4 files changed, 184 insertions, 6 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 20ab72da7f..43d7c5bc56 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.206 2021/10/28 13:13:03 tb Exp $
+# $OpenBSD: Makefile,v 1.207 2021/10/29 09:42:07 schwarze Exp $
 .include <bsd.own.mk>
@@ -306,6 +306,7 @@ MAN=	\
        X509_REQ_add1_attr.3 \
        X509_REQ_add_extensions.3 \
        X509_REQ_new.3 \
+        X509_REQ_print_ex.3 \
        X509_REVOKED_new.3 \
        X509_SIG_get0.3 \
        X509_SIG_new.3 \
diff --git a/src/lib/libcrypto/man/X509_REQ_new.3 b/src/lib/libcrypto/man/X509_REQ_new.3
index be408b5edf..0a5828d5d4 100644
--- a/src/lib/libcrypto/man/X509_REQ_new.3
+++ b/src/lib/libcrypto/man/X509_REQ_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_REQ_new.3,v 1.10 2021/10/28 13:23:19 schwarze Exp $
+.\" $OpenBSD: X509_REQ_new.3,v 1.11 2021/10/29 09:42:07 schwarze Exp $
 .\"
 .\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 28 2021 $
+.Dd $Mdocdate: October 29 2021 $
 .Dt X509_REQ_NEW 3
 .Os
 .Sh NAME
@@ -126,6 +126,7 @@ if an error occurs.
 .Xr X509_REQ_get_pubkey 3 ,
 .Xr X509_REQ_get_subject_name 3 ,
 .Xr X509_REQ_get_version 3 ,
+.Xr X509_REQ_print_ex 3 ,
 .Xr X509_REQ_sign 3
 .Sh STANDARDS
 RFC 2986: PKCS #10: Certification Request Syntax Specification
diff --git a/src/lib/libcrypto/man/X509_REQ_print_ex.3 b/src/lib/libcrypto/man/X509_REQ_print_ex.3
new file mode 100644
index 0000000000..231b1b7248
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_REQ_print_ex.3
@@ -0,0 +1,175 @@
+.\" $OpenBSD: X509_REQ_print_ex.3,v 1.1 2021/10/29 09:42:07 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: October 29 2021 $
+.Dt X509_REQ_PRINT_EX 3
+.Os
+.Sh NAME
+.Nm X509_REQ_print_ex ,
+.Nm X509_REQ_print ,
+.Nm X509_REQ_print_fp
+.Nd pretty-print a PKCS#10 certification request
+.Sh SYNOPSIS
+.Ft int
+.Fo X509_REQ_print_ex
+.Fa "BIO *bio"
+.Fa "X509_REQ *req"
+.Fa "unsigned long nameflags"
+.Fa "unsigned long skipflags"
+.Fc
+.Ft int
+.Fo X509_REQ_print
+.Fa "BIO *bio"
+.Fa "X509_REQ *req"
+.Fc
+.Ft int
+.Fo X509_REQ_print_fp
+.Fa "FILE *fp"
+.Fa "X509_REQ *req"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_REQ_print_ex
+prints information contained in
+.Fa req
+to
+.Fa bio
+in human-readable form.
+Printing is aborted as soon as any operation fails, with the exception
+that failures while attempting to decode or print the public key
+are not considered as errors.
+.Pp
+By default, the following blocks of information
+are printed in the following order.
+Each block can be skipped by setting the corresponding bit in
+.Fa skipflags ,
+provided in parentheses after each block description.
+.Bl -bullet
+.It
+A pair of lines reading
+.Qq Certificate Request:\&
+and
+.Qq Data:\&
+containing no information.
+.Pq Dv X509_FLAG_NO_HEADER
+.It
+The value contained in the version field
+in decimal and hexadecimal notation.
+.Pq Dv X509_FLAG_NO_VERSION
+.It
+The subject name is printed with
+.Xr X509_NAME_print_ex 3 .
+.Pq X509_FLAG_NO_SUBJECT
+.It
+The public key algorithm is printed with
+.Xr i2a_ASN1_OBJECT 3 ,
+and the public key returned from
+.Xr X509_REQ_get_pubkey 3
+with
+.Xr EVP_PKEY_print_public 3 .
+.Pq Dv X509_FLAG_NO_PUBKEY
+.It
+For each X.501 attribute that is not a requested extension according to
+.Xr X509_REQ_extension_nid 3 ,
+the object identifier is printed with
+.Xr i2a_ASN1_OBJECT 3 ,
+and all values of the types
+.Dv V_ASN1_PRINTABLESTRING ,
+.Dv V_ASN1_T61STRING ,
+and
+.Dv V_ASN1_IA5STRING
+are printed with
+.Xr BIO_write 3 .
+.Pq X509_FLAG_NO_ATTRIBUTES
+.It
+The requested extensions are retrieved with
+.Xr X509_REQ_get_extensions 3
+and their types and values are printed with
+.Xr i2a_ASN1_OBJECT 3
+and
+.Xr X509V3_EXT_print 3 ,
+or, if the latter fails, with
+.Xr ASN1_STRING_print 3 .
+.Pq Dv X509_FLAG_NO_EXTENSIONS
+.It
+The signature is printed with
+.Xr X509_signature_print 3 .
+.Pq Dv X509_FLAG_NO_SIGDUMP
+.El
+.Pp
+The
+.Fa nameflags
+argument modifies the format for printing X.501
+.Vt Name
+objects contained in
+.Fa req .
+It is passed through to
+.Xr X509_NAME_print_ex 3 .
+If
+.Fa nameflags
+is
+.Dv X509_FLAG_COMPAT ,
+the
+.Fa indent
+argument of
+.Xr X509_NAME_print_ex 3
+is set to 16 spaces and the traditional SSLeay format generated by
+.Xr X509_NAME_print 3
+is used.
+Otherwise, if the only bit set in
+.Dv XN_FLAG_SEP_MASK
+is
+.Dv XN_FLAG_SEP_MULTILINE ,
+.Fa indent
+is set to 12 spaces.
+Otherwise, indent is set to zero.
+.Pp
+.Fn X509_REQ_print
+is a wrapper function setting the
+.Fa nameflags
+to
+.Dv XN_FLAG_COMPAT
+and the
+.Fa skipflags
+to
+.Dv X509_FLAG_COMPAT .
+.Pp
+.Fn X509_REQ_print_fp
+is similar to
+.Fn X509_REQ_print
+except that it prints to
+.Fa fp .
+.Sh RETURN VALUES
+These functions return 1 if all requested information was successfully
+printed, even if failures occurred while attempting to decode or
+print the public key, or 0 if any operation fails.
+.Sh SEE ALSO
+.Xr BIO_new 3 ,
+.Xr X509_print_ex 3 ,
+.Xr X509_REQ_new 3
+.Sh HISTORY
+.Fn X509_REQ_print
+first appeared in SSLeay 0.4.4 and
+.Fn X509_REQ_print_fp
+in SSLeay 0.6.0.
+These functions have been available since
+.Ox 2.4 .
+.Pp
+.Fn X509_REQ_print_ex
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.2 .
+.Sh BUGS
+Some printing failures are silently ignored while printing extensions,
+which may result in incomplete data being printed.
diff --git a/src/lib/libcrypto/man/X509_print_ex.3 b/src/lib/libcrypto/man/X509_print_ex.3
index 85e82709bb..1a2e0edbdf 100644
--- a/src/lib/libcrypto/man/X509_print_ex.3
+++ b/src/lib/libcrypto/man/X509_print_ex.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_print_ex.3,v 1.3 2021/07/23 06:02:39 jmc Exp $
+.\" $OpenBSD: X509_print_ex.3,v 1.4 2021/10/29 09:42:07 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 23 2021 $
+.Dd $Mdocdate: October 29 2021 $
 .Dt X509_PRINT_EX 3
 .Os
 .Sh NAME
@@ -252,7 +252,8 @@ always returns 1 and silently ignores write errors.
 .Xr BIO_new 3 ,
 .Xr X509_CERT_AUX_new 3 ,
 .Xr X509_CRL_print 3 ,
-.Xr X509_new 3
+.Xr X509_new 3 ,
+.Xr X509_REQ_print_ex 3
 .Sh HISTORY
 .Fn X509_print
 first appeared in SSLeay 0.5.1 and was changed to print to a

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 20ab72da7f..43d7c5bc56 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.206 2021/10/28 13:13:03 tb Exp $	1	# $OpenBSD: Makefile,v 1.207 2021/10/29 09:42:07 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -306,6 +306,7 @@ MAN= \
306	X509_REQ_add1_attr.3 \	306	X509_REQ_add1_attr.3 \
307	X509_REQ_add_extensions.3 \	307	X509_REQ_add_extensions.3 \
308	X509_REQ_new.3 \	308	X509_REQ_new.3 \
		309	X509_REQ_print_ex.3 \
309	X509_REVOKED_new.3 \	310	X509_REVOKED_new.3 \
310	X509_SIG_get0.3 \	311	X509_SIG_get0.3 \
311	X509_SIG_new.3 \	312	X509_SIG_new.3 \


diff --git a/src/lib/libcrypto/man/X509_REQ_new.3 b/src/lib/libcrypto/man/X509_REQ_new.3 index be408b5edf..0a5828d5d4 100644 --- a/src/lib/libcrypto/man/X509_REQ_new.3 +++ b/src/lib/libcrypto/man/X509_REQ_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_REQ_new.3,v 1.10 2021/10/28 13:23:19 schwarze Exp $	1	.\" $OpenBSD: X509_REQ_new.3,v 1.11 2021/10/29 09:42:07 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: October 28 2021 $	17	.Dd $Mdocdate: October 29 2021 $
18	.Dt X509_REQ_NEW 3	18	.Dt X509_REQ_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -126,6 +126,7 @@ if an error occurs.
126	.Xr X509_REQ_get_pubkey 3 ,	126	.Xr X509_REQ_get_pubkey 3 ,
127	.Xr X509_REQ_get_subject_name 3 ,	127	.Xr X509_REQ_get_subject_name 3 ,
128	.Xr X509_REQ_get_version 3 ,	128	.Xr X509_REQ_get_version 3 ,
		129	.Xr X509_REQ_print_ex 3 ,
129	.Xr X509_REQ_sign 3	130	.Xr X509_REQ_sign 3
130	.Sh STANDARDS	131	.Sh STANDARDS
131	RFC 2986: PKCS #10: Certification Request Syntax Specification	132	RFC 2986: PKCS #10: Certification Request Syntax Specification


diff --git a/src/lib/libcrypto/man/X509_REQ_print_ex.3 b/src/lib/libcrypto/man/X509_REQ_print_ex.3 new file mode 100644 index 0000000000..231b1b7248 --- /dev/null +++ b/src/lib/libcrypto/man/X509_REQ_print_ex.3
@@ -0,0 +1,175 @@
		1	.\" $OpenBSD: X509_REQ_print_ex.3,v 1.1 2021/10/29 09:42:07 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: October 29 2021 $
		18	.Dt X509_REQ_PRINT_EX 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509_REQ_print_ex ,
		22	.Nm X509_REQ_print ,
		23	.Nm X509_REQ_print_fp
		24	.Nd pretty-print a PKCS#10 certification request
		25	.Sh SYNOPSIS
		26	.Ft int
		27	.Fo X509_REQ_print_ex
		28	.Fa "BIO *bio"
		29	.Fa "X509_REQ *req"
		30	.Fa "unsigned long nameflags"
		31	.Fa "unsigned long skipflags"
		32	.Fc
		33	.Ft int
		34	.Fo X509_REQ_print
		35	.Fa "BIO *bio"
		36	.Fa "X509_REQ *req"
		37	.Fc
		38	.Ft int
		39	.Fo X509_REQ_print_fp
		40	.Fa "FILE *fp"
		41	.Fa "X509_REQ *req"
		42	.Fc
		43	.Sh DESCRIPTION
		44	.Fn X509_REQ_print_ex
		45	prints information contained in
		46	.Fa req
		47	to
		48	.Fa bio
		49	in human-readable form.
		50	Printing is aborted as soon as any operation fails, with the exception
		51	that failures while attempting to decode or print the public key
		52	are not considered as errors.
		53	.Pp
		54	By default, the following blocks of information
		55	are printed in the following order.
		56	Each block can be skipped by setting the corresponding bit in
		57	.Fa skipflags ,
		58	provided in parentheses after each block description.
		59	.Bl -bullet
		60	.It
		61	A pair of lines reading
		62	.Qq Certificate Request:\&
		63	and
		64	.Qq Data:\&
		65	containing no information.
		66	.Pq Dv X509_FLAG_NO_HEADER
		67	.It
		68	The value contained in the version field
		69	in decimal and hexadecimal notation.
		70	.Pq Dv X509_FLAG_NO_VERSION
		71	.It
		72	The subject name is printed with
		73	.Xr X509_NAME_print_ex 3 .
		74	.Pq X509_FLAG_NO_SUBJECT
		75	.It
		76	The public key algorithm is printed with
		77	.Xr i2a_ASN1_OBJECT 3 ,
		78	and the public key returned from
		79	.Xr X509_REQ_get_pubkey 3
		80	with
		81	.Xr EVP_PKEY_print_public 3 .
		82	.Pq Dv X509_FLAG_NO_PUBKEY
		83	.It
		84	For each X.501 attribute that is not a requested extension according to
		85	.Xr X509_REQ_extension_nid 3 ,
		86	the object identifier is printed with
		87	.Xr i2a_ASN1_OBJECT 3 ,
		88	and all values of the types
		89	.Dv V_ASN1_PRINTABLESTRING ,
		90	.Dv V_ASN1_T61STRING ,
		91	and
		92	.Dv V_ASN1_IA5STRING
		93	are printed with
		94	.Xr BIO_write 3 .
		95	.Pq X509_FLAG_NO_ATTRIBUTES
		96	.It
		97	The requested extensions are retrieved with
		98	.Xr X509_REQ_get_extensions 3
		99	and their types and values are printed with
		100	.Xr i2a_ASN1_OBJECT 3
		101	and
		102	.Xr X509V3_EXT_print 3 ,
		103	or, if the latter fails, with
		104	.Xr ASN1_STRING_print 3 .
		105	.Pq Dv X509_FLAG_NO_EXTENSIONS
		106	.It
		107	The signature is printed with
		108	.Xr X509_signature_print 3 .
		109	.Pq Dv X509_FLAG_NO_SIGDUMP
		110	.El
		111	.Pp
		112	The
		113	.Fa nameflags
		114	argument modifies the format for printing X.501
		115	.Vt Name
		116	objects contained in
		117	.Fa req .
		118	It is passed through to
		119	.Xr X509_NAME_print_ex 3 .
		120	If
		121	.Fa nameflags
		122	is
		123	.Dv X509_FLAG_COMPAT ,
		124	the
		125	.Fa indent
		126	argument of
		127	.Xr X509_NAME_print_ex 3
		128	is set to 16 spaces and the traditional SSLeay format generated by
		129	.Xr X509_NAME_print 3
		130	is used.
		131	Otherwise, if the only bit set in
		132	.Dv XN_FLAG_SEP_MASK
		133	is
		134	.Dv XN_FLAG_SEP_MULTILINE ,
		135	.Fa indent
		136	is set to 12 spaces.
		137	Otherwise, indent is set to zero.
		138	.Pp
		139	.Fn X509_REQ_print
		140	is a wrapper function setting the
		141	.Fa nameflags
		142	to
		143	.Dv XN_FLAG_COMPAT
		144	and the
		145	.Fa skipflags
		146	to
		147	.Dv X509_FLAG_COMPAT .
		148	.Pp
		149	.Fn X509_REQ_print_fp
		150	is similar to
		151	.Fn X509_REQ_print
		152	except that it prints to
		153	.Fa fp .
		154	.Sh RETURN VALUES
		155	These functions return 1 if all requested information was successfully
		156	printed, even if failures occurred while attempting to decode or
		157	print the public key, or 0 if any operation fails.
		158	.Sh SEE ALSO
		159	.Xr BIO_new 3 ,
		160	.Xr X509_print_ex 3 ,
		161	.Xr X509_REQ_new 3
		162	.Sh HISTORY
		163	.Fn X509_REQ_print
		164	first appeared in SSLeay 0.4.4 and
		165	.Fn X509_REQ_print_fp
		166	in SSLeay 0.6.0.
		167	These functions have been available since
		168	.Ox 2.4 .
		169	.Pp
		170	.Fn X509_REQ_print_ex
		171	first appeared in OpenSSL 0.9.7 and has been available since
		172	.Ox 3.2 .
		173	.Sh BUGS
		174	Some printing failures are silently ignored while printing extensions,
		175	which may result in incomplete data being printed.


diff --git a/src/lib/libcrypto/man/X509_print_ex.3 b/src/lib/libcrypto/man/X509_print_ex.3 index 85e82709bb..1a2e0edbdf 100644 --- a/src/lib/libcrypto/man/X509_print_ex.3 +++ b/src/lib/libcrypto/man/X509_print_ex.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_print_ex.3,v 1.3 2021/07/23 06:02:39 jmc Exp $	1	.\" $OpenBSD: X509_print_ex.3,v 1.4 2021/10/29 09:42:07 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 23 2021 $	17	.Dd $Mdocdate: October 29 2021 $
18	.Dt X509_PRINT_EX 3	18	.Dt X509_PRINT_EX 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -252,7 +252,8 @@ always returns 1 and silently ignores write errors.
252	.Xr BIO_new 3 ,	252	.Xr BIO_new 3 ,
253	.Xr X509_CERT_AUX_new 3 ,	253	.Xr X509_CERT_AUX_new 3 ,
254	.Xr X509_CRL_print 3 ,	254	.Xr X509_CRL_print 3 ,
255	.Xr X509_new 3	255	.Xr X509_new 3 ,
		256	.Xr X509_REQ_print_ex 3
256	.Sh HISTORY	257	.Sh HISTORY
257	.Fn X509_print	258	.Fn X509_print
258	first appeared in SSLeay 0.5.1 and was changed to print to a	259	first appeared in SSLeay 0.5.1 and was changed to print to a