1 files changed, 9 insertions, 129 deletions
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index ea3c867b8b..a90fe6ea84 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.17 2021/07/23 16:43:56 schwarze Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.18 2021/10/18 14:46:37 schwarze Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,12 +68,10 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 23 2021 $
+.Dd $Mdocdate: October 18 2021 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
-.Nm X509_VERIFY_PARAM_new ,
-.Nm X509_VERIFY_PARAM_free ,
 .Nm X509_VERIFY_PARAM_get0_name ,
 .Nm X509_VERIFY_PARAM_set1_name ,
 .Nm X509_VERIFY_PARAM_set_flags ,
@@ -92,23 +90,10 @@
 .Nm X509_VERIFY_PARAM_get0_peername ,
 .Nm X509_VERIFY_PARAM_set1_email ,
 .Nm X509_VERIFY_PARAM_set1_ip ,
-.Nm X509_VERIFY_PARAM_set1_ip_asc ,
+.Nm X509_VERIFY_PARAM_set1_ip_asc
-.Nm X509_VERIFY_PARAM_add0_table ,
-.Nm X509_VERIFY_PARAM_lookup ,
-.Nm X509_VERIFY_PARAM_get_count ,
-.Nm X509_VERIFY_PARAM_get0 ,
-.Nm X509_VERIFY_PARAM_table_cleanup
 .Nd X509 verification parameters
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
-.Ft X509_VERIFY_PARAM *
-.Fo X509_VERIFY_PARAM_new
-.Fa void
-.Fc
-.Ft void
-.Fo X509_VERIFY_PARAM_free
-.Fa "X509_VERIFY_PARAM *param"
-.Fc
 .Ft const char *
 .Fo X509_VERIFY_PARAM_get0_name
 .Fa "const X509_VERIFY_PARAM *param"
@@ -204,46 +189,11 @@
 .Fa "X509_VERIFY_PARAM *param"
 .Fa "const char *ipasc"
 .Fc
-.Ft int
-.Fo X509_VERIFY_PARAM_add0_table
-.Fa "X509_VERIFY_PARAM *param"
-.Fc
-.Ft const X509_VERIFY_PARAM *
-.Fo X509_VERIFY_PARAM_lookup
-.Fa "const char *name"
-.Fc
-.Ft int
-.Fo X509_VERIFY_PARAM_get_count
-.Fa void
-.Fc
-.Ft const X509_VERIFY_PARAM *
-.Fo X509_VERIFY_PARAM_get0
-.Fa "int id"
-.Fc
-.Ft void
-.Fo X509_VERIFY_PARAM_table_cleanup
-.Fa void
-.Fc
 .Sh DESCRIPTION
 These functions manipulate an
 .Vt X509_VERIFY_PARAM
 object associated with a certificate verification operation.
 .Pp
-.Fn X509_VERIFY_PARAM_new
-allocates and initializes an empty
-.Vt X509_VERIFY_PARAM
-object.
-.Pp
-.Fn X509_VERIFY_PARAM_free
-clears all data contained in
-.Fa param
-and releases all memory used by it.
-If
-.Fa param
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
 .Fn X509_VERIFY_PARAM_get0_name
 returns the name of the given
 .Fa param
@@ -458,62 +408,15 @@ The condensed "::" notation is supported for IPv6 addresses.
 will fail if
 .Fa ipasc
 is unparsable.
-.Pp
-.Fn X509_VERIFY_PARAM_add0_table
-adds
-.Fa param
-to a static list of
-.Vt X509_VERIFY_PARAM
-objects maintained by the library.
-This function is extremely dangerous because contrary to the name
-of the function, if the list already contains an object that happens
-to have the same name, that old object is not only silently removed
-from the list, but also silently freed, which may silently invalidate
-various pointers existing elsewhere in the program.
-.Pp
-.Fn X509_VERIFY_PARAM_lookup
-searches this list for an object of the given
-.Fa name .
-If no match is found, the predefined objects built-in to the library
-are also inspected.
-.Pp
-.Fn X509_VERIFY_PARAM_get_count
-returns the sum of the number of objects on this list and the number
-of predefined objects built-in to the library.
-Note that this is not necessarily the total number of
-.Vt X509_VERIFY_PARAM
-objects existing in the program because there may be additional such
-objects that were never added to the list.
-.Pp
-.Fn X509_VERIFY_PARAM_get0
-accesses predefined and user-defined objects using
-.Fa id
-as an index, useful for looping over objects without knowing their names.
-An argument less than the number of predefined objects selects
-one of the predefined objects; a higher argument selects an object
-from the list.
-.Pp
-.Fn X509_VERIFY_PARAM_table_cleanup
-deletes all objects from this list.
-It is extremely dangerous because it also invalidates all data that
-was contained in all objects that were on the list and because it
-frees all these objects, which may invalidate various pointers
-existing elsewhere in the program.
 .Sh RETURN VALUES
-.Fn X509_VERIFY_PARAM_new
-returns a pointer to the new object, or
-.Dv NULL
-on allocation failure.
-.Pp
 .Fn X509_VERIFY_PARAM_set1_name ,
 .Fn X509_VERIFY_PARAM_set_flags ,
 .Fn X509_VERIFY_PARAM_clear_flags ,
 .Fn X509_VERIFY_PARAM_set_purpose ,
 .Fn X509_VERIFY_PARAM_set_trust ,
 .Fn X509_VERIFY_PARAM_add0_policy ,
-.Fn X509_VERIFY_PARAM_set1_policies ,
 and
-.Fn X509_VERIFY_PARAM_add0_table
+.Fn X509_VERIFY_PARAM_set1_policies
 return 1 for success or 0 for failure.
 .Pp
 .Fn X509_VERIFY_PARAM_set1_host ,
@@ -521,7 +424,7 @@ return 1 for success or 0 for failure.
 .Fn X509_VERIFY_PARAM_set1_email ,
 .Fn X509_VERIFY_PARAM_set1_ip ,
 and
-.Fn X509_VERIFY_PARAM_set1_ip_asc ,
+.Fn X509_VERIFY_PARAM_set1_ip_asc
 return 1 for success or 0 for failure.
 A failure from these routines will poison
 the
@@ -543,21 +446,6 @@ return pointers to strings that are only valid
 during the lifetime of the given
 .Fa param
 object and that must not be freed by the application program.
-.Pp
-.Fn X509_VERIFY_PARAM_lookup
-and
-.Fn X509_VERIFY_PARAM_get0
-return a pointer to an existing built-in or user-defined object, or
-.Dv NULL
-if no object with the given
-.Fa name
-is found, or if
-.Fa id
-is at least
-.Fn X509_VERIFY_PARAM_get_count .
-.Pp
-.Fn X509_VERIFY_PARAM_get_count
-returns a number of objects.
 .Sh VERIFICATION FLAGS
 The verification flags consists of zero or more of the following
 flags OR'ed together.
@@ -702,12 +590,9 @@ X509_VERIFY_PARAM_free(param);
 .Xr SSL_set1_host 3 ,
 .Xr SSL_set1_param 3 ,
 .Xr X509_check_host 3 ,
-.Xr X509_STORE_CTX_set0_param 3 ,
+.Xr X509_verify_cert 3 ,
-.Xr X509_STORE_set1_param 3 ,
+.Xr X509_VERIFY_PARAM_new 3
-.Xr X509_verify_cert 3
 .Sh HISTORY
-.Fn X509_VERIFY_PARAM_new ,
-.Fn X509_VERIFY_PARAM_free ,
 .Fn X509_VERIFY_PARAM_set1_name ,
 .Fn X509_VERIFY_PARAM_set_flags ,
 .Fn X509_VERIFY_PARAM_set_purpose ,
@@ -716,11 +601,8 @@ X509_VERIFY_PARAM_free(param);
 .Fn X509_VERIFY_PARAM_add0_policy ,
 .Fn X509_VERIFY_PARAM_set1_policies ,
 .Fn X509_VERIFY_PARAM_set_depth ,
-.Fn X509_VERIFY_PARAM_get_depth ,
-.Fn X509_VERIFY_PARAM_add0_table ,
-.Fn X509_VERIFY_PARAM_lookup ,
 and
-.Fn X509_VERIFY_PARAM_table_cleanup
+.Fn X509_VERIFY_PARAM_get_depth
 first appeared in OpenSSL 0.9.8.
 .Fn X509_VERIFY_PARAM_clear_flags
 and
@@ -736,10 +618,8 @@ All these functions have been available since
 .Fn X509_VERIFY_PARAM_get0_peername ,
 .Fn X509_VERIFY_PARAM_set1_email ,
 .Fn X509_VERIFY_PARAM_set1_ip ,
-.Fn X509_VERIFY_PARAM_set1_ip_asc ,
-.Fn X509_VERIFY_PARAM_get_count ,
 and
-.Fn X509_VERIFY_PARAM_get0
+.Fn X509_VERIFY_PARAM_set1_ip_asc
 first appeared in OpenSSL 1.0.2 and have been available since
 .Ox 6.3 .
 .Sh BUGS

diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index ea3c867b8b..a90fe6ea84 100644 --- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.17 2021/07/23 16:43:56 schwarze Exp $	1	.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.18 2021/10/18 14:46:37 schwarze Exp $
2	.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500	2	.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\"	4	.\"
@@ -68,12 +68,10 @@
68	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	68	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
69	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	69	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
70	.\"	70	.\"
71	.Dd $Mdocdate: July 23 2021 $	71	.Dd $Mdocdate: October 18 2021 $
72	.Dt X509_VERIFY_PARAM_SET_FLAGS 3	72	.Dt X509_VERIFY_PARAM_SET_FLAGS 3
73	.Os	73	.Os
74	.Sh NAME	74	.Sh NAME
75	.Nm X509_VERIFY_PARAM_new ,
76	.Nm X509_VERIFY_PARAM_free ,
77	.Nm X509_VERIFY_PARAM_get0_name ,	75	.Nm X509_VERIFY_PARAM_get0_name ,
78	.Nm X509_VERIFY_PARAM_set1_name ,	76	.Nm X509_VERIFY_PARAM_set1_name ,
79	.Nm X509_VERIFY_PARAM_set_flags ,	77	.Nm X509_VERIFY_PARAM_set_flags ,
@@ -92,23 +90,10 @@
92	.Nm X509_VERIFY_PARAM_get0_peername ,	90	.Nm X509_VERIFY_PARAM_get0_peername ,
93	.Nm X509_VERIFY_PARAM_set1_email ,	91	.Nm X509_VERIFY_PARAM_set1_email ,
94	.Nm X509_VERIFY_PARAM_set1_ip ,	92	.Nm X509_VERIFY_PARAM_set1_ip ,
95	.Nm X509_VERIFY_PARAM_set1_ip_asc ,	93	.Nm X509_VERIFY_PARAM_set1_ip_asc
96	.Nm X509_VERIFY_PARAM_add0_table ,
97	.Nm X509_VERIFY_PARAM_lookup ,
98	.Nm X509_VERIFY_PARAM_get_count ,
99	.Nm X509_VERIFY_PARAM_get0 ,
100	.Nm X509_VERIFY_PARAM_table_cleanup
101	.Nd X509 verification parameters	94	.Nd X509 verification parameters
102	.Sh SYNOPSIS	95	.Sh SYNOPSIS
103	.In openssl/x509_vfy.h	96	.In openssl/x509_vfy.h
104	.Ft X509_VERIFY_PARAM *
105	.Fo X509_VERIFY_PARAM_new
106	.Fa void
107	.Fc
108	.Ft void
109	.Fo X509_VERIFY_PARAM_free
110	.Fa "X509_VERIFY_PARAM *param"
111	.Fc
112	.Ft const char *	97	.Ft const char *
113	.Fo X509_VERIFY_PARAM_get0_name	98	.Fo X509_VERIFY_PARAM_get0_name
114	.Fa "const X509_VERIFY_PARAM *param"	99	.Fa "const X509_VERIFY_PARAM *param"
@@ -204,46 +189,11 @@
204	.Fa "X509_VERIFY_PARAM *param"	189	.Fa "X509_VERIFY_PARAM *param"
205	.Fa "const char *ipasc"	190	.Fa "const char *ipasc"
206	.Fc	191	.Fc
207	.Ft int
208	.Fo X509_VERIFY_PARAM_add0_table
209	.Fa "X509_VERIFY_PARAM *param"
210	.Fc
211	.Ft const X509_VERIFY_PARAM *
212	.Fo X509_VERIFY_PARAM_lookup
213	.Fa "const char *name"
214	.Fc
215	.Ft int
216	.Fo X509_VERIFY_PARAM_get_count
217	.Fa void
218	.Fc
219	.Ft const X509_VERIFY_PARAM *
220	.Fo X509_VERIFY_PARAM_get0
221	.Fa "int id"
222	.Fc
223	.Ft void
224	.Fo X509_VERIFY_PARAM_table_cleanup
225	.Fa void
226	.Fc
227	.Sh DESCRIPTION	192	.Sh DESCRIPTION
228	These functions manipulate an	193	These functions manipulate an
229	.Vt X509_VERIFY_PARAM	194	.Vt X509_VERIFY_PARAM
230	object associated with a certificate verification operation.	195	object associated with a certificate verification operation.
231	.Pp	196	.Pp
232	.Fn X509_VERIFY_PARAM_new
233	allocates and initializes an empty
234	.Vt X509_VERIFY_PARAM
235	object.
236	.Pp
237	.Fn X509_VERIFY_PARAM_free
238	clears all data contained in
239	.Fa param
240	and releases all memory used by it.
241	If
242	.Fa param
243	is a
244	.Dv NULL
245	pointer, no action occurs.
246	.Pp
247	.Fn X509_VERIFY_PARAM_get0_name	197	.Fn X509_VERIFY_PARAM_get0_name
248	returns the name of the given	198	returns the name of the given
249	.Fa param	199	.Fa param
@@ -458,62 +408,15 @@ The condensed "::" notation is supported for IPv6 addresses.
458	will fail if	408	will fail if
459	.Fa ipasc	409	.Fa ipasc
460	is unparsable.	410	is unparsable.
461	.Pp
462	.Fn X509_VERIFY_PARAM_add0_table
463	adds
464	.Fa param
465	to a static list of
466	.Vt X509_VERIFY_PARAM
467	objects maintained by the library.
468	This function is extremely dangerous because contrary to the name
469	of the function, if the list already contains an object that happens
470	to have the same name, that old object is not only silently removed
471	from the list, but also silently freed, which may silently invalidate
472	various pointers existing elsewhere in the program.
473	.Pp
474	.Fn X509_VERIFY_PARAM_lookup
475	searches this list for an object of the given
476	.Fa name .
477	If no match is found, the predefined objects built-in to the library
478	are also inspected.
479	.Pp
480	.Fn X509_VERIFY_PARAM_get_count
481	returns the sum of the number of objects on this list and the number
482	of predefined objects built-in to the library.
483	Note that this is not necessarily the total number of
484	.Vt X509_VERIFY_PARAM
485	objects existing in the program because there may be additional such
486	objects that were never added to the list.
487	.Pp
488	.Fn X509_VERIFY_PARAM_get0
489	accesses predefined and user-defined objects using
490	.Fa id
491	as an index, useful for looping over objects without knowing their names.
492	An argument less than the number of predefined objects selects
493	one of the predefined objects; a higher argument selects an object
494	from the list.
495	.Pp
496	.Fn X509_VERIFY_PARAM_table_cleanup
497	deletes all objects from this list.
498	It is extremely dangerous because it also invalidates all data that
499	was contained in all objects that were on the list and because it
500	frees all these objects, which may invalidate various pointers
501	existing elsewhere in the program.
502	.Sh RETURN VALUES	411	.Sh RETURN VALUES
503	.Fn X509_VERIFY_PARAM_new
504	returns a pointer to the new object, or
505	.Dv NULL
506	on allocation failure.
507	.Pp
508	.Fn X509_VERIFY_PARAM_set1_name ,	412	.Fn X509_VERIFY_PARAM_set1_name ,
509	.Fn X509_VERIFY_PARAM_set_flags ,	413	.Fn X509_VERIFY_PARAM_set_flags ,
510	.Fn X509_VERIFY_PARAM_clear_flags ,	414	.Fn X509_VERIFY_PARAM_clear_flags ,
511	.Fn X509_VERIFY_PARAM_set_purpose ,	415	.Fn X509_VERIFY_PARAM_set_purpose ,
512	.Fn X509_VERIFY_PARAM_set_trust ,	416	.Fn X509_VERIFY_PARAM_set_trust ,
513	.Fn X509_VERIFY_PARAM_add0_policy ,	417	.Fn X509_VERIFY_PARAM_add0_policy ,
514	.Fn X509_VERIFY_PARAM_set1_policies ,
515	and	418	and
516	.Fn X509_VERIFY_PARAM_add0_table	419	.Fn X509_VERIFY_PARAM_set1_policies
517	return 1 for success or 0 for failure.	420	return 1 for success or 0 for failure.
518	.Pp	421	.Pp
519	.Fn X509_VERIFY_PARAM_set1_host ,	422	.Fn X509_VERIFY_PARAM_set1_host ,
@@ -521,7 +424,7 @@ return 1 for success or 0 for failure.
521	.Fn X509_VERIFY_PARAM_set1_email ,	424	.Fn X509_VERIFY_PARAM_set1_email ,
522	.Fn X509_VERIFY_PARAM_set1_ip ,	425	.Fn X509_VERIFY_PARAM_set1_ip ,
523	and	426	and
524	.Fn X509_VERIFY_PARAM_set1_ip_asc ,	427	.Fn X509_VERIFY_PARAM_set1_ip_asc
525	return 1 for success or 0 for failure.	428	return 1 for success or 0 for failure.
526	A failure from these routines will poison	429	A failure from these routines will poison
527	the	430	the
@@ -543,21 +446,6 @@ return pointers to strings that are only valid
543	during the lifetime of the given	446	during the lifetime of the given
544	.Fa param	447	.Fa param
545	object and that must not be freed by the application program.	448	object and that must not be freed by the application program.
546	.Pp
547	.Fn X509_VERIFY_PARAM_lookup
548	and
549	.Fn X509_VERIFY_PARAM_get0
550	return a pointer to an existing built-in or user-defined object, or
551	.Dv NULL
552	if no object with the given
553	.Fa name
554	is found, or if
555	.Fa id
556	is at least
557	.Fn X509_VERIFY_PARAM_get_count .
558	.Pp
559	.Fn X509_VERIFY_PARAM_get_count
560	returns a number of objects.
561	.Sh VERIFICATION FLAGS	449	.Sh VERIFICATION FLAGS
562	The verification flags consists of zero or more of the following	450	The verification flags consists of zero or more of the following
563	flags OR'ed together.	451	flags OR'ed together.
@@ -702,12 +590,9 @@ X509_VERIFY_PARAM_free(param);
702	.Xr SSL_set1_host 3 ,	590	.Xr SSL_set1_host 3 ,
703	.Xr SSL_set1_param 3 ,	591	.Xr SSL_set1_param 3 ,
704	.Xr X509_check_host 3 ,	592	.Xr X509_check_host 3 ,
705	.Xr X509_STORE_CTX_set0_param 3 ,	593	.Xr X509_verify_cert 3 ,
706	.Xr X509_STORE_set1_param 3 ,	594	.Xr X509_VERIFY_PARAM_new 3
707	.Xr X509_verify_cert 3
708	.Sh HISTORY	595	.Sh HISTORY
709	.Fn X509_VERIFY_PARAM_new ,
710	.Fn X509_VERIFY_PARAM_free ,
711	.Fn X509_VERIFY_PARAM_set1_name ,	596	.Fn X509_VERIFY_PARAM_set1_name ,
712	.Fn X509_VERIFY_PARAM_set_flags ,	597	.Fn X509_VERIFY_PARAM_set_flags ,
713	.Fn X509_VERIFY_PARAM_set_purpose ,	598	.Fn X509_VERIFY_PARAM_set_purpose ,
@@ -716,11 +601,8 @@ X509_VERIFY_PARAM_free(param);
716	.Fn X509_VERIFY_PARAM_add0_policy ,	601	.Fn X509_VERIFY_PARAM_add0_policy ,
717	.Fn X509_VERIFY_PARAM_set1_policies ,	602	.Fn X509_VERIFY_PARAM_set1_policies ,
718	.Fn X509_VERIFY_PARAM_set_depth ,	603	.Fn X509_VERIFY_PARAM_set_depth ,
719	.Fn X509_VERIFY_PARAM_get_depth ,
720	.Fn X509_VERIFY_PARAM_add0_table ,
721	.Fn X509_VERIFY_PARAM_lookup ,
722	and	604	and
723	.Fn X509_VERIFY_PARAM_table_cleanup	605	.Fn X509_VERIFY_PARAM_get_depth
724	first appeared in OpenSSL 0.9.8.	606	first appeared in OpenSSL 0.9.8.
725	.Fn X509_VERIFY_PARAM_clear_flags	607	.Fn X509_VERIFY_PARAM_clear_flags
726	and	608	and
@@ -736,10 +618,8 @@ All these functions have been available since
736	.Fn X509_VERIFY_PARAM_get0_peername ,	618	.Fn X509_VERIFY_PARAM_get0_peername ,
737	.Fn X509_VERIFY_PARAM_set1_email ,	619	.Fn X509_VERIFY_PARAM_set1_email ,
738	.Fn X509_VERIFY_PARAM_set1_ip ,	620	.Fn X509_VERIFY_PARAM_set1_ip ,
739	.Fn X509_VERIFY_PARAM_set1_ip_asc ,
740	.Fn X509_VERIFY_PARAM_get_count ,
741	and	621	and
742	.Fn X509_VERIFY_PARAM_get0	622	.Fn X509_VERIFY_PARAM_set1_ip_asc
743	first appeared in OpenSSL 1.0.2 and have been available since	623	first appeared in OpenSSL 1.0.2 and have been available since
744	.Ox 6.3 .	624	.Ox 6.3 .
745	.Sh BUGS	625	.Sh BUGS