1 files changed, 0 insertions, 306 deletions
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_new.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_new.3
deleted file mode 100644
index a22d2b1b4b..0000000000
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_new.3
+++ /dev/null
@@ -1,306 +0,0 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_new.3,v 1.5 2023/05/24 09:57:50 tb Exp $
-.\"
-.\" Copyright (c) 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: May 24 2023 $
-.Dt X509_VERIFY_PARAM_NEW 3
-.Os
-.Sh NAME
-.Nm X509_VERIFY_PARAM_new ,
-.Nm X509_VERIFY_PARAM_inherit ,
-.Nm X509_VERIFY_PARAM_set1 ,
-.Nm X509_VERIFY_PARAM_free ,
-.Nm X509_VERIFY_PARAM_add0_table ,
-.Nm X509_VERIFY_PARAM_lookup ,
-.Nm X509_VERIFY_PARAM_get_count ,
-.Nm X509_VERIFY_PARAM_get0 ,
-.Nm X509_VERIFY_PARAM_table_cleanup
-.\" The following constants defined in the public header <openssl/x509_vfy.h>
-.\" are intentionally undocumented because X509_VERIFY_PARAM is an opaque
-.\" struct and LibreSSL provides neither X509_VERIFY_PARAM_set_inh_flags(3)
-.\" nor X509_VERIFY_PARAM_get_inh_flags(3):
-.\" X509_VP_FLAG_DEFAULT
-.\" X509_VP_FLAG_OVERWRITE
-.\" X509_VP_FLAG_RESET_FLAGS
-.\" X509_VP_FLAG_LOCKED
-.\" X509_VP_FLAG_ONCE
-.Nd X509 verification parameter objects
-.Sh SYNOPSIS
-.In openssl/x509_vfy.h
-.Ft X509_VERIFY_PARAM *
-.Fo X509_VERIFY_PARAM_new
-.Fa void
-.Fc
-.Ft int
-.Fo X509_VERIFY_PARAM_inherit
-.Fa "X509_VERIFY_PARAM *destination"
-.Fa "const X509_VERIFY_PARAM *source"
-.Fc
-.Ft int
-.Fo X509_VERIFY_PARAM_set1
-.Fa "X509_VERIFY_PARAM *destination"
-.Fa "const X509_VERIFY_PARAM *source"
-.Fc
-.Ft void
-.Fo X509_VERIFY_PARAM_free
-.Fa "X509_VERIFY_PARAM *param"
-.Fc
-.Ft int
-.Fo X509_VERIFY_PARAM_add0_table
-.Fa "X509_VERIFY_PARAM *param"
-.Fc
-.Ft const X509_VERIFY_PARAM *
-.Fo X509_VERIFY_PARAM_lookup
-.Fa "const char *name"
-.Fc
-.Ft int
-.Fo X509_VERIFY_PARAM_get_count
-.Fa void
-.Fc
-.Ft const X509_VERIFY_PARAM *
-.Fo X509_VERIFY_PARAM_get0
-.Fa "int id"
-.Fc
-.Ft void
-.Fo X509_VERIFY_PARAM_table_cleanup
-.Fa void
-.Fc
-.Sh DESCRIPTION
-.Fn X509_VERIFY_PARAM_new
-allocates and initializes an empty
-.Vt X509_VERIFY_PARAM
-object.
-.Pp
-.Fn X509_VERIFY_PARAM_inherit
-copies some data from the
-.Fa source
-object to the
-.Fa destination
-object.
-.Pp
-The verification flags set with
-.Xr X509_VERIFY_PARAM_set_flags 3
-in the
-.Fa source
-object are always OR'ed into the verification flags of the
-.Fa destination
-object.
-.Pp
-Fields having their default value in the
-.Fa source
-object are not copied.
-.Pp
-By default, fields in the
-.Fa destination
-object already having a non-default value are not overwritten.
-However, if at least one of the
-.Fa source
-or
-.Fa destination
-objects was created during a call to
-.Xr X509_STORE_CTX_init 3
-that did not have a
-.Fa store
-argument, and if that object was not previously used as the
-.Fa destination
-in an earlier call to
-.Fn X509_VERIFY_PARAM_inherit ,
-this restriction is waived and even non-default fields in the
-.Fa destination
-object get overwritten.
-If fields overwritten in this way contain pointers to allocated memory,
-that memory is freed.
-.Pp
-As far as permitted by the above rules, the following fields are copied:
-.Bl -bullet -width 1n
-.It
-the verification purpose identifier set with
-.Xr X509_VERIFY_PARAM_set_purpose 3
-.It
-the trust setting set with
-.Xr X509_VERIFY_PARAM_set_trust 3
-.It
-the verification time set with
-.Xr X509_VERIFY_PARAM_set_time 3 ;
-in this case, the only condition is that
-.Dv X509_V_FLAG_USE_CHECK_TIME
-is not set in the
-.Fa destination
-object, whereas the time value in the
-.Fa destination
-object is not inspected before overwriting it
-.It
-the acceptable policy set with
-.Xr X509_VERIFY_PARAM_set1_policies 3
-.It
-the maximum verification depth set with
-.Xr X509_VERIFY_PARAM_set_depth 3
-.It
-flags that were set with
-.Xr X509_VERIFY_PARAM_set_hostflags 3
-.It
-the list of expected DNS hostnames built with
-.Xr X509_VERIFY_PARAM_set1_host 3
-and
-.Xr X509_VERIFY_PARAM_add1_host 3
-.It
-the expected RFC 822 email address set with
-.Xr X509_VERIFY_PARAM_set1_email 3
-.It
-the expected IP address set with
-.Xr X509_VERIFY_PARAM_set1_ip 3
-or
-.Xr X509_VERIFY_PARAM_set1_ip_asc 3
-.El
-.Pp
-Some data that may be contained in the
-.Fa source
-object is never copied, for example the subject name of the peer
-certificate that can be retrieved with
-.Xr X509_VERIFY_PARAM_get0_peername 3 .
-.Pp
-If
-.Fa source
-is a
-.Dv NULL
-pointer, the function has no effect but returns successfully.
-.Pp
-.Fn X509_VERIFY_PARAM_set1
-is identical to
-.Fn X509_VERIFY_PARAM_inherit
-except that fields in the
-.Fa destination
-object are overwritten even if they do not match their default values.
-Still, fields having their default value in the
-.Fa source
-object are not copied.
-.Pp
-If
-.Fn X509_VERIFY_PARAM_inherit
-or
-.Fn X509_VERIFY_PARAM_set1
-fail, partial copying may have occurred, so all data in the
-.Fa destination
-object should be regarded as invalid.
-.Pp
-.Fn X509_VERIFY_PARAM_inherit
-is used internally by
-.Xr X509_STORE_CTX_init 3
-and by
-.Xr X509_STORE_CTX_set_default 3 ,
-and
-.Fn X509_VERIFY_PARAM_set1
-is used internally by
-.Xr X509_STORE_set1_param 3 .
-.Pp
-.Fn X509_VERIFY_PARAM_free
-clears all data contained in
-.Fa param
-and releases all memory used by it.
-If
-.Fa param
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn X509_VERIFY_PARAM_add0_table
-adds
-.Fa param
-to a static list of
-.Vt X509_VERIFY_PARAM
-objects maintained by the library.
-This function is extremely dangerous because contrary to the name
-of the function, if the list already contains an object that happens
-to have the same name, that old object is not only silently removed
-from the list, but also silently freed, which may silently invalidate
-various pointers existing elsewhere in the program.
-.Pp
-.Fn X509_VERIFY_PARAM_lookup
-searches this list for an object of the given
-.Fa name .
-If no match is found, the predefined objects built-in to the library
-are also inspected.
-.Pp
-.Fn X509_VERIFY_PARAM_get_count
-returns the sum of the number of objects on this list and the number
-of predefined objects built-in to the library.
-Note that this is not necessarily the total number of
-.Vt X509_VERIFY_PARAM
-objects existing in the program because there may be additional such
-objects that were never added to the list.
-.Pp
-.Fn X509_VERIFY_PARAM_get0
-accesses predefined and user-defined objects using
-.Fa id
-as an index, useful for looping over objects without knowing their names.
-An argument less than the number of predefined objects selects
-one of the predefined objects; a higher argument selects an object
-from the list.
-.Pp
-.Fn X509_VERIFY_PARAM_table_cleanup
-deletes all objects from this list.
-It is extremely dangerous because it also invalidates all data that
-was contained in all objects that were on the list and because it
-frees all these objects, which may invalidate various pointers
-existing elsewhere in the program.
-.Sh RETURN VALUES
-.Fn X509_VERIFY_PARAM_new
-returns a pointer to the new object, or
-.Dv NULL
-on allocation failure.
-.Pp
-.Fn X509_VERIFY_PARAM_inherit ,
-.Fn X509_VERIFY_PARAM_set1 ,
-and
-.Fn X509_VERIFY_PARAM_add0_table
-return 1 for success or 0 for failure.
-.Pp
-.Fn X509_VERIFY_PARAM_lookup
-and
-.Fn X509_VERIFY_PARAM_get0
-return a pointer to an existing built-in or user-defined object, or
-.Dv NULL
-if no object with the given
-.Fa name
-is found, or if
-.Fa id
-is at least
-.Fn X509_VERIFY_PARAM_get_count .
-.Pp
-.Fn X509_VERIFY_PARAM_get_count
-returns a number of objects.
-.Sh SEE ALSO
-.Xr SSL_set1_param 3 ,
-.Xr X509_STORE_CTX_set0_param 3 ,
-.Xr X509_STORE_set1_param 3 ,
-.Xr X509_verify_cert 3 ,
-.Xr X509_VERIFY_PARAM_set_flags 3
-.Sh HISTORY
-.Fn X509_VERIFY_PARAM_new ,
-.Fn X509_VERIFY_PARAM_inherit ,
-.Fn X509_VERIFY_PARAM_set1 ,
-.Fn X509_VERIFY_PARAM_free ,
-.Fn X509_VERIFY_PARAM_add0_table ,
-.Fn X509_VERIFY_PARAM_lookup ,
-and
-.Fn X509_VERIFY_PARAM_table_cleanup
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
-.Fn X509_VERIFY_PARAM_get_count
-and
-.Fn X509_VERIFY_PARAM_get0
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 6.3 .

diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_new.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_new.3 deleted file mode 100644 index a22d2b1b4b..0000000000 --- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_new.3 +++ /dev/null
@@ -1,306 +0,0 @@
1	.\" $OpenBSD: X509_VERIFY_PARAM_new.3,v 1.5 2023/05/24 09:57:50 tb Exp $
2	.\"
3	.\" Copyright (c) 2018, 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: May 24 2023 $
18	.Dt X509_VERIFY_PARAM_NEW 3
19	.Os
20	.Sh NAME
21	.Nm X509_VERIFY_PARAM_new ,
22	.Nm X509_VERIFY_PARAM_inherit ,
23	.Nm X509_VERIFY_PARAM_set1 ,
24	.Nm X509_VERIFY_PARAM_free ,
25	.Nm X509_VERIFY_PARAM_add0_table ,
26	.Nm X509_VERIFY_PARAM_lookup ,
27	.Nm X509_VERIFY_PARAM_get_count ,
28	.Nm X509_VERIFY_PARAM_get0 ,
29	.Nm X509_VERIFY_PARAM_table_cleanup
30	.\" The following constants defined in the public header <openssl/x509_vfy.h>
31	.\" are intentionally undocumented because X509_VERIFY_PARAM is an opaque
32	.\" struct and LibreSSL provides neither X509_VERIFY_PARAM_set_inh_flags(3)
33	.\" nor X509_VERIFY_PARAM_get_inh_flags(3):
34	.\" X509_VP_FLAG_DEFAULT
35	.\" X509_VP_FLAG_OVERWRITE
36	.\" X509_VP_FLAG_RESET_FLAGS
37	.\" X509_VP_FLAG_LOCKED
38	.\" X509_VP_FLAG_ONCE
39	.Nd X509 verification parameter objects
40	.Sh SYNOPSIS
41	.In openssl/x509_vfy.h
42	.Ft X509_VERIFY_PARAM *
43	.Fo X509_VERIFY_PARAM_new
44	.Fa void
45	.Fc
46	.Ft int
47	.Fo X509_VERIFY_PARAM_inherit
48	.Fa "X509_VERIFY_PARAM *destination"
49	.Fa "const X509_VERIFY_PARAM *source"
50	.Fc
51	.Ft int
52	.Fo X509_VERIFY_PARAM_set1
53	.Fa "X509_VERIFY_PARAM *destination"
54	.Fa "const X509_VERIFY_PARAM *source"
55	.Fc
56	.Ft void
57	.Fo X509_VERIFY_PARAM_free
58	.Fa "X509_VERIFY_PARAM *param"
59	.Fc
60	.Ft int
61	.Fo X509_VERIFY_PARAM_add0_table
62	.Fa "X509_VERIFY_PARAM *param"
63	.Fc
64	.Ft const X509_VERIFY_PARAM *
65	.Fo X509_VERIFY_PARAM_lookup
66	.Fa "const char *name"
67	.Fc
68	.Ft int
69	.Fo X509_VERIFY_PARAM_get_count
70	.Fa void
71	.Fc
72	.Ft const X509_VERIFY_PARAM *
73	.Fo X509_VERIFY_PARAM_get0
74	.Fa "int id"
75	.Fc
76	.Ft void
77	.Fo X509_VERIFY_PARAM_table_cleanup
78	.Fa void
79	.Fc
80	.Sh DESCRIPTION
81	.Fn X509_VERIFY_PARAM_new
82	allocates and initializes an empty
83	.Vt X509_VERIFY_PARAM
84	object.
85	.Pp
86	.Fn X509_VERIFY_PARAM_inherit
87	copies some data from the
88	.Fa source
89	object to the
90	.Fa destination
91	object.
92	.Pp
93	The verification flags set with
94	.Xr X509_VERIFY_PARAM_set_flags 3
95	in the
96	.Fa source
97	object are always OR'ed into the verification flags of the
98	.Fa destination
99	object.
100	.Pp
101	Fields having their default value in the
102	.Fa source
103	object are not copied.
104	.Pp
105	By default, fields in the
106	.Fa destination
107	object already having a non-default value are not overwritten.
108	However, if at least one of the
109	.Fa source
110	or
111	.Fa destination
112	objects was created during a call to
113	.Xr X509_STORE_CTX_init 3
114	that did not have a
115	.Fa store
116	argument, and if that object was not previously used as the
117	.Fa destination
118	in an earlier call to
119	.Fn X509_VERIFY_PARAM_inherit ,
120	this restriction is waived and even non-default fields in the
121	.Fa destination
122	object get overwritten.
123	If fields overwritten in this way contain pointers to allocated memory,
124	that memory is freed.
125	.Pp
126	As far as permitted by the above rules, the following fields are copied:
127	.Bl -bullet -width 1n
128	.It
129	the verification purpose identifier set with
130	.Xr X509_VERIFY_PARAM_set_purpose 3
131	.It
132	the trust setting set with
133	.Xr X509_VERIFY_PARAM_set_trust 3
134	.It
135	the verification time set with
136	.Xr X509_VERIFY_PARAM_set_time 3 ;
137	in this case, the only condition is that
138	.Dv X509_V_FLAG_USE_CHECK_TIME
139	is not set in the
140	.Fa destination
141	object, whereas the time value in the
142	.Fa destination
143	object is not inspected before overwriting it
144	.It
145	the acceptable policy set with
146	.Xr X509_VERIFY_PARAM_set1_policies 3
147	.It
148	the maximum verification depth set with
149	.Xr X509_VERIFY_PARAM_set_depth 3
150	.It
151	flags that were set with
152	.Xr X509_VERIFY_PARAM_set_hostflags 3
153	.It
154	the list of expected DNS hostnames built with
155	.Xr X509_VERIFY_PARAM_set1_host 3
156	and
157	.Xr X509_VERIFY_PARAM_add1_host 3
158	.It
159	the expected RFC 822 email address set with
160	.Xr X509_VERIFY_PARAM_set1_email 3
161	.It
162	the expected IP address set with
163	.Xr X509_VERIFY_PARAM_set1_ip 3
164	or
165	.Xr X509_VERIFY_PARAM_set1_ip_asc 3
166	.El
167	.Pp
168	Some data that may be contained in the
169	.Fa source
170	object is never copied, for example the subject name of the peer
171	certificate that can be retrieved with
172	.Xr X509_VERIFY_PARAM_get0_peername 3 .
173	.Pp
174	If
175	.Fa source
176	is a
177	.Dv NULL
178	pointer, the function has no effect but returns successfully.
179	.Pp
180	.Fn X509_VERIFY_PARAM_set1
181	is identical to
182	.Fn X509_VERIFY_PARAM_inherit
183	except that fields in the
184	.Fa destination
185	object are overwritten even if they do not match their default values.
186	Still, fields having their default value in the
187	.Fa source
188	object are not copied.
189	.Pp
190	If
191	.Fn X509_VERIFY_PARAM_inherit
192	or
193	.Fn X509_VERIFY_PARAM_set1
194	fail, partial copying may have occurred, so all data in the
195	.Fa destination
196	object should be regarded as invalid.
197	.Pp
198	.Fn X509_VERIFY_PARAM_inherit
199	is used internally by
200	.Xr X509_STORE_CTX_init 3
201	and by
202	.Xr X509_STORE_CTX_set_default 3 ,
203	and
204	.Fn X509_VERIFY_PARAM_set1
205	is used internally by
206	.Xr X509_STORE_set1_param 3 .
207	.Pp
208	.Fn X509_VERIFY_PARAM_free
209	clears all data contained in
210	.Fa param
211	and releases all memory used by it.
212	If
213	.Fa param
214	is a
215	.Dv NULL
216	pointer, no action occurs.
217	.Pp
218	.Fn X509_VERIFY_PARAM_add0_table
219	adds
220	.Fa param
221	to a static list of
222	.Vt X509_VERIFY_PARAM
223	objects maintained by the library.
224	This function is extremely dangerous because contrary to the name
225	of the function, if the list already contains an object that happens
226	to have the same name, that old object is not only silently removed
227	from the list, but also silently freed, which may silently invalidate
228	various pointers existing elsewhere in the program.
229	.Pp
230	.Fn X509_VERIFY_PARAM_lookup
231	searches this list for an object of the given
232	.Fa name .
233	If no match is found, the predefined objects built-in to the library
234	are also inspected.
235	.Pp
236	.Fn X509_VERIFY_PARAM_get_count
237	returns the sum of the number of objects on this list and the number
238	of predefined objects built-in to the library.
239	Note that this is not necessarily the total number of
240	.Vt X509_VERIFY_PARAM
241	objects existing in the program because there may be additional such
242	objects that were never added to the list.
243	.Pp
244	.Fn X509_VERIFY_PARAM_get0
245	accesses predefined and user-defined objects using
246	.Fa id
247	as an index, useful for looping over objects without knowing their names.
248	An argument less than the number of predefined objects selects
249	one of the predefined objects; a higher argument selects an object
250	from the list.
251	.Pp
252	.Fn X509_VERIFY_PARAM_table_cleanup
253	deletes all objects from this list.
254	It is extremely dangerous because it also invalidates all data that
255	was contained in all objects that were on the list and because it
256	frees all these objects, which may invalidate various pointers
257	existing elsewhere in the program.
258	.Sh RETURN VALUES
259	.Fn X509_VERIFY_PARAM_new
260	returns a pointer to the new object, or
261	.Dv NULL
262	on allocation failure.
263	.Pp
264	.Fn X509_VERIFY_PARAM_inherit ,
265	.Fn X509_VERIFY_PARAM_set1 ,
266	and
267	.Fn X509_VERIFY_PARAM_add0_table
268	return 1 for success or 0 for failure.
269	.Pp
270	.Fn X509_VERIFY_PARAM_lookup
271	and
272	.Fn X509_VERIFY_PARAM_get0
273	return a pointer to an existing built-in or user-defined object, or
274	.Dv NULL
275	if no object with the given
276	.Fa name
277	is found, or if
278	.Fa id
279	is at least
280	.Fn X509_VERIFY_PARAM_get_count .
281	.Pp
282	.Fn X509_VERIFY_PARAM_get_count
283	returns a number of objects.
284	.Sh SEE ALSO
285	.Xr SSL_set1_param 3 ,
286	.Xr X509_STORE_CTX_set0_param 3 ,
287	.Xr X509_STORE_set1_param 3 ,
288	.Xr X509_verify_cert 3 ,
289	.Xr X509_VERIFY_PARAM_set_flags 3
290	.Sh HISTORY
291	.Fn X509_VERIFY_PARAM_new ,
292	.Fn X509_VERIFY_PARAM_inherit ,
293	.Fn X509_VERIFY_PARAM_set1 ,
294	.Fn X509_VERIFY_PARAM_free ,
295	.Fn X509_VERIFY_PARAM_add0_table ,
296	.Fn X509_VERIFY_PARAM_lookup ,
297	and
298	.Fn X509_VERIFY_PARAM_table_cleanup
299	first appeared in OpenSSL 0.9.8 and have been available since
300	.Ox 4.5 .
301	.Pp
302	.Fn X509_VERIFY_PARAM_get_count
303	and
304	.Fn X509_VERIFY_PARAM_get0
305	first appeared in OpenSSL 1.0.2 and have been available since
306	.Ox 6.3 .