @@ decrements the reference count of
 by 1.
 If the reference count reaches 0, it frees
 .Fa crl .
-If
-.Xr X509_CRL_set_default_method 3
-was in effect at the time
-.Fa crl
-was created and the
-.Fn crl_free
-callback is not
-.Dv NULL ,
-that callback is invoked near the end of
-.Fn X509_CRL_free ,
-right before freeing
-.Fa crl
-itself.
 .Pp
 .Fn X509_CRL_INFO_new
 allocates and initializes an empty
@@ -125,7 +112,6 @@ returns 1 on success or 0 on error.
 .Xr X509_CRL_get_issuer 3 ,
 .Xr X509_CRL_get_version 3 ,
 .Xr X509_CRL_match 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_print 3 ,
 .Xr X509_CRL_sign 3 ,
 .Xr X509_EXTENSION_new 3 ,
diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3
index 52890207fb..059d92bac5 100644
--- a/src/lib/libcrypto/man/X509_sign.3
+++ b/src/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $
+.\" $OpenBSD: X509_sign.3,v 1.11 2024/03/06 02:34:14 tb Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 28 2023 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt X509_SIGN 3
 .Os
 .Sh NAME
@@ -145,16 +145,6 @@ and
 .Fn X509_CRL_verify
 sign and verify certificate requests and CRLs, respectively.
 .Pp
-If
-.Xr X509_CRL_set_default_method 3
-was in effect at the time the
-.Vt X509_CRL
-object was created,
-.Fn X509_CRL_verify
-calls the
-.Fn crl_verify
-callback function instead of performing the default action.
-.Pp
 .Fn X509_sign_ctx
 is used where the default parameters for the corresponding public key
 and digest are not suitable.
@@ -183,7 +173,6 @@ In some cases of failure, the reason can be determined with
 .Xr d2i_X509 3 ,
 .Xr EVP_DigestInit 3 ,
 .Xr X509_CRL_get0_by_serial 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_get_pubkey 3 ,
 .Xr X509_get_subject_name 3 ,
diff --git a/src/lib/libcrypto/man/d2i_X509_CRL.3 b/src/lib/libcrypto/man/d2i_X509_CRL.3
index a0a19b4f55..948c283b51 100644
--- a/src/lib/libcrypto/man/d2i_X509_CRL.3
+++ b/src/lib/libcrypto/man/d2i_X509_CRL.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $
+.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $
 .\"
 .\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 30 2021 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt D2I_X509_CRL 3
 .Os
 .Sh NAME
@@ -96,15 +96,6 @@ decode and encode an ASN.1
 .Vt CertificateList
 structure defined in RFC 5280 section 5.1.
 .Pp
-If
-.Xr X509_CRL_set_default_method 3
-is in effect and the
-.Fn crl_init
-callback is not
-.Dv NULL ,
-that callback is invoked at the end of
-.Fn d2i_X509_CRL .
-.Pp
 .Fn d2i_X509_CRL_bio ,
 .Fn d2i_X509_CRL_fp ,
 .Fn i2d_X509_CRL_bio ,
@@ -132,7 +123,6 @@ the revokedCertificates field of the ASN.1
 structure.
 .Sh SEE ALSO
 .Xr ASN1_item_d2i 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_REVOKED_new 3
 .Sh STANDARDS
diff --git a/src/lib/libcrypto/man/evp.3 b/src/lib/libcrypto/man/evp.3
index ece3bfe7fc..0222dd66b4 100644
--- a/src/lib/libcrypto/man/evp.3
+++ b/src/lib/libcrypto/man/evp.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $
+.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: March 6 2024 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -234,7 +234,6 @@ family of functions provides base64 encoding and decoding.
 .Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
 .Xr X509_ALGOR_set_md 3 ,
 .Xr X509_check_private_key 3 ,
-.Xr X509_CRL_METHOD_new 3 ,
 .Xr X509_digest 3 ,
 .Xr X509_get_pubkey 3 ,
 .Xr X509_PUBKEY_set 3 ,
author	tb <>	2024-03-06 02:34:14 +0000
committer	tb <>	2024-03-06 02:34:14 +0000
commit	f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca (patch)
tree	129dc159082eecd6f8f99cc246fee06dea39895e
parent	3899ef156694a143c9b6b8c1f1f798367ba05386 (diff)
download	openbsd-f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca.tar.gz openbsd-f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca.tar.bz2 openbsd-f09ec41be674c89a5fe7a6cc514a0bd5877ff4ca.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 1eec56fd0e..5f213edcd9 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.285 2024/03/05 18:30:40 tb Exp $	1	# $OpenBSD: Makefile,v 1.286 2024/03/06 02:34:14 tb Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -312,7 +312,6 @@ MAN= \
312	X509_ATTRIBUTE_new.3 \	312	X509_ATTRIBUTE_new.3 \
313	X509_ATTRIBUTE_set1_object.3 \	313	X509_ATTRIBUTE_set1_object.3 \
314	X509_CINF_new.3 \	314	X509_CINF_new.3 \
315	X509_CRL_METHOD_new.3 \
316	X509_CRL_get0_by_serial.3 \	315	X509_CRL_get0_by_serial.3 \
317	X509_CRL_new.3 \	316	X509_CRL_new.3 \
318	X509_CRL_print.3 \	317	X509_CRL_print.3 \


diff --git a/src/lib/libcrypto/man/X509_CRL_METHOD_new.3 b/src/lib/libcrypto/man/X509_CRL_METHOD_new.3 deleted file mode 100644 index f80ce743cd..0000000000 --- a/src/lib/libcrypto/man/X509_CRL_METHOD_new.3 +++ /dev/null
@@ -1,182 +0,0 @@
1	.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $
2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: October 30 2021 $
18	.Dt X509_CRL_METHOD_NEW 3
19	.Os
20	.Sh NAME
21	.Nm X509_CRL_METHOD_new ,
22	.Nm X509_CRL_METHOD_free ,
23	.Nm X509_CRL_set_default_method ,
24	.Nm X509_CRL_set_meth_data ,
25	.Nm X509_CRL_get_meth_data
26	.Nd customize CRL handling
27	.Sh SYNOPSIS
28	.In openssl/x509.h
29	.Ft X509_CRL_METHOD *
30	.Fo X509_CRL_METHOD_new
31	.Fa "int (crl_init)(X509_CRL crl)"
32	.Fa "int (crl_free)(X509_CRL crl)"
33	.Fa "int (crl_lookup)(X509_CRL crl, X509_REVOKED **ret,\
34	ASN1_INTEGER ser, X509_NAME issuer)"
35	.Fa "int (crl_verify)(X509_CRL crl, EVP_PKEY *pk)"
36	.Fc
37	.Ft void
38	.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method"
39	.Ft void
40	.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method"
41	.Ft void
42	.Fn X509_CRL_set_meth_data "X509_CRL crl" "void data"
43	.Ft void *
44	.Fn X509_CRL_get_meth_data "X509_CRL *crl"
45	.Sh DESCRIPTION
46	These functions customize BER decoding and signature verification
47	of X.509 certificate revocation lists,
48	as well as retrieval of revoked entries from such lists.
49	.Pp
50	.Fn X509_CRL_METHOD_new
51	allocates and initializes a new
52	.Vt X509_CRL_METHOD
53	object, storing the four pointers to callback functions in it
54	that are provided as arguments.
55	.Pp
56	.Fn X509_CRL_METHOD_free
57	frees the given
58	.Fa method
59	object.
60	If
61	.Fa method
62	is a
63	.Dv NULL
64	pointer or points to the static object built into the library,
65	no action occurs.
66	.Pp
67	.Fn X509_CRL_set_default_method
68	designates the given
69	.Fa method
70	to be used for objects that will be created with
71	.Xr X509_CRL_new 3
72	in the future.
73	It has no effect on
74	.Vt X509_CRL
75	objects that already exist.
76	If
77	.Fa method
78	is
79	.Dv NULL ,
80	any previously installed method will no longer be used for new
81	.Vt X509_CRL
82	objects created in the future, and those future objects will adhere
83	to the default behaviour instead.
84	.Pp
85	The optional function
86	.Fn crl_init
87	will be called at the end of
88	.Xr d2i_X509_CRL 3 ,
89	the optional function
90	.Fn crl_free
91	near the end of
92	.Xr X509_CRL_free 3 ,
93	immediately before freeing
94	.Fa crl
95	itself.
96	The function
97	.Fn crl_lookup
98	will be called by
99	.Xr X509_CRL_get0_by_serial 3 ,
100	setting
101	.Fa issuer
102	to
103	.Dv NULL ,
104	and by
105	.Xr X509_CRL_get0_by_cert 3 ,
106	both instead of performing the default action.
107	The function
108	.Fn crl_verify
109	will be called by
110	.Xr X509_CRL_verify 3
111	instead of performing the default action.
112	.Pp
113	.Fn X509_CRL_set_meth_data
114	stores the pointer to the auxiliary
115	.Fa data
116	inside the
117	.Fa crl
118	object.
119	The pointer is expected to remain valid during the whole lifetime of the
120	.Fa crl
121	object but is not automatically freed when the
122	.Fa crl
123	object is freed.
124	.Pp
125	.Fn X509_CRL_get_meth_data
126	retrieves the
127	.Fa data
128	from
129	.Fa crl
130	the was added with
131	.Fn X509_CRL_set_meth_data .
132	This may for example be useful inside the four callback methods
133	installed with
134	.Fn X509_CRL_METHOD_new .
135	.Sh RETURN VALUES
136	.Fn X509_CRL_METHOD_new
137	returns a pointer to the new object or
138	.Dv NULL
139	if memory allocation fails.
140	.Pp
141	.Fn X509_CRL_get_meth_data
142	returns the pointer previously installed with
143	.Fn X509_CRL_set_meth_data
144	or
145	.Dv NULL
146	if
147	.Fn X509_CRL_set_meth_data
148	was not called on
149	.Fa crl .
150	.Pp
151	The callback functions
152	.Fn crl_init
153	and
154	.Fn crl_free
155	are supposed to return 1 for success or 0 for failure.
156	.Pp
157	The callback function
158	.Fn crl_lookup
159	is supposed to return 0 for failure or 1 for success,
160	except if the revoked entry has the reason
161	.Qq removeFromCRL ,
162	in which case it is supposed to return 2.
163	.Pp
164	The callback function
165	.Fn crl_verify
166	is supposed to return 1 if the signature is valid
167	or 0 if the signature check fails.
168	If the signature could not be checked at all because it was invalid
169	or some other error occurred, \-1 may be returned.
170	.Sh SEE ALSO
171	.Xr ASN1_INTEGER_new 3 ,
172	.Xr d2i_X509_CRL 3 ,
173	.Xr EVP_PKEY_new 3 ,
174	.Xr X509_CRL_get0_by_serial 3 ,
175	.Xr X509_CRL_new 3 ,
176	.Xr X509_CRL_verify 3 ,
177	.Xr X509_NAME_new 3 ,
178	.Xr X509_REVOKED_new 3
179	.Sh HISTORY
180	These functions first appeared in OpenSSL 1.0.0
181	and have been available since
182	.Ox 4.9 .


diff --git a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 index 865e86feb9..f5edee6085 100644 --- a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $	1	.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $
2	.\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100	2	.\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: October 30 2021 $	51	.Dd $Mdocdate: March 6 2024 $
52	.Dt X509_CRL_GET0_BY_SERIAL 3	52	.Dt X509_CRL_GET0_BY_SERIAL 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -105,18 +105,6 @@ except that it looks for a revoked entry using the serial number
105	of certificate	105	of certificate
106	.Fa x .	106	.Fa x .
107	.Pp	107	.Pp
108	If
109	.Xr X509_CRL_set_default_method 3
110	was in effect at the time the
111	.Fa crl
112	object was created,
113	.Fn X509_CRL_get0_by_serial
114	and
115	.Fn X509_CRL_get0_by_cert
116	invoke the
117	.Fn crl_lookup
118	callback function instead of performing the default action.
119	.Pp
120	.Fn X509_CRL_get_REVOKED	108	.Fn X509_CRL_get_REVOKED
121	returns an internal pointer to a stack of all revoked entries for	109	returns an internal pointer to a stack of all revoked entries for
122	.Fa crl .	110	.Fa crl .
@@ -170,7 +158,6 @@ returns a STACK of revoked entries.
170	.Xr X509_CRL_get_ext 3 ,	158	.Xr X509_CRL_get_ext 3 ,
171	.Xr X509_CRL_get_issuer 3 ,	159	.Xr X509_CRL_get_issuer 3 ,
172	.Xr X509_CRL_get_version 3 ,	160	.Xr X509_CRL_get_version 3 ,
173	.Xr X509_CRL_METHOD_new 3 ,
174	.Xr X509_CRL_new 3 ,	161	.Xr X509_CRL_new 3 ,
175	.Xr X509_REVOKED_new 3 ,	162	.Xr X509_REVOKED_new 3 ,
176	.Xr X509V3_get_d2i 3	163	.Xr X509V3_get_d2i 3


diff --git a/src/lib/libcrypto/man/X509_CRL_new.3 b/src/lib/libcrypto/man/X509_CRL_new.3 index 82ba18266a..f9355fcfd3 100644 --- a/src/lib/libcrypto/man/X509_CRL_new.3 +++ b/src/lib/libcrypto/man/X509_CRL_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $	1	.\" $OpenBSD: X509_CRL_new.3,v 1.14 2024/03/06 02:34:14 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: October 30 2021 $	17	.Dd $Mdocdate: March 6 2024 $
18	.Dt X509_CRL_NEW 3	18	.Dt X509_CRL_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -67,19 +67,6 @@ decrements the reference count of
67	by 1.	67	by 1.
68	If the reference count reaches 0, it frees	68	If the reference count reaches 0, it frees
69	.Fa crl .	69	.Fa crl .
70	If
71	.Xr X509_CRL_set_default_method 3
72	was in effect at the time
73	.Fa crl
74	was created and the
75	.Fn crl_free
76	callback is not
77	.Dv NULL ,
78	that callback is invoked near the end of
79	.Fn X509_CRL_free ,
80	right before freeing
81	.Fa crl
82	itself.
83	.Pp	70	.Pp
84	.Fn X509_CRL_INFO_new	71	.Fn X509_CRL_INFO_new
85	allocates and initializes an empty	72	allocates and initializes an empty
@@ -125,7 +112,6 @@ returns 1 on success or 0 on error.
125	.Xr X509_CRL_get_issuer 3 ,	112	.Xr X509_CRL_get_issuer 3 ,
126	.Xr X509_CRL_get_version 3 ,	113	.Xr X509_CRL_get_version 3 ,
127	.Xr X509_CRL_match 3 ,	114	.Xr X509_CRL_match 3 ,
128	.Xr X509_CRL_METHOD_new 3 ,
129	.Xr X509_CRL_print 3 ,	115	.Xr X509_CRL_print 3 ,
130	.Xr X509_CRL_sign 3 ,	116	.Xr X509_CRL_sign 3 ,
131	.Xr X509_EXTENSION_new 3 ,	117	.Xr X509_EXTENSION_new 3 ,


diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3 index 52890207fb..059d92bac5 100644 --- a/src/lib/libcrypto/man/X509_sign.3 +++ b/src/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $	1	.\" $OpenBSD: X509_sign.3,v 1.11 2024/03/06 02:34:14 tb Exp $
2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100	2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: April 28 2023 $	51	.Dd $Mdocdate: March 6 2024 $
52	.Dt X509_SIGN 3	52	.Dt X509_SIGN 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -145,16 +145,6 @@ and
145	.Fn X509_CRL_verify	145	.Fn X509_CRL_verify
146	sign and verify certificate requests and CRLs, respectively.	146	sign and verify certificate requests and CRLs, respectively.
147	.Pp	147	.Pp
148	If
149	.Xr X509_CRL_set_default_method 3
150	was in effect at the time the
151	.Vt X509_CRL
152	object was created,
153	.Fn X509_CRL_verify
154	calls the
155	.Fn crl_verify
156	callback function instead of performing the default action.
157	.Pp
158	.Fn X509_sign_ctx	148	.Fn X509_sign_ctx
159	is used where the default parameters for the corresponding public key	149	is used where the default parameters for the corresponding public key
160	and digest are not suitable.	150	and digest are not suitable.
@@ -183,7 +173,6 @@ In some cases of failure, the reason can be determined with
183	.Xr d2i_X509 3 ,	173	.Xr d2i_X509 3 ,
184	.Xr EVP_DigestInit 3 ,	174	.Xr EVP_DigestInit 3 ,
185	.Xr X509_CRL_get0_by_serial 3 ,	175	.Xr X509_CRL_get0_by_serial 3 ,
186	.Xr X509_CRL_METHOD_new 3 ,
187	.Xr X509_CRL_new 3 ,	176	.Xr X509_CRL_new 3 ,
188	.Xr X509_get_pubkey 3 ,	177	.Xr X509_get_pubkey 3 ,
189	.Xr X509_get_subject_name 3 ,	178	.Xr X509_get_subject_name 3 ,


diff --git a/src/lib/libcrypto/man/d2i_X509_CRL.3 b/src/lib/libcrypto/man/d2i_X509_CRL.3 index a0a19b4f55..948c283b51 100644 --- a/src/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/src/lib/libcrypto/man/d2i_X509_CRL.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $	1	.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: October 30 2021 $	17	.Dd $Mdocdate: March 6 2024 $
18	.Dt D2I_X509_CRL 3	18	.Dt D2I_X509_CRL 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -96,15 +96,6 @@ decode and encode an ASN.1
96	.Vt CertificateList	96	.Vt CertificateList
97	structure defined in RFC 5280 section 5.1.	97	structure defined in RFC 5280 section 5.1.
98	.Pp	98	.Pp
99	If
100	.Xr X509_CRL_set_default_method 3
101	is in effect and the
102	.Fn crl_init
103	callback is not
104	.Dv NULL ,
105	that callback is invoked at the end of
106	.Fn d2i_X509_CRL .
107	.Pp
108	.Fn d2i_X509_CRL_bio ,	99	.Fn d2i_X509_CRL_bio ,
109	.Fn d2i_X509_CRL_fp ,	100	.Fn d2i_X509_CRL_fp ,
110	.Fn i2d_X509_CRL_bio ,	101	.Fn i2d_X509_CRL_bio ,
@@ -132,7 +123,6 @@ the revokedCertificates field of the ASN.1
132	structure.	123	structure.
133	.Sh SEE ALSO	124	.Sh SEE ALSO
134	.Xr ASN1_item_d2i 3 ,	125	.Xr ASN1_item_d2i 3 ,
135	.Xr X509_CRL_METHOD_new 3 ,
136	.Xr X509_CRL_new 3 ,	126	.Xr X509_CRL_new 3 ,
137	.Xr X509_REVOKED_new 3	127	.Xr X509_REVOKED_new 3
138	.Sh STANDARDS	128	.Sh STANDARDS


diff --git a/src/lib/libcrypto/man/evp.3 b/src/lib/libcrypto/man/evp.3 index ece3bfe7fc..0222dd66b4 100644 --- a/src/lib/libcrypto/man/evp.3 +++ b/src/lib/libcrypto/man/evp.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $	1	.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $
2	.\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100	2	.\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
3	.\"	3	.\"
4	.\" This file was written by Ulf Moeller <ulf@openssl.org>,	4	.\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
53	.\"	53	.\"
54	.Dd $Mdocdate: March 5 2024 $	54	.Dd $Mdocdate: March 6 2024 $
55	.Dt EVP 3	55	.Dt EVP 3
56	.Os	56	.Os
57	.Sh NAME	57	.Sh NAME
@@ -234,7 +234,6 @@ family of functions provides base64 encoding and decoding.
234	.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,	234	.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
235	.Xr X509_ALGOR_set_md 3 ,	235	.Xr X509_ALGOR_set_md 3 ,
236	.Xr X509_check_private_key 3 ,	236	.Xr X509_check_private_key 3 ,
237	.Xr X509_CRL_METHOD_new 3 ,
238	.Xr X509_digest 3 ,	237	.Xr X509_digest 3 ,
239	.Xr X509_get_pubkey 3 ,	238	.Xr X509_get_pubkey 3 ,
240	.Xr X509_PUBKEY_set 3 ,	239	.Xr X509_PUBKEY_set 3 ,