Use hyphenated spelling for the SHAs except for the API

The mix of SHA256 and SHA-256 is jarring, so use FIPS's spelling. Leave HMAC-SHA256 as it is and fix a nearby RIPEMD-160.
author: tb <> 2025-04-17 14:58:09 +0000
committer: tb <> 2025-04-17 14:58:09 +0000
commit: 6f34b1f56143bc41374d32f1ad51d79d41501431 (patch)
tree: ef34953019c29bd29272d62a3f5be39397609dc2 /src
parent: 612af42285ca57d13d2a643f6a1dbd10fb1674f1 (diff)
download: openbsd-6f34b1f56143bc41374d32f1ad51d79d41501431.tar.gz
openbsd-6f34b1f56143bc41374d32f1ad51d79d41501431.tar.bz2
openbsd-6f34b1f56143bc41374d32f1ad51d79d41501431.zip
12 files changed, 42 insertions, 41 deletions
diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3
index 5261c190a6..c9b26716d6 100644
--- a/src/lib/libcrypto/man/CMS_sign.3
+++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_sign.3,v 1.11 2024/04/18 16:50:22 tb Exp $
+.\" $OpenBSD: CMS_sign.3,v 1.12 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 18 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt CMS_SIGN 3
 .Os
 .Sh NAME
@@ -176,7 +176,7 @@ added before finalization.
 .Pp
 If a signer is specified, it will use the default digest for the signing
 algorithm.
-This is SHA1 for both RSA and DSA keys.
+This is SHA-1 for both RSA and DSA keys.
 .Pp
 If
 .Fa signcert
diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3
index 668c189bc1..2a634540c7 100644
--- a/src/lib/libcrypto/man/EVP_DigestInit.3
+++ b/src/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.37 2024/12/06 15:01:01 schwarze Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.38 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -70,7 +70,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 6 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -361,15 +361,16 @@ and
 .Fn EVP_ripemd160
 return
 .Vt EVP_MD
-structures for the SHA224, SHA256, SHA384, SHA512 and
+structures for the SHA-224, SHA-256, SHA-384, SHA-512 and
-RIPEMD160 digest algorithms respectively.
+RIPEMD-160 digest algorithms respectively.
 .Pp
 .Fn EVP_sha512_224
 and
 .Fn EVP_sha512_256
 return an
 .Vt EVP_MD
-structure that provides the truncated SHA512 variants SHA512/224 and SHA512/256,
+structure that provides the truncated SHA-512 variants
+SHA-512/224 and SHA-512/256,
 respectively.
 .Pp
 .Fn EVP_md_null
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 137e576c46..41c5a9ab9a 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.28 2024/12/10 14:54:20 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.29 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\" Parts were split out into RSA_pkey_ctx_ctrl(3).
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 10 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt EVP_PKEY_CTX_CTRL 3
 .Os
 .Sh NAME
@@ -371,7 +371,7 @@ The
 macro sets the key derivation function message digest to
 .Fa md
 for ECDH key derivation.
-Note that X9.63 specifies that this digest should be SHA1,
+Note that X9.63 specifies that this digest should be SHA-1,
 but OpenSSL tolerates other digests.
 .Pp
 The
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
index 1b95bbaa98..bdb1a208a2 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_set_tls1_prf_md.3,v 1.2 2024/07/10 10:22:03 tb Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_set_tls1_prf_md.3,v 1.3 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
 .\"
 .\" This file was written by Dr Stephen Henson <steve@openssl.org>,
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 10 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt EVP_PKEY_CTX_SET_TLS1_PRF_MD 3
 .Os
 .Sh NAME
@@ -87,7 +87,7 @@ It has no associated private key and only implements key derivation using
 sets the message digest associated with the TLS PRF.
 .Xr EVP_md5_sha1 3
 is treated as a special case which uses the PRF algorithm using both
-MD5 and SHA1 as used in TLS 1.0 and 1.1.
+MD5 and SHA-1 as used in TLS 1.0 and 1.1.
 .Pp
 .Fn EVP_PKEY_CTX_set_tls1_prf_secret
 sets the secret value of the TLS PRF to
diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3
index d73b0abb7b..afd9177596 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.9 2024/12/06 14:27:49 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.10 2025/04/17 14:58:09 tb Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 6 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt EVP_PKEY_SIGN 3
 .Os
 .Sh NAME
@@ -134,7 +134,7 @@ return 1 for success and 0 or a negative value for failure.
 In particular, a return value of -2 indicates the operation is not
 supported by the public key algorithm.
 .Sh EXAMPLES
-Sign data using RSA with PKCS#1 padding and SHA256 digest:
+Sign data using RSA with PKCS#1 padding and SHA-256 digest:
 .Bd -literal -offset indent
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify.3 b/src/lib/libcrypto/man/EVP_PKEY_verify.3
index d096a3a7be..c297e9669a 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_verify.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_verify.3,v 1.8 2024/12/06 14:27:49 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_verify.3,v 1.9 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 6 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt EVP_PKEY_VERIFY 3
 .Os
 .Sh NAME
@@ -120,7 +120,7 @@ failure.
 In particular, a return value of -2 indicates the operation is not
 supported by the public key algorithm.
 .Sh EXAMPLES
-Verify signature using PKCS#1 and SHA256 digest:
+Verify signature using PKCS#1 and SHA-256 digest:
 .Bd -literal -offset 3n
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
index 30c034cdb5..2e863f35b4 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_verify_recover.3,v 1.10 2024/12/06 14:27:49 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_verify_recover.3,v 1.11 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 6 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt EVP_PKEY_VERIFY_RECOVER 3
 .Os
 .Sh NAME
@@ -135,7 +135,7 @@ return 1 for success and 0 or a negative value for failure.
 In particular, a return value of -2 indicates the operation is not
 supported by the public key algorithm.
 .Sh EXAMPLES
-Recover digest originally signed using PKCS#1 and SHA256 digest:
+Recover digest originally signed using PKCS#1 and SHA-256 digest:
 .Bd -literal -offset indent
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3
index e014a1d262..032e87515e 100644
--- a/src/lib/libcrypto/man/OCSP_cert_to_id.3
+++ b/src/lib/libcrypto/man/OCSP_cert_to_id.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.13 2024/08/24 19:31:09 tb Exp $
+.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.14 2025/04/17 14:58:09 tb Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 24 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt OCSP_CERT_TO_ID 3
 .Os
 .Sh NAME
@@ -148,7 +148,7 @@ If
 .Fa dgst
 is
 .Dv NULL
-then SHA1 is used.
+then SHA-1 is used.
 .Pp
 .Fn OCSP_cert_id_new
 creates and returns a new
diff --git a/src/lib/libcrypto/man/RSA_sign.3 b/src/lib/libcrypto/man/RSA_sign.3
index 65e9dc99b8..888e36a680 100644
--- a/src/lib/libcrypto/man/RSA_sign.3
+++ b/src/lib/libcrypto/man/RSA_sign.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: RSA_sign.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $
+.\"     $OpenBSD: RSA_sign.3,v 1.9 2025/04/17 14:58:09 tb Exp $
 .\"     OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt RSA_SIGN 3
 .Os
 .Sh NAME
@@ -106,7 +106,7 @@ If
 .Fa type
 is
 .Sy NID_md5_sha1 ,
-an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and
+an SSL signature (MD5 and SHA-1 message digests with PKCS #1 padding and
 no algorithm identifier) is created.
 .Pp
 .Fn RSA_verify
diff --git a/src/lib/libcrypto/man/X509_NAME_hash.3 b/src/lib/libcrypto/man/X509_NAME_hash.3
index 8766109525..55de9bbe2e 100644
--- a/src/lib/libcrypto/man/X509_NAME_hash.3
+++ b/src/lib/libcrypto/man/X509_NAME_hash.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_NAME_hash.3,v 1.3 2021/07/31 14:54:33 schwarze Exp $
+.\" $OpenBSD: X509_NAME_hash.3,v 1.4 2025/04/17 14:58:09 tb Exp $
 .\"
 .\" Copyright (c) 2017, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 31 2021 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt X509_NAME_HASH 3
 .Os
 .Sh NAME
@@ -86,7 +86,7 @@ rather than an ASCII rendering in SSLeay 0.9.0 and have all been
 available since
 .Ox 2.4 .
 .Pp
-They were switched to using SHA1 instead of MD5 in OpenSSL 1.0.0 and in
+They were switched to using SHA-1 instead of MD5 in OpenSSL 1.0.0 and in
 .Ox 4.9 .
 .Pp
 .Fn X509_NAME_hash_old ,
diff --git a/src/lib/libcrypto/man/X509_get0_signature.3 b/src/lib/libcrypto/man/X509_get0_signature.3
index dc3be2c70a..2428f411b1 100644
--- a/src/lib/libcrypto/man/X509_get0_signature.3
+++ b/src/lib/libcrypto/man/X509_get0_signature.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get0_signature.3,v 1.9 2024/08/28 07:18:55 tb Exp $
+.\" $OpenBSD: X509_get0_signature.3,v 1.10 2025/04/17 14:58:09 tb Exp $
 .\" selective merge up to:
 .\" OpenSSL man3/X509_get0_signature 2f7a2520 Apr 25 17:28:08 2017 +0100
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 28 2024 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt X509_GET0_SIGNATURE 3
 .Os
 .Sh NAME
@@ -212,11 +212,11 @@ For a supported EdDSA algorithm (in LibreSSL this is Ed25519)
 this flag is always set.
 For an RSASSA-PSS PSS algorithm this flag is set if
 the parameters are DER encoded,
-the digest algorithm is one of SHA256, SHA384, or SHA512,
+the digest algorithm is one of SHA-256, SHA-384, or SHA-512,
 the same digest algorithm is used in the mask generation function,
 and the salt length is equal to the digest algorithm's output length.
 For all other signature algorithms this flag is set if the digest
-algorithm is one of SHA1, SHA256, SHA384, or SHA512.
+algorithm is one of SHA-1, SHA-256, SHA-384, or SHA-512.
 .El
 .Pp
 .Fn X509_get_signature_info
@@ -276,5 +276,5 @@ refer to the information available from the certificate signature
 (such as the signing digest).
 In some cases the actual security of the signature is smaller
 because the signing key is less secure.
-For example in a certificate signed using SHA512
+For example in a certificate signed using SHA-512
 and a 1024-bit RSA key.
diff --git a/src/lib/libcrypto/man/X509_get_extension_flags.3 b/src/lib/libcrypto/man/X509_get_extension_flags.3
index 1d7f29c687..e5e773f2e8 100644
--- a/src/lib/libcrypto/man/X509_get_extension_flags.3
+++ b/src/lib/libcrypto/man/X509_get_extension_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_extension_flags.3,v 1.4 2023/04/30 19:40:23 tb Exp $
+.\" $OpenBSD: X509_get_extension_flags.3,v 1.5 2025/04/17 14:58:09 tb Exp $
 .\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100
 .\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 30 2023 $
+.Dd $Mdocdate: April 17 2025 $
 .Dt X509_GET_EXTENSION_FLAGS 3
 .Os
 .Sh NAME
@@ -106,8 +106,8 @@ ASN1 object itself.
 .\" EXFLAG_NO_FINGERPRINT is not available in LibreSSL. Do we need
 .\" https://github.com/openssl/openssl/issues/13698 and the fix it fixes?
 .\".It Dv EXFLAG_NO_FINGERPRINT
-.\" Failed to compute the internal SHA1 hash value of the certificate.
+.\" Failed to compute the internal SHA-1 hash value of the certificate.
-.\" This may be due to malloc failure or because no SHA1 implementation was
+.\" This may be due to malloc failure or because no SHA-1 implementation was
 .\" found.
 .It Dv EXFLAG_INVALID_POLICY
 The
author	tb <>	2025-04-17 14:58:09 +0000
committer	tb <>	2025-04-17 14:58:09 +0000
commit	6f34b1f56143bc41374d32f1ad51d79d41501431 (patch)
tree	ef34953019c29bd29272d62a3f5be39397609dc2 /src
parent	612af42285ca57d13d2a643f6a1dbd10fb1674f1 (diff)
download	openbsd-6f34b1f56143bc41374d32f1ad51d79d41501431.tar.gz openbsd-6f34b1f56143bc41374d32f1ad51d79d41501431.tar.bz2 openbsd-6f34b1f56143bc41374d32f1ad51d79d41501431.zip

diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3 index 5261c190a6..c9b26716d6 100644 --- a/src/lib/libcrypto/man/CMS_sign.3 +++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_sign.3,v 1.11 2024/04/18 16:50:22 tb Exp $	1	.\" $OpenBSD: CMS_sign.3,v 1.12 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: April 18 2024 $	51	.Dd $Mdocdate: April 17 2025 $
52	.Dt CMS_SIGN 3	52	.Dt CMS_SIGN 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -176,7 +176,7 @@ added before finalization.
176	.Pp	176	.Pp
177	If a signer is specified, it will use the default digest for the signing	177	If a signer is specified, it will use the default digest for the signing
178	algorithm.	178	algorithm.
179	This is SHA1 for both RSA and DSA keys.	179	This is SHA-1 for both RSA and DSA keys.
180	.Pp	180	.Pp
181	If	181	If
182	.Fa signcert	182	.Fa signcert


diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3 index 668c189bc1..2a634540c7 100644 --- a/src/lib/libcrypto/man/EVP_DigestInit.3 +++ b/src/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_DigestInit.3,v 1.37 2024/12/06 15:01:01 schwarze Exp $	1	.\" $OpenBSD: EVP_DigestInit.3,v 1.38 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000	2	.\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\"	4	.\"
@@ -70,7 +70,7 @@
70	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	70	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
71	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	71	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
72	.\"	72	.\"
73	.Dd $Mdocdate: December 6 2024 $	73	.Dd $Mdocdate: April 17 2025 $
74	.Dt EVP_DIGESTINIT 3	74	.Dt EVP_DIGESTINIT 3
75	.Os	75	.Os
76	.Sh NAME	76	.Sh NAME
@@ -361,15 +361,16 @@ and
361	.Fn EVP_ripemd160	361	.Fn EVP_ripemd160
362	return	362	return
363	.Vt EVP_MD	363	.Vt EVP_MD
364	structures for the SHA224, SHA256, SHA384, SHA512 and	364	structures for the SHA-224, SHA-256, SHA-384, SHA-512 and
365	RIPEMD160 digest algorithms respectively.	365	RIPEMD-160 digest algorithms respectively.
366	.Pp	366	.Pp
367	.Fn EVP_sha512_224	367	.Fn EVP_sha512_224
368	and	368	and
369	.Fn EVP_sha512_256	369	.Fn EVP_sha512_256
370	return an	370	return an
371	.Vt EVP_MD	371	.Vt EVP_MD
372	structure that provides the truncated SHA512 variants SHA512/224 and SHA512/256,	372	structure that provides the truncated SHA-512 variants
		373	SHA-512/224 and SHA-512/256,
373	respectively.	374	respectively.
374	.Pp	375	.Pp
375	.Fn EVP_md_null	376	.Fn EVP_md_null


diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 137e576c46..41c5a9ab9a 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.28 2024/12/10 14:54:20 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.29 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\" Parts were split out into RSA_pkey_ctx_ctrl(3).	4	.\" Parts were split out into RSA_pkey_ctx_ctrl(3).
@@ -69,7 +69,7 @@
69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
71	.\"	71	.\"
72	.Dd $Mdocdate: December 10 2024 $	72	.Dd $Mdocdate: April 17 2025 $
73	.Dt EVP_PKEY_CTX_CTRL 3	73	.Dt EVP_PKEY_CTX_CTRL 3
74	.Os	74	.Os
75	.Sh NAME	75	.Sh NAME
@@ -371,7 +371,7 @@ The
371	macro sets the key derivation function message digest to	371	macro sets the key derivation function message digest to
372	.Fa md	372	.Fa md
373	for ECDH key derivation.	373	for ECDH key derivation.
374	Note that X9.63 specifies that this digest should be SHA1,	374	Note that X9.63 specifies that this digest should be SHA-1,
375	but OpenSSL tolerates other digests.	375	but OpenSSL tolerates other digests.
376	.Pp	376	.Pp
377	The	377	The


diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 index 1b95bbaa98..bdb1a208a2 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_CTX_set_tls1_prf_md.3,v 1.2 2024/07/10 10:22:03 tb Exp $	1	.\" $OpenBSD: EVP_PKEY_CTX_set_tls1_prf_md.3,v 1.3 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100	2	.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr Stephen Henson <steve@openssl.org>,	4	.\" This file was written by Dr Stephen Henson <steve@openssl.org>,
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: July 10 2024 $	51	.Dd $Mdocdate: April 17 2025 $
52	.Dt EVP_PKEY_CTX_SET_TLS1_PRF_MD 3	52	.Dt EVP_PKEY_CTX_SET_TLS1_PRF_MD 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -87,7 +87,7 @@ It has no associated private key and only implements key derivation using
87	sets the message digest associated with the TLS PRF.	87	sets the message digest associated with the TLS PRF.
88	.Xr EVP_md5_sha1 3	88	.Xr EVP_md5_sha1 3
89	is treated as a special case which uses the PRF algorithm using both	89	is treated as a special case which uses the PRF algorithm using both
90	MD5 and SHA1 as used in TLS 1.0 and 1.1.	90	MD5 and SHA-1 as used in TLS 1.0 and 1.1.
91	.Pp	91	.Pp
92	.Fn EVP_PKEY_CTX_set_tls1_prf_secret	92	.Fn EVP_PKEY_CTX_set_tls1_prf_secret
93	sets the secret value of the TLS PRF to	93	sets the secret value of the TLS PRF to


diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3 index d73b0abb7b..afd9177596 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_sign.3,v 1.9 2024/12/06 14:27:49 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_sign.3,v 1.10 2025/04/17 14:58:09 tb Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: December 6 2024 $	52	.Dd $Mdocdate: April 17 2025 $
53	.Dt EVP_PKEY_SIGN 3	53	.Dt EVP_PKEY_SIGN 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -134,7 +134,7 @@ return 1 for success and 0 or a negative value for failure.
134	In particular, a return value of -2 indicates the operation is not	134	In particular, a return value of -2 indicates the operation is not
135	supported by the public key algorithm.	135	supported by the public key algorithm.
136	.Sh EXAMPLES	136	.Sh EXAMPLES
137	Sign data using RSA with PKCS#1 padding and SHA256 digest:	137	Sign data using RSA with PKCS#1 padding and SHA-256 digest:
138	.Bd -literal -offset indent	138	.Bd -literal -offset indent
139	#include <openssl/evp.h>	139	#include <openssl/evp.h>
140	#include <openssl/rsa.h>	140	#include <openssl/rsa.h>


diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify.3 b/src/lib/libcrypto/man/EVP_PKEY_verify.3 index d096a3a7be..c297e9669a 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_verify.3,v 1.8 2024/12/06 14:27:49 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_verify.3,v 1.9 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100	2	.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: December 6 2024 $	52	.Dd $Mdocdate: April 17 2025 $
53	.Dt EVP_PKEY_VERIFY 3	53	.Dt EVP_PKEY_VERIFY 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -120,7 +120,7 @@ failure.
120	In particular, a return value of -2 indicates the operation is not	120	In particular, a return value of -2 indicates the operation is not
121	supported by the public key algorithm.	121	supported by the public key algorithm.
122	.Sh EXAMPLES	122	.Sh EXAMPLES
123	Verify signature using PKCS#1 and SHA256 digest:	123	Verify signature using PKCS#1 and SHA-256 digest:
124	.Bd -literal -offset 3n	124	.Bd -literal -offset 3n
125	#include <openssl/evp.h>	125	#include <openssl/evp.h>
126	#include <openssl/rsa.h>	126	#include <openssl/rsa.h>


diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index 30c034cdb5..2e863f35b4 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_verify_recover.3,v 1.10 2024/12/06 14:27:49 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_verify_recover.3,v 1.11 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100	2	.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: December 6 2024 $	52	.Dd $Mdocdate: April 17 2025 $
53	.Dt EVP_PKEY_VERIFY_RECOVER 3	53	.Dt EVP_PKEY_VERIFY_RECOVER 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -135,7 +135,7 @@ return 1 for success and 0 or a negative value for failure.
135	In particular, a return value of -2 indicates the operation is not	135	In particular, a return value of -2 indicates the operation is not
136	supported by the public key algorithm.	136	supported by the public key algorithm.
137	.Sh EXAMPLES	137	.Sh EXAMPLES
138	Recover digest originally signed using PKCS#1 and SHA256 digest:	138	Recover digest originally signed using PKCS#1 and SHA-256 digest:
139	.Bd -literal -offset indent	139	.Bd -literal -offset indent
140	#include <openssl/evp.h>	140	#include <openssl/evp.h>
141	#include <openssl/rsa.h>	141	#include <openssl/rsa.h>


diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3 index e014a1d262..032e87515e 100644 --- a/src/lib/libcrypto/man/OCSP_cert_to_id.3 +++ b/src/lib/libcrypto/man/OCSP_cert_to_id.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: OCSP_cert_to_id.3,v 1.13 2024/08/24 19:31:09 tb Exp $	1	.\" $OpenBSD: OCSP_cert_to_id.3,v 1.14 2025/04/17 14:58:09 tb Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -65,7 +65,7 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: August 24 2024 $	68	.Dd $Mdocdate: April 17 2025 $
69	.Dt OCSP_CERT_TO_ID 3	69	.Dt OCSP_CERT_TO_ID 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
@@ -148,7 +148,7 @@ If
148	.Fa dgst	148	.Fa dgst
149	is	149	is
150	.Dv NULL	150	.Dv NULL
151	then SHA1 is used.	151	then SHA-1 is used.
152	.Pp	152	.Pp
153	.Fn OCSP_cert_id_new	153	.Fn OCSP_cert_id_new
154	creates and returns a new	154	creates and returns a new


diff --git a/src/lib/libcrypto/man/RSA_sign.3 b/src/lib/libcrypto/man/RSA_sign.3 index 65e9dc99b8..888e36a680 100644 --- a/src/lib/libcrypto/man/RSA_sign.3 +++ b/src/lib/libcrypto/man/RSA_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: RSA_sign.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $	1	.\" $OpenBSD: RSA_sign.3,v 1.9 2025/04/17 14:58:09 tb Exp $
2	.\" OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400	2	.\" OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.	4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: June 10 2019 $	52	.Dd $Mdocdate: April 17 2025 $
53	.Dt RSA_SIGN 3	53	.Dt RSA_SIGN 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -106,7 +106,7 @@ If
106	.Fa type	106	.Fa type
107	is	107	is
108	.Sy NID_md5_sha1 ,	108	.Sy NID_md5_sha1 ,
109	an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and	109	an SSL signature (MD5 and SHA-1 message digests with PKCS #1 padding and
110	no algorithm identifier) is created.	110	no algorithm identifier) is created.
111	.Pp	111	.Pp
112	.Fn RSA_verify	112	.Fn RSA_verify


diff --git a/src/lib/libcrypto/man/X509_NAME_hash.3 b/src/lib/libcrypto/man/X509_NAME_hash.3 index 8766109525..55de9bbe2e 100644 --- a/src/lib/libcrypto/man/X509_NAME_hash.3 +++ b/src/lib/libcrypto/man/X509_NAME_hash.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_NAME_hash.3,v 1.3 2021/07/31 14:54:33 schwarze Exp $	1	.\" $OpenBSD: X509_NAME_hash.3,v 1.4 2025/04/17 14:58:09 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2017, 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2017, 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 31 2021 $	17	.Dd $Mdocdate: April 17 2025 $
18	.Dt X509_NAME_HASH 3	18	.Dt X509_NAME_HASH 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -86,7 +86,7 @@ rather than an ASCII rendering in SSLeay 0.9.0 and have all been
86	available since	86	available since
87	.Ox 2.4 .	87	.Ox 2.4 .
88	.Pp	88	.Pp
89	They were switched to using SHA1 instead of MD5 in OpenSSL 1.0.0 and in	89	They were switched to using SHA-1 instead of MD5 in OpenSSL 1.0.0 and in
90	.Ox 4.9 .	90	.Ox 4.9 .
91	.Pp	91	.Pp
92	.Fn X509_NAME_hash_old ,	92	.Fn X509_NAME_hash_old ,


diff --git a/src/lib/libcrypto/man/X509_get0_signature.3 b/src/lib/libcrypto/man/X509_get0_signature.3 index dc3be2c70a..2428f411b1 100644 --- a/src/lib/libcrypto/man/X509_get0_signature.3 +++ b/src/lib/libcrypto/man/X509_get0_signature.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_get0_signature.3,v 1.9 2024/08/28 07:18:55 tb Exp $	1	.\" $OpenBSD: X509_get0_signature.3,v 1.10 2025/04/17 14:58:09 tb Exp $
2	.\" selective merge up to:	2	.\" selective merge up to:
3	.\" OpenSSL man3/X509_get0_signature 2f7a2520 Apr 25 17:28:08 2017 +0100	3	.\" OpenSSL man3/X509_get0_signature 2f7a2520 Apr 25 17:28:08 2017 +0100
4	.\"	4	.\"
@@ -66,7 +66,7 @@
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"	68	.\"
69	.Dd $Mdocdate: August 28 2024 $	69	.Dd $Mdocdate: April 17 2025 $
70	.Dt X509_GET0_SIGNATURE 3	70	.Dt X509_GET0_SIGNATURE 3
71	.Os	71	.Os
72	.Sh NAME	72	.Sh NAME
@@ -212,11 +212,11 @@ For a supported EdDSA algorithm (in LibreSSL this is Ed25519)
212	this flag is always set.	212	this flag is always set.
213	For an RSASSA-PSS PSS algorithm this flag is set if	213	For an RSASSA-PSS PSS algorithm this flag is set if
214	the parameters are DER encoded,	214	the parameters are DER encoded,
215	the digest algorithm is one of SHA256, SHA384, or SHA512,	215	the digest algorithm is one of SHA-256, SHA-384, or SHA-512,
216	the same digest algorithm is used in the mask generation function,	216	the same digest algorithm is used in the mask generation function,
217	and the salt length is equal to the digest algorithm's output length.	217	and the salt length is equal to the digest algorithm's output length.
218	For all other signature algorithms this flag is set if the digest	218	For all other signature algorithms this flag is set if the digest
219	algorithm is one of SHA1, SHA256, SHA384, or SHA512.	219	algorithm is one of SHA-1, SHA-256, SHA-384, or SHA-512.
220	.El	220	.El
221	.Pp	221	.Pp
222	.Fn X509_get_signature_info	222	.Fn X509_get_signature_info
@@ -276,5 +276,5 @@ refer to the information available from the certificate signature
276	(such as the signing digest).	276	(such as the signing digest).
277	In some cases the actual security of the signature is smaller	277	In some cases the actual security of the signature is smaller
278	because the signing key is less secure.	278	because the signing key is less secure.
279	For example in a certificate signed using SHA512	279	For example in a certificate signed using SHA-512
280	and a 1024-bit RSA key.	280	and a 1024-bit RSA key.


diff --git a/src/lib/libcrypto/man/X509_get_extension_flags.3 b/src/lib/libcrypto/man/X509_get_extension_flags.3 index 1d7f29c687..e5e773f2e8 100644 --- a/src/lib/libcrypto/man/X509_get_extension_flags.3 +++ b/src/lib/libcrypto/man/X509_get_extension_flags.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_get_extension_flags.3,v 1.4 2023/04/30 19:40:23 tb Exp $	1	.\" $OpenBSD: X509_get_extension_flags.3,v 1.5 2025/04/17 14:58:09 tb Exp $
2	.\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100	2	.\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100
3	.\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000	3	.\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000
4	.\"	4	.\"
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: April 30 2023 $	52	.Dd $Mdocdate: April 17 2025 $
53	.Dt X509_GET_EXTENSION_FLAGS 3	53	.Dt X509_GET_EXTENSION_FLAGS 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -106,8 +106,8 @@ ASN1 object itself.
106	.\" EXFLAG_NO_FINGERPRINT is not available in LibreSSL. Do we need	106	.\" EXFLAG_NO_FINGERPRINT is not available in LibreSSL. Do we need
107	.\" https://github.com/openssl/openssl/issues/13698 and the fix it fixes?	107	.\" https://github.com/openssl/openssl/issues/13698 and the fix it fixes?
108	.\".It Dv EXFLAG_NO_FINGERPRINT	108	.\".It Dv EXFLAG_NO_FINGERPRINT
109	.\" Failed to compute the internal SHA1 hash value of the certificate.	109	.\" Failed to compute the internal SHA-1 hash value of the certificate.
110	.\" This may be due to malloc failure or because no SHA1 implementation was	110	.\" This may be due to malloc failure or because no SHA-1 implementation was
111	.\" found.	111	.\" found.
112	.It Dv EXFLAG_INVALID_POLICY	112	.It Dv EXFLAG_INVALID_POLICY
113	The	113	The