From 9732eb29ce21ed24935eade70fc6b23716f462a8 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 6 Mar 2024 02:34:14 +0000 Subject: [PATCH] Remove CRL method API documentation --- lib/libcrypto/man/Makefile | 3 +- lib/libcrypto/man/X509_CRL_METHOD_new.3 | 182 -------------------- lib/libcrypto/man/X509_CRL_get0_by_serial.3 | 17 +- lib/libcrypto/man/X509_CRL_new.3 | 18 +- lib/libcrypto/man/X509_sign.3 | 15 +- lib/libcrypto/man/d2i_X509_CRL.3 | 14 +- lib/libcrypto/man/evp.3 | 5 +- 7 files changed, 11 insertions(+), 243 deletions(-) delete mode 100644 lib/libcrypto/man/X509_CRL_METHOD_new.3 diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 1eec56fd0e3..5f213edcd98 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.285 2024/03/05 18:30:40 tb Exp $ +# $OpenBSD: Makefile,v 1.286 2024/03/06 02:34:14 tb Exp $ .include @@ -312,7 +312,6 @@ MAN= \ X509_ATTRIBUTE_new.3 \ X509_ATTRIBUTE_set1_object.3 \ X509_CINF_new.3 \ - X509_CRL_METHOD_new.3 \ X509_CRL_get0_by_serial.3 \ X509_CRL_new.3 \ X509_CRL_print.3 \ diff --git a/lib/libcrypto/man/X509_CRL_METHOD_new.3 b/lib/libcrypto/man/X509_CRL_METHOD_new.3 deleted file mode 100644 index f80ce743cde..00000000000 --- a/lib/libcrypto/man/X509_CRL_METHOD_new.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: October 30 2021 $ -.Dt X509_CRL_METHOD_NEW 3 -.Os -.Sh NAME -.Nm X509_CRL_METHOD_new , -.Nm X509_CRL_METHOD_free , -.Nm X509_CRL_set_default_method , -.Nm X509_CRL_set_meth_data , -.Nm X509_CRL_get_meth_data -.Nd customize CRL handling -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_CRL_METHOD * -.Fo X509_CRL_METHOD_new -.Fa "int (*crl_init)(X509_CRL *crl)" -.Fa "int (*crl_free)(X509_CRL *crl)" -.Fa "int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,\ - ASN1_INTEGER *ser, X509_NAME *issuer)" -.Fa "int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)" -.Fc -.Ft void -.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method" -.Ft void -.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method" -.Ft void -.Fn X509_CRL_set_meth_data "X509_CRL *crl" "void *data" -.Ft void * -.Fn X509_CRL_get_meth_data "X509_CRL *crl" -.Sh DESCRIPTION -These functions customize BER decoding and signature verification -of X.509 certificate revocation lists, -as well as retrieval of revoked entries from such lists. -.Pp -.Fn X509_CRL_METHOD_new -allocates and initializes a new -.Vt X509_CRL_METHOD -object, storing the four pointers to callback functions in it -that are provided as arguments. -.Pp -.Fn X509_CRL_METHOD_free -frees the given -.Fa method -object. -If -.Fa method -is a -.Dv NULL -pointer or points to the static object built into the library, -no action occurs. -.Pp -.Fn X509_CRL_set_default_method -designates the given -.Fa method -to be used for objects that will be created with -.Xr X509_CRL_new 3 -in the future. -It has no effect on -.Vt X509_CRL -objects that already exist. -If -.Fa method -is -.Dv NULL , -any previously installed method will no longer be used for new -.Vt X509_CRL -objects created in the future, and those future objects will adhere -to the default behaviour instead. -.Pp -The optional function -.Fn crl_init -will be called at the end of -.Xr d2i_X509_CRL 3 , -the optional function -.Fn crl_free -near the end of -.Xr X509_CRL_free 3 , -immediately before freeing -.Fa crl -itself. -The function -.Fn crl_lookup -will be called by -.Xr X509_CRL_get0_by_serial 3 , -setting -.Fa issuer -to -.Dv NULL , -and by -.Xr X509_CRL_get0_by_cert 3 , -both instead of performing the default action. -The function -.Fn crl_verify -will be called by -.Xr X509_CRL_verify 3 -instead of performing the default action. -.Pp -.Fn X509_CRL_set_meth_data -stores the pointer to the auxiliary -.Fa data -inside the -.Fa crl -object. -The pointer is expected to remain valid during the whole lifetime of the -.Fa crl -object but is not automatically freed when the -.Fa crl -object is freed. -.Pp -.Fn X509_CRL_get_meth_data -retrieves the -.Fa data -from -.Fa crl -the was added with -.Fn X509_CRL_set_meth_data . -This may for example be useful inside the four callback methods -installed with -.Fn X509_CRL_METHOD_new . -.Sh RETURN VALUES -.Fn X509_CRL_METHOD_new -returns a pointer to the new object or -.Dv NULL -if memory allocation fails. -.Pp -.Fn X509_CRL_get_meth_data -returns the pointer previously installed with -.Fn X509_CRL_set_meth_data -or -.Dv NULL -if -.Fn X509_CRL_set_meth_data -was not called on -.Fa crl . -.Pp -The callback functions -.Fn crl_init -and -.Fn crl_free -are supposed to return 1 for success or 0 for failure. -.Pp -The callback function -.Fn crl_lookup -is supposed to return 0 for failure or 1 for success, -except if the revoked entry has the reason -.Qq removeFromCRL , -in which case it is supposed to return 2. -.Pp -The callback function -.Fn crl_verify -is supposed to return 1 if the signature is valid -or 0 if the signature check fails. -If the signature could not be checked at all because it was invalid -or some other error occurred, \-1 may be returned. -.Sh SEE ALSO -.Xr ASN1_INTEGER_new 3 , -.Xr d2i_X509_CRL 3 , -.Xr EVP_PKEY_new 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_CRL_verify 3 , -.Xr X509_NAME_new 3 , -.Xr X509_REVOKED_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/lib/libcrypto/man/X509_CRL_get0_by_serial.3 index 865e86feb96..f5edee60850 100644 --- a/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ b/lib/libcrypto/man/X509_CRL_get0_by_serial.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $ +.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $ .\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 30 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_CRL_GET0_BY_SERIAL 3 .Os .Sh NAME @@ -105,18 +105,6 @@ except that it looks for a revoked entry using the serial number of certificate .Fa x . .Pp -If -.Xr X509_CRL_set_default_method 3 -was in effect at the time the -.Fa crl -object was created, -.Fn X509_CRL_get0_by_serial -and -.Fn X509_CRL_get0_by_cert -invoke the -.Fn crl_lookup -callback function instead of performing the default action. -.Pp .Fn X509_CRL_get_REVOKED returns an internal pointer to a stack of all revoked entries for .Fa crl . @@ -170,7 +158,6 @@ returns a STACK of revoked entries. .Xr X509_CRL_get_ext 3 , .Xr X509_CRL_get_issuer 3 , .Xr X509_CRL_get_version 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_REVOKED_new 3 , .Xr X509V3_get_d2i 3 diff --git a/lib/libcrypto/man/X509_CRL_new.3 b/lib/libcrypto/man/X509_CRL_new.3 index 82ba18266a7..f9355fcfd30 100644 --- a/lib/libcrypto/man/X509_CRL_new.3 +++ b/lib/libcrypto/man/X509_CRL_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $ +.\" $OpenBSD: X509_CRL_new.3,v 1.14 2024/03/06 02:34:14 tb Exp $ .\" .\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 30 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_CRL_NEW 3 .Os .Sh NAME @@ -67,19 +67,6 @@ decrements the reference count of by 1. If the reference count reaches 0, it frees .Fa crl . -If -.Xr X509_CRL_set_default_method 3 -was in effect at the time -.Fa crl -was created and the -.Fn crl_free -callback is not -.Dv NULL , -that callback is invoked near the end of -.Fn X509_CRL_free , -right before freeing -.Fa crl -itself. .Pp .Fn X509_CRL_INFO_new allocates and initializes an empty @@ -125,7 +112,6 @@ returns 1 on success or 0 on error. .Xr X509_CRL_get_issuer 3 , .Xr X509_CRL_get_version 3 , .Xr X509_CRL_match 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_print 3 , .Xr X509_CRL_sign 3 , .Xr X509_EXTENSION_new 3 , diff --git a/lib/libcrypto/man/X509_sign.3 b/lib/libcrypto/man/X509_sign.3 index 52890207fb3..059d92bac5a 100644 --- a/lib/libcrypto/man/X509_sign.3 +++ b/lib/libcrypto/man/X509_sign.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $ +.\" $OpenBSD: X509_sign.3,v 1.11 2024/03/06 02:34:14 tb Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 28 2023 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_SIGN 3 .Os .Sh NAME @@ -145,16 +145,6 @@ and .Fn X509_CRL_verify sign and verify certificate requests and CRLs, respectively. .Pp -If -.Xr X509_CRL_set_default_method 3 -was in effect at the time the -.Vt X509_CRL -object was created, -.Fn X509_CRL_verify -calls the -.Fn crl_verify -callback function instead of performing the default action. -.Pp .Fn X509_sign_ctx is used where the default parameters for the corresponding public key and digest are not suitable. @@ -183,7 +173,6 @@ In some cases of failure, the reason can be determined with .Xr d2i_X509 3 , .Xr EVP_DigestInit 3 , .Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_get_pubkey 3 , .Xr X509_get_subject_name 3 , diff --git a/lib/libcrypto/man/d2i_X509_CRL.3 b/lib/libcrypto/man/d2i_X509_CRL.3 index a0a19b4f554..948c283b515 100644 --- a/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/lib/libcrypto/man/d2i_X509_CRL.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $ +.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $ .\" .\" Copyright (c) 2016, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 30 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt D2I_X509_CRL 3 .Os .Sh NAME @@ -96,15 +96,6 @@ decode and encode an ASN.1 .Vt CertificateList structure defined in RFC 5280 section 5.1. .Pp -If -.Xr X509_CRL_set_default_method 3 -is in effect and the -.Fn crl_init -callback is not -.Dv NULL , -that callback is invoked at the end of -.Fn d2i_X509_CRL . -.Pp .Fn d2i_X509_CRL_bio , .Fn d2i_X509_CRL_fp , .Fn i2d_X509_CRL_bio , @@ -132,7 +123,6 @@ the revokedCertificates field of the ASN.1 structure. .Sh SEE ALSO .Xr ASN1_item_d2i 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_REVOKED_new 3 .Sh STANDARDS diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index ece3bfe7fc4..0222dd66b48 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.28 2024/03/05 17:21:40 tb Exp $ +.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 5 2024 $ +.Dd $Mdocdate: March 6 2024 $ .Dt EVP 3 .Os .Sh NAME @@ -234,7 +234,6 @@ family of functions provides base64 encoding and decoding. .Xr SSL_CTX_set_tlsext_ticket_key_cb 3 , .Xr X509_ALGOR_set_md 3 , .Xr X509_check_private_key 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_digest 3 , .Xr X509_get_pubkey 3 , .Xr X509_PUBKEY_set 3 , -- 2.20.1