diff options
Diffstat (limited to 'crypto/openssl/doc/internal')
10 files changed, 19 insertions, 16 deletions
diff --git a/crypto/openssl/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod b/crypto/openssl/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod index 16bd7f205c2d..6c78c3a447af 100644 --- a/crypto/openssl/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod +++ b/crypto/openssl/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod @@ -80,7 +80,7 @@ This example is of a function that computes the size of a record that has a four byte element count which is followed by that many elements. It returns zero on overflow. - OSSL_SAFE_MATH_UNSIGNED(sizet, size_t, SIZE_MAX) + OSSL_SAFE_MATH_UNSIGNED(sizet, size_t) size_t compute_record_size(uint32_t n) { @@ -99,7 +99,7 @@ The functions described here were all added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_certreq_new.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_certreq_new.pod index 37a234066d36..219ea7a5bcb2 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_certreq_new.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_certreq_new.pod @@ -150,7 +150,7 @@ The function does not protect the message if I<unprotectedErrors> is nonzero. =head1 NOTES -CMP is specified in RFC 4210 (and CRMF in RFC 4211). +CMP is specified in RFC 9810 (and CRMF in RFC 4211). =head1 RETURN VALUES diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod index f3c45ed56c65..3c5cf9f9a7e9 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod @@ -54,7 +54,7 @@ ossl_cmp_ctx_set1_recipNonce() sets the given recipient nonce in the context. =head1 NOTES -CMP is defined in RFC 4210 (and CRMF in RFC 4211). +CMP is defined in RFC 9810. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_hdr_init.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_hdr_init.pod index a0804aa4cf2a..61bdaad252bf 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_hdr_init.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_hdr_init.pod @@ -72,7 +72,7 @@ PKIHeader to the given X509 Name value, without consuming the pointer. If B<nm> is NULL, recipient is set to the NULL DN (the empty list of strings). ossl_cmp_hdr_update_messagetime() (re-)sets the messageTime to the current -system time. As written in RFC 4210, section 5.1.1: +system time. As written in RFC 9810, section 5.1.1: The messageTime field contains the time at which the sender created the message. This may be useful to allow end entities to correct/check their local time for consistency with the time on a central system. @@ -109,13 +109,13 @@ values in the given OSSL_CMP_CTX structure. This starts a new transaction in case ctx->transactionID is NULL. The sender name is copied from the subject of the client cert, if any, or else from the subject name provided for certification requests. -As required by RFC 4210 section 5.1.1., if the sender name is not known +As required by RFC 9810 section 5.1.1., if the sender name is not known to the client it set to the NULL-DN. In this case for identification at least the senderKID must be set, which we take from any referenceValue provided. =head1 NOTES -CMP is defined in RFC 4210 (and CRMF in RFC 4211). +CMP is defined in RFC 9810. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_mock_srv_new.pod index 6f4f4fe86ba0..165b68065063 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_mock_srv_new.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_mock_srv_new.pod @@ -85,7 +85,7 @@ the client should wait for the next poll. =head1 NOTES -CMP is defined in RFC 4210 (and CRMF in RFC 4211). +CMP is defined in RFC 9810 (and CRMF in RFC 4211). =head1 RETURN VALUES diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_msg_check_update.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_msg_check_update.pod index d1513bf34f0c..4643be69b77b 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_msg_check_update.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_msg_check_update.pod @@ -51,6 +51,7 @@ The callback is passed also the arguments B<ctx>, B<msg>, and <cb_arg> The callback should return 1 on acceptance, 0 on rejection, or -1 on error. It should not put an error on the error stack since this could be misleading. +Unless the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> is set in the B<ctx>, ossl_cmp_msg_check_update() adds all extraCerts contained in the <msg> to the list of untrusted certificates in B<ctx> such that they are already usable for OSSL_CMP_validate_msg(), which is called internally, and for future use. @@ -58,13 +59,13 @@ Thus they are available also to the certificate confirmation callback, and the peer does not need to send them again (at least not in the same transaction). Note that it does not help validating the message before storing the extraCerts because they are not part of the protected portion of the message anyway. -For efficiency, the extraCerts are prepended to the list so they get used first. +For efficiency, the extraCerts being cached are prepended to the list so they get used first. If all checks pass then ossl_cmp_msg_check_update() records in B<ctx> the senderNonce of the received message as the new recipNonce and learns the transaction ID if none is currently present in B<ctx>. -Moreover, according to RFC 4210 section 5.3.2, if the message protection is +Moreover, according to RFC 9810 section 5.3.2, if the message protection is PBM-based then any certificates in the caPubs field are added to the list of trusted certificates (if set via L<OSSL_CMP_CTX_set0_trusted(3)>). This way these certs are available for validating subsequent messages in the @@ -85,7 +86,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_msg_create.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_msg_create.pod index d4294d3e9fa6..6a8321cd80bc 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_msg_create.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_msg_create.pod @@ -107,7 +107,7 @@ Returns 1 on success, 0 on error. =head1 NOTES -CMP is defined in RFC 4210 (and CRMF in RFC 4211). +CMP is defined in RFC 9810. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_msg_protect.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_msg_protect.pod index 7e14274f584a..fce51c9840d2 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -41,7 +41,7 @@ of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). =head1 NOTES -CMP is defined in RFC 4210 (and CRMF in RFC 4211). +CMP is defined in RFC 9810. The I<ctx> parameter of ossl_cmp_msg_add_extraCerts() and thus also of ossl_cmp_msg_protect() cannot be made I<const> diff --git a/crypto/openssl/doc/internal/man3/ossl_cmp_pkisi_get_status.pod b/crypto/openssl/doc/internal/man3/ossl_cmp_pkisi_get_status.pod index e44bfd3f0190..df5acbf61d41 100644 --- a/crypto/openssl/doc/internal/man3/ossl_cmp_pkisi_get_status.pod +++ b/crypto/openssl/doc/internal/man3/ossl_cmp_pkisi_get_status.pod @@ -60,7 +60,7 @@ Uses data from I<ctx>, which in case of indirect POPO includes the private key. ossl_cmp_pkisi_get_status() returns the PKIStatus of I<si>, or -1 on error. ossl_cmp_PKIStatus_to_string() returns a human-readable string representing -the PKIStatus values as specified in RFC 4210, Appendix F. +the PKIStatus values as specified in RFC 9810, Appendix F. ossl_cmp_pkisi_get0_statusString() returns a direct pointer to the statusString field contained in I<si>. @@ -73,7 +73,7 @@ with index I<index> in the PKIFailureInfo of the I<si>, or -1 on error. =head1 NOTES -CMP is defined in RFC 4210 (and CRMF in RFC 4211). +CMP is defined in RFC 9810. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/internal/man7/deprecation.pod b/crypto/openssl/doc/internal/man7/deprecation.pod index de34c30fa22f..4e954584f43e 100644 --- a/crypto/openssl/doc/internal/man7/deprecation.pod +++ b/crypto/openssl/doc/internal/man7/deprecation.pod @@ -2,6 +2,8 @@ =head1 NAME +OPENSSL_NO_DEPRECATED_3_5, OSSL_DEPRECATEDIN_3_5, +OPENSSL_NO_DEPRECATED_3_4, OSSL_DEPRECATEDIN_3_4, OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1, OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0, OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1, @@ -131,7 +133,7 @@ L<openssl_user_macros(7)> =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |