summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/man/ASN1_STRING_TABLE_add.310
-rw-r--r--lib/libcrypto/man/ASN1_STRING_length.315
-rw-r--r--lib/libcrypto/man/ASN1_STRING_new.314
-rw-r--r--lib/libcrypto/man/ASN1_item_new.312
-rw-r--r--lib/libcrypto/man/OBJ_nid2obj.321
-rw-r--r--lib/libcrypto/man/PEM_write_bio_PKCS7_stream.310
-rw-r--r--lib/libcrypto/man/PKCS12_newpass.313
-rw-r--r--lib/libcrypto/man/PKCS7_sign_add_signer.37
-rw-r--r--lib/libcrypto/man/SMIME_write_PKCS7.310
-rw-r--r--lib/libcrypto/man/X509V3_get_d2i.336
-rw-r--r--lib/libcrypto/man/X509_CRL_get0_by_serial.314
-rw-r--r--lib/libcrypto/man/X509_NAME_ENTRY_get_object.339
-rw-r--r--lib/libcrypto/man/X509_NAME_add_entry_by_txt.38
-rw-r--r--lib/libcrypto/man/X509_NAME_get_index_by_NID.350
-rw-r--r--lib/libcrypto/man/X509_REVOKED_new.318
-rw-r--r--lib/libcrypto/man/X509_get_pubkey.314
-rw-r--r--lib/libcrypto/man/X509_get_serialNumber.39
-rw-r--r--lib/libcrypto/man/X509_get_subject_name.37
-rw-r--r--lib/libcrypto/man/X509_get_version.37
-rw-r--r--lib/libcrypto/man/X509_sign.38
20 files changed, 198 insertions, 124 deletions
diff --git a/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
index cf5741e987b..c4ae6c9bfa1 100644
--- a/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
+++ b/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.3 2018/03/22 16:06:33 schwarze Exp $
+.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.4 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: June 14 2019 $
.Dt ASN1_STRING_TABLE_ADD 3
.Os
.Sh NAME
@@ -75,8 +75,11 @@ The function
.Fn ASN1_STRING_TABLE_cleanup
removes and frees all entries except the predefined ones.
.Sh RETURN VALUES
+The
.Fn ASN1_STRING_TABLE_add
-returns 1 on success or 0 if an error occurred.
+function returns 1 if successful; otherwise 0 is returned
+and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Pp
.Fn ASN1_STRING_TABLE_get
returns a valid
@@ -86,7 +89,6 @@ structure or
if nothing is found.
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
-.Xr ERR_get_error 3 ,
.Xr OBJ_nid2obj 3
.Sh HISTORY
.Fn ASN1_STRING_TABLE_add ,
diff --git a/lib/libcrypto/man/ASN1_STRING_length.3 b/lib/libcrypto/man/ASN1_STRING_length.3
index 2e5ffe924d6..d4f510ea37a 100644
--- a/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/lib/libcrypto/man/ASN1_STRING_length.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_STRING_length.3,v 1.18 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: ASN1_STRING_length.3,v 1.19 2019/06/14 13:59:32 schwarze Exp $
.\" full merge up to: OpenSSL 4a56d2a3 Feb 25 16:49:27 2018 +0300
.\"
.\" This file is a derived work.
@@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt ASN1_STRING_LENGTH 3
.Os
.Sh NAME
@@ -287,9 +287,16 @@ or a negative number if an error occurred.
.Fn ASN1_STRING_type
returns an integer constant, for example
.Dv V_ASN1_OCTET_STRING .
+.Pp
+In some cases of failure of
+.Fn ASN1_STRING_dup ,
+.Fn ASN1_STRING_set ,
+and
+.Fn ASN1_STRING_to_UTF8 ,
+the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
-.Xr ASN1_STRING_new 3 ,
-.Xr ERR_get_error 3
+.Xr ASN1_STRING_new 3
.Sh HISTORY
.Fn ASN1_STRING_cmp ,
.Fn ASN1_STRING_dup ,
diff --git a/lib/libcrypto/man/ASN1_STRING_new.3 b/lib/libcrypto/man/ASN1_STRING_new.3
index b12d936fefc..46325f3968b 100644
--- a/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/lib/libcrypto/man/ASN1_STRING_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_STRING_new.3,v 1.16 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: ASN1_STRING_new.3,v 1.17 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400
.\"
.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt ASN1_STRING_NEW 3
.Os
.Sh NAME
@@ -184,7 +184,7 @@ and which ASN.1 type it represents.
.El
.Pp
All the
-.Fa *_free
+.Fn *_free
functions free
.Fa a
including any data contained in it.
@@ -195,12 +195,13 @@ is a
pointer, no action occurs.
.Sh RETURN VALUES
All the
-.Fa *_new
+.Fn *_new
functions return the new
.Vt ASN1_STRING
-object or
+object if successful; otherwise
.Dv NULL
-if an error occurs.
+is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ASN1_INTEGER_get 3 ,
.Xr ASN1_STRING_length 3 ,
@@ -210,7 +211,6 @@ if an error occurs.
.Xr ASN1_TYPE_get 3 ,
.Xr d2i_ASN1_OBJECT 3 ,
.Xr d2i_ASN1_OCTET_STRING 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_cmp_time 3 ,
.Xr X509_EXTENSION_get_object 3 ,
.Xr X509_get_ext_by_OBJ 3 ,
diff --git a/lib/libcrypto/man/ASN1_item_new.3 b/lib/libcrypto/man/ASN1_item_new.3
index 259deaca56b..d45be112f11 100644
--- a/lib/libcrypto/man/ASN1_item_new.3
+++ b/lib/libcrypto/man/ASN1_item_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_item_new.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $
+.\" $OpenBSD: ASN1_item_new.3,v 1.5 2019/06/14 13:59:32 schwarze Exp $
.\"
.\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: June 14 2019 $
.Dt ASN1_ITEM_NEW 3
.Os
.Sh NAME
@@ -96,12 +96,14 @@ does not return a pointer at all, but a
value cast to
.Vt ASN1_VALUE * .
.Sh RETURN VALUES
+The
.Fn ASN1_item_new
-returns the new
+function returns the new
.Vt ASN1_VALUE
-object or
+object if successful; otherwise
.Dv NULL
-if an error occurs.
+is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ASN1_item_d2i 3 ,
.Xr ASN1_TYPE_new 3 ,
diff --git a/lib/libcrypto/man/OBJ_nid2obj.3 b/lib/libcrypto/man/OBJ_nid2obj.3
index ad743b06a0c..26acea5c58c 100644
--- a/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_nid2obj.3,v 1.13 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: OBJ_nid2obj.3,v 1.14 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL c264592d May 14 11:28:00 2006 +0000
.\"
.\" This file is a derived work.
@@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt OBJ_NID2OBJ 3
.Os
.Sh NAME
@@ -340,6 +340,20 @@ on error.
returns the new NID or
.Dv NID_undef
if an error occurs.
+.Pp
+In some cases of failure of
+.Fn OBJ_nid2obj ,
+.Fn OBJ_nid2ln ,
+.Fn OBJ_nid2sn ,
+.Fn OBJ_txt2nid ,
+.Fn OBJ_txt2obj ,
+.Fn OBJ_obj2txt ,
+.Fn OBJ_dup ,
+.Fn OBJ_create ,
+and
+.Fn i2t_ASN1_OBJECT ,
+the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh EXAMPLES
Create an object for
.Sy commonName :
@@ -369,8 +383,7 @@ obj = OBJ_txt2obj("1.2.3.4", 1);
.Ed
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
-.Xr d2i_ASN1_OBJECT 3 ,
-.Xr ERR_get_error 3
+.Xr d2i_ASN1_OBJECT 3
.Sh HISTORY
.Fn OBJ_nid2obj ,
.Fn OBJ_nid2ln ,
diff --git a/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
index 30bab9f0f71..91a1a5cd5e7 100644
--- a/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
+++ b/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $
+.\" $OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.9 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: June 14 2019 $
.Dt PEM_WRITE_BIO_PKCS7_STREAM 3
.Os
.Sh NAME
@@ -74,11 +74,11 @@ This function is effectively a version of
.Xr PEM_write_bio_PKCS7 3
supporting streaming.
.Sh RETURN VALUES
-.Fn PEM_write_bio_PKCS7_stream
-returns 1 for success or 0 for failure.
+Upon successful completion, 1 is returned;
+otherwise 0 is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr BIO_new 3 ,
-.Xr ERR_get_error 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
.Xr PEM_write_PKCS7 3 ,
.Xr PKCS7_new 3 ,
diff --git a/lib/libcrypto/man/PKCS12_newpass.3 b/lib/libcrypto/man/PKCS12_newpass.3
index b8e56124eb1..b5642c96ea4 100644
--- a/lib/libcrypto/man/PKCS12_newpass.3
+++ b/lib/libcrypto/man/PKCS12_newpass.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS12_newpass.3,v 1.3 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: PKCS12_newpass.3,v 1.4 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL c95a8b4e May 5 14:26:26 2016 +0100
.\"
.\" This file was written by Jeffrey Walton <noloader@gmail.com>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt PKCS12_NEWPASS 3
.Os
.Sh NAME
@@ -92,12 +92,8 @@ the function will fail with a MAC verification error.
In rare cases, the PKCS#12 structure does not contain a MAC:
in this case it will usually fail with a decryption padding error.
.Sh RETURN VALUES
-.Fn PKCS12_newpass
-returns 1 on success or 0 on failure.
-.Pp
-Applications can retrieve the most recent error from
-.Fn PKCS12_newpass
-with
+Upon successful completion, 1 is returned;
+otherwise 0 is returned and an error code can be retrieved with
.Xr ERR_get_error 3 .
.Sh EXAMPLES
This example loads a PKCS#12 file, changes its password,
@@ -147,7 +143,6 @@ int main(int argc, char **argv)
}
.Ed
.Sh SEE ALSO
-.Xr ERR_get_error 3 ,
.Xr PKCS12_create 3 ,
.Xr PKCS12_new 3
.Sh HISTORY
diff --git a/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/lib/libcrypto/man/PKCS7_sign_add_signer.3
index 6dad880d454..41d57c2c266 100644
--- a/lib/libcrypto/man/PKCS7_sign_add_signer.3
+++ b/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.10 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt PKCS7_SIGN_ADD_SIGNER 3
.Os
.Sh NAME
@@ -170,8 +170,9 @@ returns an internal pointer to the
structure just added or
.Dv NULL
if an error occurs.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
-.Xr ERR_get_error 3 ,
.Xr EVP_DigestInit 3 ,
.Xr PKCS7_new 3 ,
.Xr PKCS7_sign 3
diff --git a/lib/libcrypto/man/SMIME_write_PKCS7.3 b/lib/libcrypto/man/SMIME_write_PKCS7.3
index a0a15763a1b..8baf6689a69 100644
--- a/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.5 2018/03/22 16:06:33 schwarze Exp $
+.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.6 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: June 14 2019 $
.Dt SMIME_WRITE_PKCS7 3
.Os
.Sh NAME
@@ -127,10 +127,10 @@ indefinite length constructed encoding except in the case of signed
data with detached content where the content is absent and DER
format is used.
.Sh RETURN VALUES
-.Fn SMIME_write_PKCS7
-returns 1 for success or 0 for failure.
+Upon successful completion, 1 is returned;
+otherwise 0 is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
-.Xr ERR_get_error 3 ,
.Xr i2d_PKCS7_bio_stream 3 ,
.Xr PEM_write_PKCS7 3 ,
.Xr PKCS7_new 3 ,
diff --git a/lib/libcrypto/man/X509V3_get_d2i.3 b/lib/libcrypto/man/X509V3_get_d2i.3
index 768b2aebcdf..70a36530ba5 100644
--- a/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509V3_get_d2i.3,v 1.15 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509V3_get_d2i.3,v 1.16 2019/06/14 13:59:32 schwarze Exp $
.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000
.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
@@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509V3_GET_D2I 3
.Os
.Sh NAME
@@ -368,24 +368,35 @@ RFC 5280.
.It Hold Instruction Code Ta Dv NID_hold_instruction_code
.El
.Sh RETURN VALUES
-.Fn X509V3_get_d2i
+.Fn X509V3_get_d2i ,
+.Fn X509V3_EXT_d2i ,
+.Fn X509_get_ext_d2i ,
+.Fn X509_CRL_get_ext_d2i ,
and
-.Fn X509V3_EXT_d2i
+.Fn X509_REVOKED_get_ext_d2i
return a pointer to an extension specific structure or
.Dv NULL
if an error occurs.
.Pp
+.Fn X509V3_add1_i2d ,
+.Fn X509_add1_ext_i2d ,
+.Fn X509_CRL_add1_ext_i2d ,
+and
+.Fn X509_REVOKED_add1_ext_i2d
+return 1 if the operation is successful, 0 if it fails due to a
+non-fatal error (extension not found, already exists, cannot be encoded),
+or -1 due to a fatal error such as a memory allocation failure.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
+.Pp
+The
.Fn X509V3_EXT_i2d
-returns a pointer to an
+function returns a pointer to an
.Vt X509_EXTENSION
-structure or
+structure if successful; otherwise
.Dv NULL
-if an error occurs.
-.Pp
-.Fn X509V3_add1_i2d
-returns 1 if the operation is successful, 0 if it fails due to a
-non-fatal error (extension not found, already exists, cannot be encoded),
-or -1 due to a fatal error such as a memory allocation failure.
+is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Pp
.Fn X509_get0_extensions ,
.Fn X509_CRL_get0_extensions ,
@@ -397,7 +408,6 @@ if no extensions are present.
.Sh SEE ALSO
.Xr d2i_X509 3 ,
.Xr d2i_X509_EXTENSION 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_EXTENSION_new 3 ,
diff --git a/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/lib/libcrypto/man/X509_CRL_get0_by_serial.3
index 4e04395f2ac..14eb82493d3 100644
--- a/lib/libcrypto/man/X509_CRL_get0_by_serial.3
+++ b/lib/libcrypto/man/X509_CRL_get0_by_serial.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.10 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL X509_CRL_get0_by_serial.pod cdd6c8c5 Mar 20 12:29:37 2017 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_CRL_GET0_BY_SERIAL 3
.Os
.Sh NAME
@@ -142,16 +142,20 @@ has the reason
.Qq removeFromCRL ,
in which case 2 is returned.
.Pp
+The
.Fn X509_CRL_add0_revoked
-and
+function returns 1 if successful;
+otherwise 0 is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
+.Pp
.Fn X509_CRL_sort
-return 1 for success or 0 for failure.
+returns 1 for success or 0 for failure.
+The current implementation cannot fail.
.Pp
.Fn X509_CRL_get_REVOKED
returns a STACK of revoked entries.
.Sh SEE ALSO
.Xr d2i_X509_CRL 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_CRL_get_ext 3 ,
.Xr X509_CRL_get_issuer 3 ,
.Xr X509_CRL_get_version 3 ,
diff --git a/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
index d2cb9baa3c1..aab40c2aa5b 100644
--- a/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+++ b/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.12 2018/05/19 21:25:51 schwarze Exp $
+.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.13 2019/06/14 13:59:32 schwarze Exp $
.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
.\"
@@ -67,7 +67,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 19 2018 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_NAME_ENTRY_GET_OBJECT 3
.Os
.Sh NAME
@@ -223,16 +223,14 @@ but in the case of
the field type must be set first so the relevant field information
can be looked up internally.
.Sh RETURN VALUES
-.Fn X509_NAME_ENTRY_new ,
-.Fn X509_NAME_ENTRY_create_by_txt ,
-.Fn X509_NAME_ENTRY_create_by_NID ,
-and
-.Fn X509_NAME_ENTRY_create_by_OBJ
-return a valid
+The
+.Fn X509_NAME_ENTRY_new
+function returns a valid
.Vt X509_NAME_ENTRY
-structure on success or
+structure if successful; otherwise
.Dv NULL
-if an error occurred.
+is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
.Pp
.Fn X509_NAME_ENTRY_get_object
returns a valid
@@ -248,12 +246,29 @@ structure if it is set or
.Dv NULL
if an error occurred.
.Pp
+The
.Fn X509_NAME_ENTRY_set_object
-and
+function returns 1 if successful;
+otherwise 0 is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
+.Pp
.Fn X509_NAME_ENTRY_set_data
return 1 on success or 0 on error.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
+.Pp
+.Fn X509_NAME_ENTRY_create_by_txt ,
+.Fn X509_NAME_ENTRY_create_by_NID ,
+and
+.Fn X509_NAME_ENTRY_create_by_OBJ
+return a valid
+.Vt X509_NAME_ENTRY
+structure on success or
+.Dv NULL
+if an error occurred.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
-.Xr ERR_get_error 3 ,
.Xr OBJ_nid2obj 3 ,
.Xr X509_NAME_add_entry 3 ,
.Xr X509_NAME_get_entry 3 ,
diff --git a/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index 0638e15b8d0..56e1564a63c 100644
--- a/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.13 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.14 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_NAME_ADD_ENTRY_BY_TXT 3
.Os
.Sh NAME
@@ -229,6 +229,9 @@ returns either the deleted
structure or
.Dv NULL
if an error occurred.
+.Pp
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh EXAMPLES
Create an
.Vt X509_NAME
@@ -252,7 +255,6 @@ if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
.Ed
.Sh SEE ALSO
.Xr d2i_X509_NAME 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_new 3
diff --git a/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index d950563363c..ce0247b2020 100644
--- a/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.11 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.12 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_NAME_GET_INDEX_BY_NID 3
.Os
.Sh NAME
@@ -119,14 +119,6 @@ after
.Fa lastpos .
.Fa lastpos
should initially be set to -1.
-If there are no more entries, -1 is returned.
-If
-.Fa nid
-is invalid (doesn't correspond to a valid OID), -2 is returned.
-.Pp
-.Fn X509_NAME_entry_count
-returns the total number of entries in
-.Fa name .
.Pp
.Fn X509_NAME_get_entry
retrieves the
@@ -140,7 +132,6 @@ Acceptable values for
run from 0 to
.Fn X509_NAME_entry_count name
- 1.
-The value returned is an internal pointer which must not be freed.
.Pp
.Fn X509_NAME_get_text_by_NID
and
@@ -151,21 +142,16 @@ which matches
.Fa nid
or
.Fa obj .
-If no such entry exists, -1 is returned.
At most
.Fa len
bytes will be written and the text written to
.Fa buf
will be NUL terminated.
-The length of the output string written is returned excluding the
-terminating NUL.
If
.Fa buf
is
-.Dv NULL
-then the amount of space needed in
-.Fa buf
-(excluding the final NUL) is returned.
+.Dv NULL ,
+nothing is written, but the return value is calculated as usual.
.Pp
All relevant
.Dv NID_*
@@ -185,19 +171,34 @@ is not
.Dv NULL .
.Sh RETURN VALUES
.Fn X509_NAME_get_index_by_NID
-and
+returns the index of the next matching entry, -1 if not found, or -2 if the
+.Fa nid
+does not correspond to a valid OID.
+.Pp
.Fn X509_NAME_get_index_by_OBJ
-return the index of the next matching entry or -1 if not found.
+returns the index of the next matching entry or -1 if not found.
.Pp
.Fn X509_NAME_entry_count
-returns the total number of entries.
+returns the total number of entries in
+.Fa name .
.Pp
.Fn X509_NAME_get_entry
-returns an
-.Vt X509_NAME
-pointer to the requested entry or
+returns an internal pointer which must not be freed by the caller or
.Dv NULL
if the index is invalid.
+.Pp
+.Fn X509_NAME_get_text_by_NID
+and
+.Fn X509_NAME_get_text_by_OBJ
+return the length of the output string written, not counting the
+terminating NUL, or -1 if no match is found.
+.Pp
+In some cases of failure of
+.Fn X509_NAME_get_index_by_NID
+and
+.Fn X509_NAME_get_text_by_NID ,
+the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh EXAMPLES
Process all entries:
.Bd -literal
@@ -225,7 +226,6 @@ for (;;) {
.Ed
.Sh SEE ALSO
.Xr d2i_X509_NAME 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
.Xr X509_NAME_new 3
.Sh HISTORY
diff --git a/lib/libcrypto/man/X509_REVOKED_new.3 b/lib/libcrypto/man/X509_REVOKED_new.3
index fbb5a630d75..af130ee41ad 100644
--- a/lib/libcrypto/man/X509_REVOKED_new.3
+++ b/lib/libcrypto/man/X509_REVOKED_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_REVOKED_new.3,v 1.10 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_REVOKED_new.3,v 1.11 2019/06/14 13:59:32 schwarze Exp $
.\" full merge up to:
.\" OpenSSL man3/X509_CRL_get0_by_serial cdd6c8c5 Mar 20 12:29:37 2017 +0100
.\"
@@ -66,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_REVOKED_NEW 3
.Os
.Sh NAME
@@ -146,14 +146,23 @@ The supplied
.Fa tm
pointer is not used internally so it should be freed up after use.
.Sh RETURN VALUES
+The
.Fn X509_REVOKED_new
-and
+function returns the new
+.Vt X509_REVOKED
+object if successful; otherwise
+.Dv NULL
+is returned and an error code can be retrieved with
+.Xr ERR_get_error 3 .
+.Pp
.Fn X509_REVOKED_dup
return the new
.Vt X509_REVOKED
object or
.Dv NULL
if an error occurs.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Pp
.Fn X509_REVOKED_get0_serialNumber
returns an internal pointer to the serial number of
@@ -167,9 +176,10 @@ returns an internal pointer to the revocation date of
and
.Fn X509_REVOKED_set_revocationDate
return 1 for success or 0 for failure.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_X509_CRL 3 ,
-.Xr ERR_get_error 3 ,
.Xr PEM_read_X509_CRL 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,
diff --git a/lib/libcrypto/man/X509_get_pubkey.3 b/lib/libcrypto/man/X509_get_pubkey.3
index bbbf16149f0..62367d8b0db 100644
--- a/lib/libcrypto/man/X509_get_pubkey.3
+++ b/lib/libcrypto/man/X509_get_pubkey.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_pubkey.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_get_pubkey.3,v 1.7 2019/06/14 13:59:32 schwarze Exp $
.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_GET_PUBKEY 3
.Os
.Sh NAME
@@ -144,9 +144,17 @@ if an error occurred.
and
.Fn X509_REQ_set_pubkey
return 1 for success or 0 for failure.
+.Pp
+In some cases of failure of
+.Fn X509_get0_pubkey ,
+.Fn X509_set_pubkey ,
+.Fn X509_REQ_get_pubkey ,
+and
+.Fn X509_REQ_set_pubkey ,
+the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_X509 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
.Xr X509_NAME_ENTRY_get_object 3 ,
diff --git a/lib/libcrypto/man/X509_get_serialNumber.3 b/lib/libcrypto/man/X509_get_serialNumber.3
index b8d540dcf26..f40b7ca7697 100644
--- a/lib/libcrypto/man/X509_get_serialNumber.3
+++ b/lib/libcrypto/man/X509_get_serialNumber.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_serialNumber.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $
+.\" $OpenBSD: X509_get_serialNumber.3,v 1.4 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_GET_SERIALNUMBER 3
.Os
.Sh NAME
@@ -91,10 +91,11 @@ returns an
structure.
.Pp
.Fn X509_set_serialNumber
-returns 1 for success and 0 for failure.
+returns 1 for success or 0 for failure.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_X509 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_get_pubkey 3 ,
.Xr X509_NAME_add_entry_by_txt 3 ,
diff --git a/lib/libcrypto/man/X509_get_subject_name.3 b/lib/libcrypto/man/X509_get_subject_name.3
index 6baad51d6fd..33bc5de24d8 100644
--- a/lib/libcrypto/man/X509_get_subject_name.3
+++ b/lib/libcrypto/man/X509_get_subject_name.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_subject_name.3,v 1.8 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_get_subject_name.3,v 1.9 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 0ad69cd6 Jun 14 23:02:16 2016 +0200
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_GET_SUBJECT_NAME 3
.Os
.Sh NAME
@@ -154,9 +154,10 @@ object.
and
.Fn X509_CRL_set_issuer_name
return 1 for success or 0 for failure.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_X509_NAME 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_get_pubkey 3 ,
diff --git a/lib/libcrypto/man/X509_get_version.3 b/lib/libcrypto/man/X509_get_version.3
index 6beebe02048..05d42e23b7b 100644
--- a/lib/libcrypto/man/X509_get_version.3
+++ b/lib/libcrypto/man/X509_get_version.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_version.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_get_version.3,v 1.7 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_GET_VERSION 3
.Os
.Sh NAME
@@ -133,9 +133,10 @@ return the numerical value of the version field.
and
.Fn X509_CRL_set_version
return 1 for success or 0 for failure.
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_X509 3 ,
-.Xr ERR_get_error 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_get_pubkey 3 ,
diff --git a/lib/libcrypto/man/X509_sign.3 b/lib/libcrypto/man/X509_sign.3
index b882afa1267..ca4c5192b25 100644
--- a/lib/libcrypto/man/X509_sign.3
+++ b/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_sign.3,v 1.7 2019/06/06 17:41:43 schwarze Exp $
+.\" $OpenBSD: X509_sign.3,v 1.8 2019/06/14 13:59:32 schwarze Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 14 2019 $
.Dt X509_SIGN 3
.Os
.Sh NAME
@@ -174,9 +174,11 @@ and
return 1 if the signature is valid or 0 if the signature check fails.
If the signature could not be checked at all because it was invalid or
some other error occurred, then -1 is returned.
+.Pp
+In some cases of failure, the reason can be determined with
+.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr d2i_X509 3 ,
-.Xr ERR_get_error 3 ,
.Xr EVP_DigestInit 3 ,
.Xr X509_CRL_get0_by_serial 3 ,
.Xr X509_CRL_new 3 ,