src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2024-02-02 04:39:16 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2024-02-02 09:48:38 +0000
commit	9dd13e84fa8eca8f3462bd55485aa3da8c37f54a (patch)
tree	588240aeb9a7363618b8a687c72588bd74948634 /doc/man3
parent	825caf7e12445fa4818413cc37c8b45bebb6c3a9 (diff)

OpenSSL: Vendor import of OpenSSL 3.0.13vendor/openssl/3.0.13

* Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) * Fix excessive time spent in DH check / generation with large Q parameter value ([CVE-2023-5678]) Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html.

Diffstat (limited to 'doc/man3')

-rw-r--r--

doc/man3/BIO_f_md.pod

-rw-r--r--

doc/man3/BN_add.pod

-rw-r--r--

doc/man3/BN_mod_inverse.pod

-rw-r--r--

doc/man3/CMS_signed_get_attr.pod

214

-rw-r--r--

doc/man3/EVP_EncryptInit.pod

-rw-r--r--

doc/man3/EVP_MAC.pod

-rw-r--r--

doc/man3/EVP_PKEY_get_attr.pod

113

-rw-r--r--

doc/man3/OPENSSL_LH_COMPFUNC.pod

-rw-r--r--

doc/man3/OSSL_PARAM_int.pod

-rw-r--r--

doc/man3/PKCS12_create.pod

-rw-r--r--

doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod

-rw-r--r--

doc/man3/SSL_CTX_set_tmp_dh_callback.pod

-rw-r--r--

doc/man3/SSL_get_error.pod

-rw-r--r--

doc/man3/SSL_get_peer_certificate.pod

-rw-r--r--

doc/man3/X509_ATTRIBUTE.pod

263

-rw-r--r--

doc/man3/X509_REQ_get_attr.pod

111

-rw-r--r--

doc/man3/X509_REQ_get_extensions.pod

-rw-r--r--

doc/man3/X509_dup.pod

18 files changed, 870 insertions, 41 deletions

diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod
index c2b825e35272..397952f05a10 100644
--- a/doc/man3/BIO_f_md.pod
+++ b/doc/man3/BIO_f_md.pod

@@ -19,7 +19,7 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter

=head1 DESCRIPTION

BIO_f_md() returns the message digest BIO method. This is a filter

-BIO that digests any data passed through it, it is a BIO wrapper

+BIO that digests any data passed through it. It is a BIO wrapper

for the digest routines EVP_DigestInit(), EVP_DigestUpdate()

and EVP_DigestFinal().

@@ -36,8 +36,8 @@ BIO_set_md() sets the message digest of BIO B<b> to B<md>: this

must be called to initialize a digest BIO before any data is

passed through it. It is a BIO_ctrl() macro.

-BIO_get_md() places the a pointer to the digest BIOs digest method

-in B<mdp>, it is a BIO_ctrl() macro.

+BIO_get_md() places a pointer to the digest BIOs digest method

+in B<mdp>. It is a BIO_ctrl() macro.

BIO_get_md_ctx() returns the digest BIOs context into B<mdcp>.

diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
index 9561d554318f..35cfdd1495fd 100644
--- a/doc/man3/BN_add.pod
+++ b/doc/man3/BN_add.pod

@@ -114,6 +114,11 @@ temporary variables; see L<BN_CTX_new(3)>.

Unless noted otherwise, the result B<BIGNUM> must be different from

the arguments.

+=head1 NOTES

+For modular operations such as BN_nnmod() or BN_mod_exp() it is an error

+to use the same B<BIGNUM> object for the modulus as for the output.

=head1 RETURN VALUES

The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is

diff --git a/doc/man3/BN_mod_inverse.pod b/doc/man3/BN_mod_inverse.pod
index 5dbb5c3cc2d6..f88e0e63fafa 100644
--- a/doc/man3/BN_mod_inverse.pod
+++ b/doc/man3/BN_mod_inverse.pod

@@ -18,7 +18,11 @@ places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,

a new B<BIGNUM> is created.

B<ctx> is a previously allocated B<BN_CTX> used for temporary

-variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.

+variables. B<r> may be the same B<BIGNUM> as B<a>.

+=head1 NOTES

+It is an error to use the same B<BIGNUM> as B<n>.

=head1 RETURN VALUES

diff --git a/doc/man3/CMS_signed_get_attr.pod b/doc/man3/CMS_signed_get_attr.pod
new file mode 100644
index 000000000000..3ed904ef8a25
--- /dev/null
+++ b/doc/man3/CMS_signed_get_attr.pod

@@ -0,0 +1,214 @@

+=pod

+=head1 NAME

+CMS_signed_get_attr_count,

+CMS_signed_get_attr_by_NID, CMS_signed_get_attr_by_OBJ, CMS_signed_get_attr,

+CMS_signed_delete_attr,

+CMS_signed_add1_attr, CMS_signed_add1_attr_by_OBJ,

+CMS_signed_add1_attr_by_NID, CMS_signed_add1_attr_by_txt,

+CMS_signed_get0_data_by_OBJ,

+CMS_unsigned_get_attr_count,

+CMS_unsigned_get_attr_by_NID, CMS_unsigned_get_attr_by_OBJ,

+CMS_unsigned_get_attr, CMS_unsigned_delete_attr,

+CMS_unsigned_add1_attr, CMS_unsigned_add1_attr_by_OBJ,

+CMS_unsigned_add1_attr_by_NID, CMS_unsigned_add1_attr_by_txt,

+CMS_unsigned_get0_data_by_OBJ

+- CMS signed and unsigned attribute functions

+=head1 SYNOPSIS

+ #include <openssl/cms.h>

+ int CMS_signed_get_attr_count(const CMS_SignerInfo *si);

+ int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,

+ int lastpos);

+ int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,

+ int lastpos);

+ X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);

+ X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);

+ int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);

+ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,

+ const ASN1_OBJECT *obj, int type,

+ const void *bytes, int len);

+ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,

+ int nid, int type,

+ const void *bytes, int len);

+ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,

+ const char *attrname, int type,

+ const void *bytes, int len);

+ void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si,

+ const ASN1_OBJECT *oid,

+ int lastpos, int type);

+ int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);

+ int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,

+ int lastpos);

+ int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,

+ const ASN1_OBJECT *obj, int lastpos);

+ X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);

+ X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);

+ int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);

+ int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,

+ const ASN1_OBJECT *obj, int type,

+ const void *bytes, int len);

+ int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,

+ int nid, int type,

+ const void *bytes, int len);

+ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,

+ const char *attrname, int type,

+ const void *bytes, int len);

+ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,

+ int lastpos, int type);

+=head1 DESCRIPTION

+CMS_signerInfo contains separate attribute lists for signed and unsigned

+attributes. Each CMS_signed_XXX() function is used for signed attributes, and

+each CMS_unsigned_XXX() function is used for unsigned attributes.

+Since the CMS_unsigned_XXX() functions work in the same way as the

+CMS_signed_XXX() equivalents, only the CMS_signed_XXX() functions are

+described below.

+CMS_signed_get_attr_by_OBJ() finds the location of the first matching object

+I<obj> in the SignerInfo's I<si> signed attribute list. The search starts at the

+position after I<lastpos>. If the returned value is positive then it can be used

+on the next call to CMS_signed_get_attr_by_OBJ() as the value of I<lastpos> in

+order to iterate through the remaining attributes. I<lastpos> can be set to any

+negative value on the first call, in order to start searching from the start of

+the signed attribute list.

+CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except

+that it passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+CMS_signed_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the

+I<si> signed attribute list. I<loc> should be in the range from 0 to

+CMS_signed_get_attr_count() - 1.

+CMS_signed_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in

+the I<si> signed attribute list. An error occurs if the I<si> attribute list

+is NULL.

+CMS_signed_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> object

+to the I<si> signed attribute list. A new signed attribute list is created if

+required. An error occurs if I<attr> is NULL.

+CMS_signed_add1_attr_by_OBJ() creates a new signed B<X509_ATTRIBUTE> using

+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new

+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it

+to the I<key> object's attribute list.

+CMS_signed_add1_attr_by_NID() is similar to CMS_signed_add1_attr_by_OBJ() except

+that it passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+CMS_signed_add1_attr_by_txt() is similar to CMS_signed_add1_attr_by_OBJ()

+except that it passes a name I<attrname> associated with the object.

+See <openssl/obj_mac.h> for a list of SN_* names.

+CMS_signed_get0_data_by_OBJ() finds the first attribute in a I<si> signed

+attributes list that matches the I<obj> starting at index I<lastpos>

+and returns the data retrieved from the found attributes first B<ASN1_TYPE>

+object. An error will occur if the attribute type I<type> does not match the

+type of the B<ASN1_TYPE> object OR if I<type> is either B<V_ASN1_BOOLEAN> or

+B<V_ASN1_NULL> OR the attribute is not found.

+If I<lastpos> is less than -1 then an error will occur if there are multiple

+objects in the signed attribute list that match I<obj>.

+If I<lastpos> is less than -2 then an error will occur if there is more than

+one B<ASN1_TYPE> object in the found signed attribute.

+Refer to L<X509_ATTRIBUTE(3)> for information related to attributes.

+=head1 RETURN VALUES

+The CMS_unsigned_XXX() functions return values are similar to those of the

+equivalent CMS_signed_XXX() functions.

+CMS_signed_get_attr_count() returns the number of signed attributes in the

+SignerInfo I<si>, or -1 if the signed attribute list is NULL.

+CMS_signed_get_attr_by_OBJ() returns -1 if either the signed attribute list of

+I<si> is empty OR if I<obj> is not found, otherwise it returns the location of

+the I<obj> in the SignerInfo's I<si> signed attribute list.

+CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except

+that it returns -2 if the I<nid> is not known by OpenSSL.

+CMS_signed_get_attr() returns either a signed B<X509_ATTRIBUTE> or NULL on error.

+CMS_signed_delete_attr() returns either the removed signed B<X509_ATTRIBUTE> or

+NULL if there is a error.

+CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(),

+CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt(),

+return 1 on success or 0 on error.

+CMS_signed_get0_data_by_OBJ() returns the data retrieved from the found

+signed attributes first B<ASN1_TYPE> object, or NULL if an error occurs.

+=head1 NOTES

+Some attributes are added automatically during the signing process.

+Calling CMS_SignerInfo_sign() adds the NID_pkcs9_signingTime signed

+attribute.

+Calling CMS_final(), CMS_final_digest() or CMS_dataFinal() adds the

+NID_pkcs9_messageDigest signed attribute.

+The NID_pkcs9_contentType signed attribute is always added if the

+NID_pkcs9_signingTime attribute is added.

+Calling CMS_sign_ex(), CMS_sign_receipt() or CMS_add1_signer() may add

+attributes depending on the flags parameter. See L<CMS_add1_signer(3)> for

+more information.

+OpenSSL applies special rules for the following attribute NIDs:

+=over 4

+=item CMS Signed Attributes

+NID_pkcs9_contentType

+NID_pkcs9_messageDigest

+NID_pkcs9_signingTime

+=item ESS Signed Attributes

+NID_id_smime_aa_signingCertificate

+NID_id_smime_aa_signingCertificateV2

+NID_id_smime_aa_receiptRequest

+=item CMS Unsigned Attributes

+NID_pkcs9_countersignature

+=back

+CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(),

+CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt()

+and the equivalent CMS_unsigned_add1_attrXXX() functions allow

+duplicate attributes to be added. The attribute rules are not checked

+during these function calls, and are deferred until the sign or verify process

+(i.e. during calls to any of CMS_sign_ex(), CMS_sign(), CMS_sign_receipt(),

+CMS_add1_signer(), CMS_Final(), CMS_dataFinal(), CMS_final_digest(),

+CMS_verify(), CMS_verify_receipt() or CMS_SignedData_verify()).

+For CMS attribute rules see RFC 5652 Section 11.

+For ESS attribute rules see RFC 2634 Section 1.3.4 and RFC 5035 Section 5.4.

+=head1 SEE ALSO

+L<X509_ATTRIBUTE(3)>

+=head1 COPYRIGHT

+Licensed under the Apache License 2.0 (the "License"). You may not use

+this file except in compliance with the License. You can obtain a copy

+in the file LICENSE in the source distribution or at

+L<https://www.openssl.org/source/license.html>.

+=cut

diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 886cbdfbd3f5..12d7153d0fd4 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod

@@ -359,7 +359,12 @@ exists.

=item EVP_EncryptUpdate()

Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to

-I<out>. This function can be called multiple times to encrypt successive blocks

+I<out>. The pointers I<out> and I<in> may point to the same location, in which

+case the encryption will be done in-place. If I<out> and I<in> point to different

+locations, the two buffers must be disjoint, otherwise the operation might fail

+or the outcome might be undefined.

+This function can be called multiple times to encrypt successive blocks

of data. The amount of data written depends on the block alignment of the

encrypted data.

For most ciphers and modes, the amount of data written can be anything

@@ -368,10 +373,9 @@ For wrap cipher modes, the amount of data written can be anything

from zero bytes to (inl + cipher_block_size) bytes.

For stream ciphers, the amount of data written can be anything from zero

bytes to inl bytes.

-Thus, I<out> should contain sufficient room for the operation being performed.

-The actual number of bytes written is placed in I<outl>. It also

-checks if I<in> and I<out> are partially overlapping, and if they are

-0 is returned to indicate failure.

+Thus, the buffer pointed to by I<out> must contain sufficient room for the

+operation being performed.

+The actual number of bytes written is placed in I<outl>.

If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts

the "final" data, that is any data that remains in a partial block.

diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 56ac92a48672..d1281dfcbd03 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod

@@ -145,6 +145,9 @@ the key. If I<key> is NULL, the key must be set via I<params> either

as part of this call or separately using EVP_MAC_CTX_set_params().

Providing non-NULL I<params> to this function is equivalent to calling

EVP_MAC_CTX_set_params() with those I<params> for the same I<ctx> beforehand.

+Note: There are additional requirements for some MAC algorithms during

+re-initalization (i.e. calling EVP_MAC_init() on an EVP_MAC after EVP_MAC_final()

+has been called on the same object). See the NOTES section below.

EVP_MAC_init() should be called before EVP_MAC_update() and EVP_MAC_final().

@@ -342,6 +345,13 @@ not be considered a breaking change to the API.

The usage of the parameter names "custom", "iv" and "salt" correspond to

the names used in the standard where the algorithm was defined.

+Some MAC algorithms store internal state that cannot be extracted during

+re-initalization. For example GMAC cannot extract an B<IV> from the

+underlying CIPHER context, and so calling EVP_MAC_init() on an EVP_MAC object

+after EVP_MAC_final() has been called cannot reset its cipher state to what it

+was when the B<IV> was initially generated. For such instances, an

+B<OSSL_MAC_PARAM_IV> parameter must be passed with each call to EVP_MAC_init().

=head1 RETURN VALUES

EVP_MAC_fetch() returns a pointer to a newly fetched B<EVP_MAC>, or

@@ -481,7 +491,7 @@ These functions were added in OpenSSL 3.0.

=head1 COPYRIGHT

Licensed under the Apache License 2.0 (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/EVP_PKEY_get_attr.pod b/doc/man3/EVP_PKEY_get_attr.pod
new file mode 100644
index 000000000000..30477b874801
--- /dev/null
+++ b/doc/man3/EVP_PKEY_get_attr.pod

@@ -0,0 +1,113 @@

+=pod

+=head1 NAME

+EVP_PKEY_get_attr,

+EVP_PKEY_get_attr_count,

+EVP_PKEY_get_attr_by_NID, EVP_PKEY_get_attr_by_OBJ,

+EVP_PKEY_delete_attr,

+EVP_PKEY_add1_attr,

+EVP_PKEY_add1_attr_by_OBJ, EVP_PKEY_add1_attr_by_NID, EVP_PKEY_add1_attr_by_txt

+- EVP_PKEY B<X509_ATTRIBUTE> functions

+=head1 SYNOPSIS

+ #include <openssl/x509.h>

+ int EVP_PKEY_get_attr_count(const EVP_PKEY *key);

+ int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);

+ int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,

+ int lastpos);

+ X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);

+ X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);

+ int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);

+ int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,

+ const ASN1_OBJECT *obj, int type,

+ const unsigned char *bytes, int len);

+ int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,

+ int nid, int type,

+ const unsigned char *bytes, int len);

+ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,

+ const char *attrname, int type,

+ const unsigned char *bytes, int len);

+=head1 DESCRIPTION

+These functions are used by B<PKCS12>.

+EVP_PKEY_get_attr_by_OBJ() finds the location of the first matching object I<obj>

+in the I<key> attribute list. The search starts at the position after I<lastpos>.

+If the returned value is positive then it can be used on the next call to

+EVP_PKEY_get_attr_by_OBJ() as the value of I<lastpos> in order to iterate through

+the remaining attributes. I<lastpos> can be set to any negative value on the

+first call, in order to start searching from the start of the attribute list.

+EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ() except that

+it passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+EVP_PKEY_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the

+I<key> attribute list. I<loc> should be in the range from 0 to

+EVP_PKEY_get_attr_count() - 1.

+EVP_PKEY_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in

+the I<key> attribute list.

+EVP_PKEY_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> object

+to the I<key> attribute list. A new I<key> attribute list is created if required.

+An error occurs if either I<attr> is NULL, or the attribute already exists.

+EVP_PKEY_add1_attr_by_OBJ() creates a new B<X509_ATTRIBUTE> using

+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new

+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it

+to the I<key> object's attribute list. If I<obj> already exists in the attribute

+list then an error occurs.

+EVP_PKEY_add1_attr_by_NID() is similar to EVP_PKEY_add1_attr_by_OBJ() except

+that it passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+EVP_PKEY_add1_attr_by_txt() is similar to EVP_PKEY_add1_attr_by_OBJ() except

+that it passes a name I<attrname> associated with the object.

+See <openssl/obj_mac.h> for a list of SN_* names.

+=head1 RETURN VALUES

+EVP_PKEY_get_attr_count() returns the number of attributes in the I<key> object

+attribute list or -1 if the attribute list is NULL.

+EVP_PKEY_get_attr_by_OBJ() returns -1 if either the list is empty OR the object

+is not found, otherwise it returns the location of the object in the list.

+EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ(), except that

+it returns -2 if the I<nid> is not known by OpenSSL.

+EVP_PKEY_get_attr() returns either a B<X509_ATTRIBUTE> or NULL if there is a

+error.

+EVP_PKEY_delete_attr() returns either the removed B<X509_ATTRIBUTE> or NULL if

+there is a error.

+EVP_PKEY_add1_attr(), EVP_PKEY_add1_attr_by_OBJ(), EVP_PKEY_add1_attr_by_NID()

+and EVP_PKEY_add1_attr_by_txt() return 1 on success or 0 otherwise.

+=head1 NOTES

+A B<EVP_PKEY> object's attribute list is initially NULL. All the above functions

+listed will return an error unless EVP_PKEY_add1_attr() is called.

+All functions listed assume that the I<key> is not NULL.

+=head1 SEE ALSO

+L<X509_ATTRIBUTE(3)>

+=head1 COPYRIGHT

+Licensed under the Apache License 2.0 (the "License"). You may not use

+this file except in compliance with the License. You can obtain a copy

+in the file LICENSE in the source distribution or at

+L<https://www.openssl.org/source/license.html>.

+=cut

diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod
index d3bb272c4a94..688ef0edcb91 100644
--- a/doc/man3/OPENSSL_LH_COMPFUNC.pod
+++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod

@@ -8,10 +8,12 @@ LHASH_DOALL_ARG_FN_TYPE,

IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN,

lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush,

lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,

-lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error,

+lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_num_items, lh_TYPE_get_down_load,

+lh_TYPE_set_down_load, lh_TYPE_error,

OPENSSL_LH_new, OPENSSL_LH_free, OPENSSL_LH_flush,

OPENSSL_LH_insert, OPENSSL_LH_delete, OPENSSL_LH_retrieve,

-OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error

+OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_num_items,

+OPENSSL_LH_get_down_load, OPENSSL_LH_set_down_load, OPENSSL_LH_error

- dynamic hash table

=head1 SYNOPSIS

@@ -34,6 +36,10 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error

void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,

TYPE *arg);

+ unsigned long lh_TYPE_num_items(OPENSSL_LHASH *lh);

+ unsigned long lh_TYPE_get_down_load(OPENSSL_LHASH *lh);

+ void lh_TYPE_set_down_load(OPENSSL_LHASH *lh, unsigned long dl);

int lh_TYPE_error(LHASH_OF(TYPE) *table);

typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);

@@ -52,8 +58,14 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error

void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);

void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);

+ unsigned long OPENSSL_LH_num_items(OPENSSL_LHASH *lh);

+ unsigned long OPENSSL_LH_get_down_load(OPENSSL_LHASH *lh);

+ void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long dl);

int OPENSSL_LH_error(OPENSSL_LHASH *lh);

+ #define LH_LOAD_MULT /* integer constant */

=head1 DESCRIPTION

This library implements type-checked dynamic hash tables. The hash

@@ -145,15 +157,6 @@ For example:

/* Then the hash table itself can be deallocated */

lh_TYPE_free(hashtable);

-When doing this, be careful if you delete entries from the hash table

-in your callbacks: the table may decrease in size, moving the item

-that you are currently on down lower in the hash table - this could

-cause some entries to be skipped during the iteration. The second

-best solution to this problem is to set hash-E<gt>down_load=0 before

-you start (which will stop the hash table ever decreasing in size).

-The best solution is probably to avoid deleting items from the hash

-table inside a "doall" callback!

B<lh_I<TYPE>_doall_arg>() is the same as B<lh_I<TYPE>_doall>() except that

I<func> will be called with I<arg> as the second argument and I<func>

should be of type B<LHASH_DOALL_ARG_FN>(B<I<TYPE>>) (a callback prototype

@@ -175,21 +178,47 @@ that is provided by the caller):

lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,

logging_bio);

+Note that it is by default B<not> safe to use B<lh_I<TYPE>_delete>() inside a

+callback passed to B<lh_I<TYPE>_doall>() or B<lh_I<TYPE>_doall_arg>(). The

+reason for this is that deleting an item from the hash table may result in the

+hash table being contracted to a smaller size and rehashed.

+B<lh_I<TYPE>_doall>() and B<lh_I<TYPE>_doall_arg>() are unsafe and will exhibit

+undefined behaviour under these conditions, as these functions assume the hash

+table size and bucket pointers do not change during the call.

+If it is desired to use B<lh_I<TYPE>_doall>() or B<lh_I<TYPE>_doall_arg>() with

+B<lh_I<TYPE>_delete>(), it is essential that you call

+B<lh_I<TYPE>_set_down_load>() with a I<down_load> argument of 0 first. This

+disables hash table contraction and guarantees that it will be safe to delete

+items from a hash table during a call to B<lh_I<TYPE>_doall>() or

+B<lh_I<TYPE>_doall_arg>().

+It is never safe to call B<lh_I<TYPE>_insert>() during a call to

+B<lh_I<TYPE>_doall>() or B<lh_I<TYPE>_doall_arg>().

B<lh_I<TYPE>_error>() can be used to determine if an error occurred in the last

operation.

+B<lh_I<TYPE>_num_items>() returns the number of items in the hash table.

+B<lh_I<TYPE>_get_down_load>() and B<lh_I<TYPE>_set_down_load>() get and set the

+factor used to determine when the hash table is contracted. The factor is the

+load factor at or below which hash table contraction will occur, multiplied by

+B<LH_LOAD_MULT>, where the load factor is the number of items divided by the

+number of nodes. Setting this value to 0 disables hash table contraction.

OPENSSL_LH_new() is the same as the B<lh_I<TYPE>_new>() except that it is not

type specific. So instead of returning an B<LHASH_OF(I<TYPE>)> value it returns

a B<void *>. In the same way the functions OPENSSL_LH_free(),

OPENSSL_LH_flush(), OPENSSL_LH_insert(), OPENSSL_LH_delete(),

-OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(), and

-OPENSSL_LH_error() are equivalent to the similarly named B<lh_I<TYPE>> functions

-except that they return or use a B<void *> where the equivalent B<lh_I<TYPE>>

-function returns or uses a B<I<TYPE> *> or B<LHASH_OF(I<TYPE>) *>. B<lh_I<TYPE>>

-functions are implemented as type checked wrappers around the B<OPENSSL_LH>

-functions. Most applications should not call the B<OPENSSL_LH> functions

-directly.

+OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(),

+OPENSSL_LH_num_items(), OPENSSL_LH_get_down_load(), OPENSSL_LH_set_down_load()

+and OPENSSL_LH_error() are equivalent to the similarly named B<lh_I<TYPE>>

+functions except that they return or use a B<void *> where the equivalent

+B<lh_I<TYPE>> function returns or uses a B<I<TYPE> *> or B<LHASH_OF(I<TYPE>) *>.

+B<lh_I<TYPE>> functions are implemented as type checked wrappers around the

+B<OPENSSL_LH> functions. Most applications should not call the B<OPENSSL_LH>

+functions directly.

=head1 RETURN VALUES

diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod
index d357818ff14b..105fe3241f87 100644
--- a/doc/man3/OSSL_PARAM_int.pod
+++ b/doc/man3/OSSL_PARAM_int.pod

@@ -112,7 +112,7 @@ OSSL_PARAM_UNMODIFIED, OSSL_PARAM_modified, OSSL_PARAM_set_all_unmodified

A collection of utility functions that simplify and add type safety to the

L<OSSL_PARAM(3)> arrays. The following B<I<TYPE>> names are supported:

-=over 1

+=over 2

=item *

diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod
index 92e588062a36..7048f1318576 100644
--- a/doc/man3/PKCS12_create.pod
+++ b/doc/man3/PKCS12_create.pod

@@ -57,9 +57,15 @@ export grade software which could use signing only keys of arbitrary size but

had restrictions on the permissible sizes of keys which could be used for

encryption.

-If a certificate contains an I<alias> or I<keyid> then this will be

-used for the corresponding B<friendlyName> or B<localKeyID> in the

-PKCS12 structure.

+If I<name> is B<NULL> and I<cert> contains an I<alias> then this will be

+used for the corresponding B<friendlyName> in the PKCS12 structure instead.

+Similarly, if I<pkey> is NULL and I<cert> contains a I<keyid> then this will be

+used for the corresponding B<localKeyID> in the PKCS12 structure instead of the

+id calculated from the I<pkey>.

+For all certificates in I<ca> then if a certificate contains an I<alias> or

+I<keyid> then this will be used for the corresponding B<friendlyName> or

+B<localKeyID> in the PKCS12 structure.

Either I<pkey>, I<cert> or both can be B<NULL> to indicate that no key or

certificate is required. In previous versions both had to be present or

@@ -101,7 +107,7 @@ standards.

=head1 COPYRIGHT

Licensed under the Apache License 2.0 (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index 5d178bb8e4de..f289383c7815 100644
--- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod

@@ -42,8 +42,8 @@ ticket construction state according to RFC5077 Section 4 such that per session

state is unnecessary and a small set of cryptographic variables needs to be

maintained by the callback function implementation.

-In order to reuse a session, a TLS client must send the a session ticket

-extension to the server. The client can only send exactly one session ticket.

+In order to reuse a session, a TLS client must send the session ticket

+extension to the server. The client must send exactly one session ticket.

The server, through the callback function, either agrees to reuse the session

ticket information or it starts a full TLS handshake to create a new session

ticket.

diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
index 0c6694d4c6a7..4799ada6844b 100644
--- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod

@@ -55,7 +55,7 @@ As generating DH parameters is extremely time consuming, an application

should not generate the parameters on the fly. DH parameters can be reused, as

the actual key is newly generated during the negotiation.

-Typically applications should use well know DH parameters that have built-in

+Typically applications should use well known DH parameters that have built-in

support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto()

configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX>

and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter

diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod
index a90b22d98474..e5a507217ed4 100644
--- a/doc/man3/SSL_get_error.pod
+++ b/doc/man3/SSL_get_error.pod

@@ -32,7 +32,9 @@ Some TLS implementations do not send a close_notify alert on shutdown.

On an unexpected EOF, versions before OpenSSL 3.0 returned

B<SSL_ERROR_SYSCALL>, nothing was added to the error stack, and errno was 0.

Since OpenSSL 3.0 the returned error is B<SSL_ERROR_SSL> with a meaningful

-error on the error stack.

+error on the error stack (SSL_R_UNEXPECTED_EOF_WHILE_READING). This error reason

+code may be used for control flow decisions (see the man page for

+L<ERR_GET_REASON(3)> for further details on this).

=head1 RETURN VALUES

@@ -180,7 +182,7 @@ The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.

=head1 COPYRIGHT

Licensed under the Apache License 2.0 (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/SSL_get_peer_certificate.pod b/doc/man3/SSL_get_peer_certificate.pod
index b695edc689fa..1897a43ebe7a 100644
--- a/doc/man3/SSL_get_peer_certificate.pod
+++ b/doc/man3/SSL_get_peer_certificate.pod

@@ -10,10 +10,15 @@ SSL_get1_peer_certificate - get the X509 certificate of the peer

#include <openssl/ssl.h>

- X509 *SSL_get_peer_certificate(const SSL *ssl);

X509 *SSL_get0_peer_certificate(const SSL *ssl);

X509 *SSL_get1_peer_certificate(const SSL *ssl);

+The following function has been deprecated since OpenSSL 3.0,

+and can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable

+version value, see L<openssl_user_macros(7)>:

+ X509 *SSL_get_peer_certificate(const SSL *ssl);

=head1 DESCRIPTION

These functions return a pointer to the X509 certificate the

@@ -69,7 +74,7 @@ SSL_get_peer_certificate() was deprecated in 3.0.0.

=head1 COPYRIGHT

Licensed under the Apache License 2.0 (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/X509_ATTRIBUTE.pod b/doc/man3/X509_ATTRIBUTE.pod
new file mode 100644
index 000000000000..f2f7597d0bf8
--- /dev/null
+++ b/doc/man3/X509_ATTRIBUTE.pod

@@ -0,0 +1,263 @@

+=pod

+=head1 NAME

+X509_ATTRIBUTE, X509at_get_attr,

+X509at_get_attr_count, X509at_get_attr_by_NID, X509at_get_attr_by_OBJ,

+X509at_delete_attr,

+X509at_add1_attr,

+X509at_add1_attr_by_OBJ, X509at_add1_attr_by_NID, X509at_add1_attr_by_txt,

+X509at_get0_data_by_OBJ,

+X509_ATTRIBUTE_create, X509_ATTRIBUTE_create_by_NID,

+X509_ATTRIBUTE_create_by_OBJ, X509_ATTRIBUTE_create_by_txt,

+X509_ATTRIBUTE_set1_object, X509_ATTRIBUTE_set1_data,

+X509_ATTRIBUTE_count,

+X509_ATTRIBUTE_get0_data, X509_ATTRIBUTE_get0_object, X509_ATTRIBUTE_get0_type

+- X509 attribute functions

+=head1 SYNOPSIS

+ #include <openssl/x509.h>

+ typedef struct x509_attributes_st X509_ATTRIBUTE;

+ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);

+ int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,

+ int lastpos);

+ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,

+ const ASN1_OBJECT *obj, int lastpos);

+ X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);

+ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);

+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,

+ X509_ATTRIBUTE *attr);

+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)

+ **x, const ASN1_OBJECT *obj,

+ int type,

+ const unsigned char *bytes,

+ int len);

+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)

+ **x, int nid, int type,

+ const unsigned char *bytes,

+ int len);

+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)

+ **x, const char *attrname,

+ int type,

+ const unsigned char *bytes,

+ int len);

+ void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,

+ const ASN1_OBJECT *obj, int lastpos, int type);

+ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);

+ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,

+ int atrtype, const void *data,

+ int len);

+ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,

+ const ASN1_OBJECT *obj,

+ int atrtype, const void *data,

+ int len);

+ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,

+ const char *atrname, int type,

+ const unsigned char *bytes,

+ int len);

+ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);

+ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,

+ const void *data, int len);

+ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,

+ void *data);

+ int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);

+ ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);

+ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);

+=head1 DESCRIPTION

+B<X509_ATTRIBUTE> objects are used by many standards including X509, X509_REQ,

+PKCS12, PKCS8, PKCS7 and CMS.

+The B<X509_ATTRIBUTE> object is used to represent the ASN.1 Attribute as defined

+in RFC 5280, i.e.

+ Attribute ::= SEQUENCE {

+ type AttributeType,

+ values SET OF AttributeValue }

+ AttributeType ::= OBJECT IDENTIFIER

+ AttributeValue ::= ANY -- DEFINED BY AttributeType

+For example CMS defines the signing-time attribute as:

+ id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)

+ us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }

+ SigningTime ::= Time

+ Time ::= CHOICE {

+ utcTime UTCTime,

+ generalizedTime GeneralizedTime }

+In OpenSSL B<AttributeType> maps to an B<ASN1_OBJECT> object

+and B<AttributeValue> maps to a list of B<ASN1_TYPE> objects.

+The following functions are used for B<X509_ATTRIBUTE> objects.

+X509at_get_attr_by_OBJ() finds the location of the first matching object I<obj>

+in a list of attributes I<sk>. The search starts at the position after I<lastpos>.

+If the returned value is positive then it can be used on the next call to

+X509at_get_attr_by_OBJ() as the value of I<lastpos> in order to iterate through

+the remaining attributes. I<lastpos> can be set to any negative value on the

+first call, in order to start searching from the start of the list.

+X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ() except that it

+passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+X509at_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the

+list of attributes I<x>. I<loc> should be in the range from 0 to

+X509at_get_attr_count() - 1.

+X509at_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in

+the list of attributes I<x>.

+X509at_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> object

+to the list I<x>.

+Both I<x> and I<attr> must be non NULL or an error will occur.

+If I<*x> is NULL then a new list is created, otherwise it uses the

+passed in list. An error will occur if an existing attribute (with the same

+attribute type) already exists in the attribute list.

+X509at_add1_attr_by_OBJ() creates a new B<X509_ATTRIBUTE> using

+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new

+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it

+to the attribute list I<x>. Both I<x> and I<attr> must be non NULL or an error

+will occur. If I<*x> is NULL then a new attribute list is created. If I<obj>

+already exists in the attribute list then an error occurs.

+X509at_add1_attr_by_NID() is similar to X509at_add1_attr_by_OBJ() except that it

+passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+X509at_add1_attr_by_txt() is similar to X509at_add1_attr_by_OBJ() except that it

+passes a name I<attrname> associated with the object.

+See <openssl/obj_mac.h> for a list of SN_* names.

+X509_ATTRIBUTE_set1_object() assigns a B<ASN1_OBJECT> I<obj>

+to the attribute I<attr>. If I<attr> contained an existing B<ASN1_OBJECT> then

+it is freed. An error occurs if either I<attr> or I<obj> are NULL, or if

+the passed in I<obj> cannot be duplicated.

+X509_ATTRIBUTE_set1_data() pushes a new B<ASN1_TYPE> object onto the I<attr>

+attributes list. The new object is assigned a copy of the data in I<data> of

+size I<len>.

+If I<attrtype> has flag I<MBSTRING_FLAG> set then a table lookup using the

+I<attr> attributes NID is used to set an B<ASN1_STRING> using

+ASN1_STRING_set_by_NID(), and the passed in I<data> must be in the format

+required for that object type or an error will occur.

+If I<len> is not -1 then internally ASN1_STRING_type_new() is

+used with the passed in I<attrtype>.

+If I<attrtype> is 0 the call does nothing except return 1.

+X509_ATTRIBUTE_create() creates a new B<X509_ATTRIBUTE> using the I<nid>

+to set the B<ASN1_OBJECT> OID and the I<atrtype> and I<value> to set the

+B<ASN1_TYPE>.

+X509_ATTRIBUTE_create_by_OBJ() uses X509_ATTRIBUTE_set1_object() and

+X509_ATTRIBUTE_set1_data() to assign a new I<obj> with type I<atrtype> and

+data I<data> of length I<len>. If the passed in attribute I<attr> OR I<*attr> is

+NULL then a new B<X509_ATTRIBUTE> will be returned, otherwise the passed in

+B<X509_ATTRIBUTE> is used. Note that the ASN1_OBJECT I<obj> is pushed onto the

+attributes existing list of objects, which could be an issue if the attributes

+<ASN1_OBJECT> was different.

+X509_ATTRIBUTE_create_by_NID() is similar to X509_ATTRIBUTE_create_by_OBJ()

+except that it passes the numerical identifier (NID) I<nid> associated with the

+object. See <openssl/obj_mac.h> for a list of NID_*.

+X509_ATTRIBUTE_create_by_txt() is similar to X509_ATTRIBUTE_create_by_OBJ()

+except that it passes a name I<atrname> associated with the

+object. See <openssl/obj_mac.h> for a list of SN_* names.

+X509_ATTRIBUTE_count() returns the number of B<ASN1_TYPE> objects in an

+attribute I<attr>.

+X509_ATTRIBUTE_get0_type() returns the B<ASN1_TYPE> object at index I<idx> in

+the attribute list I<attr>. I<idx> should be in the

+range of 0 to X509_ATTRIBUTE_count() - 1 or an error will occur.

+X509_ATTRIBUTE_get0_data() returns the data of an B<ASN1_TYPE> object at

+index I<idx> in the attribute I<attr>. I<data> is unused and can be set to NULL.

+An error will occur if the attribute type I<atrtype> does not match the type of

+the B<ASN1_TYPE> object at index I<idx> OR if I<atrtype> is either

+B<V_ASN1_BOOLEAN> or B<V_ASN1_NULL> OR if the I<idx> is not in the

+range 0 to X509_ATTRIBUTE_count() - 1.

+X509at_get0_data_by_OBJ() finds the first attribute in an attribute list I<x>

+that matches the I<obj> starting at index I<lastpos> and returns the data

+retrieved from the found attributes first B<ASN1_TYPE> object. An error will

+occur if the attribute type I<type> does not match the type of the B<ASN1_TYPE>

+object OR if I<type> is either B<V_ASN1_BOOLEAN> or B<V_ASN1_NULL> OR the

+attribute is not found.

+If I<lastpos> is less than -1 then an error will occur if there are multiple

+objects in the list I<x> that match I<obj>.

+If I<lastpos> is less than -2 then an error will occur if there is more than

+one B<ASN1_TYPE> object in the found attribute.

+=head1 RETURN VALUES

+X509at_get_attr_count() returns the number of attributes in the list I<x> or -1

+if I<x> is NULL.

+X509at_get_attr_by_OBJ() returns -1 if either the list is empty OR the object

+is not found, otherwise it returns the location of the object in the list.

+X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ(), except that

+it returns -2 if the I<nid> is not known by OpenSSL.

+X509at_get_attr() returns either an B<X509_ATTRIBUTE> or NULL if there is a error.

+X509at_delete_attr() returns either the removed B<X509_ATTRIBUTE> or NULL if

+there is a error.

+X509_ATTRIBUTE_count() returns -1 on error, otherwise it returns the number

+of B<ASN1_TYPE> elements.

+X509_ATTRIBUTE_get0_type() returns NULL on error, otherwise it returns a

+B<ASN1_TYPE> object.

+X509_ATTRIBUTE_get0_data() returns NULL if an error occurs,

+otherwise it returns the data associated with an B<ASN1_TYPE> object.

+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() returns 1 on

+success, or 0 otherwise.

+X509_ATTRIBUTE_create(), X509_ATTRIBUTE_create_by_OBJ(),

+X509_ATTRIBUTE_create_by_NID() and X509_ATTRIBUTE_create_by_txt() return either

+a B<X509_ATTRIBUTE> on success, or NULL if there is a error.

+X509at_add1_attr(), X509at_add1_attr_by_OBJ(), X509at_add1_attr_by_NID() and

+X509at_add1_attr_by_txt() return NULL on error, otherwise they return a list

+of B<X509_ATTRIBUTE>.

+X509at_get0_data_by_OBJ() returns the data retrieved from the found attributes

+first B<ASN1_TYPE> object, or NULL if an error occurs.

+=head1 SEE ALSO

+L<ASN1_TYPE_get(3)>,

+L<ASN1_INTEGER_get(3)>,

+L<ASN1_ENUMERATED_get(3)>,

+L<ASN1_STRING_get0_data(3)>,

+L<ASN1_STRING_length(3)>,

+L<ASN1_STRING_type(3)>,

+L<X509_REQ_get_attr(3)>,

+L<EVP_PKEY_get_attr(3)>,

+L<CMS_signed_get_attr(3)>,

+L<PKCS8_pkey_get0_attrs(3)>,

+=head1 COPYRIGHT

+Licensed under the Apache License 2.0 (the "License"). You may not use

+this file except in compliance with the License. You can obtain a copy

+in the file LICENSE in the source distribution or at

+L<https://www.openssl.org/source/license.html>.

+=cut

diff --git a/doc/man3/X509_REQ_get_attr.pod b/doc/man3/X509_REQ_get_attr.pod
new file mode 100644
index 000000000000..f2217bd53732
--- /dev/null
+++ b/doc/man3/X509_REQ_get_attr.pod

@@ -0,0 +1,111 @@

+=pod

+=head1 NAME

+X509_REQ_get_attr_count,

+X509_REQ_get_attr_by_NID, X509_REQ_get_attr_by_OBJ, X509_REQ_get_attr,

+X509_REQ_delete_attr,

+X509_REQ_add1_attr, X509_REQ_add1_attr_by_OBJ, X509_REQ_add1_attr_by_NID,

+X509_REQ_add1_attr_by_txt

+- B<X509_ATTRIBUTE> support for signed certificate requests

+=head1 SYNOPSIS

+ #include <openssl/x509.h>

+ int X509_REQ_get_attr_count(const X509_REQ *req);

+ int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);

+ int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,

+ int lastpos);

+ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);

+ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);

+ int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);

+ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,

+ const ASN1_OBJECT *obj, int type,

+ const unsigned char *bytes, int len);

+ int X509_REQ_add1_attr_by_NID(X509_REQ *req,

+ int nid, int type,

+ const unsigned char *bytes, int len);

+ int X509_REQ_add1_attr_by_txt(X509_REQ *req,

+ const char *attrname, int type,

+ const unsigned char *bytes, int len);

+=head1 DESCRIPTION

+X509_REQ_get_attr_by_OBJ() finds the location of the first matching object I<obj>

+in the I<req> attribute list. The search starts at the position after I<lastpos>.

+If the returned value is positive then it can be used on the next call to

+X509_REQ_get_attr_by_OBJ() as the value of I<lastpos> in order to iterate through

+the remaining attributes. I<lastpos> can be set to any negative value on the

+first call, in order to start searching from the start of the attribute list.

+X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ() except that

+it passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+X509_REQ_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the

+I<req> attribute list. I<loc> should be in the range from 0 to

+X509_REQ_get_attr_count() - 1.

+X509_REQ_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in

+the I<req> objects list of attributes. An error occurs if I<req> is NULL.

+X509_REQ_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> I<>attr>

+to the I<req> object's attribute list. An error will occur if either the

+attribute list is NULL or the attribute already exists.

+X509_REQ_add1_attr_by_OBJ() creates a new B<X509_ATTRIBUTE> using

+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new

+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it

+to the I<req> object's attribute list. I<req> must be non NULL or an error

+will occur. If I<obj> already exists in the attribute list then an error occurs.

+X509_REQ_add1_attr_by_NID() is similar to X509_REQ_add1_attr_by_OBJ() except

+that it passes the numerical identifier (NID) I<nid> associated with the object.

+See <openssl/obj_mac.h> for a list of NID_*.

+X509_REQ_add1_attr_by_txt() is similar to X509_REQ_add1_attr_by_OBJ() except

+that it passes a name I<attrname> associated with the object.

+See <openssl/obj_mac.h> for a list of SN_* names.

+Refer to L<X509_ATTRIBUTE(3)> for information related to attributes.

+=head1 RETURN VALUES

+X509_REQ_get_attr_count() returns the number of attributes in the I<req> object

+attribute list or -1 if the attribute list is NULL.

+X509_REQ_get_attr_by_OBJ() returns -1 if either the I<req> object's attribute

+list is empty OR I<obj> is not found, otherwise it returns the location of the

+I<obj> in the attribute list.

+X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ(), except that

+it returns -2 if the I<nid> is not known by OpenSSL.

+X509_REQ_get_attr() returns either an B<X509_ATTRIBUTE> or NULL on error.

+X509_REQ_delete_attr() returns either the removed B<X509_ATTRIBUTE> or NULL if

+there is a error.

+X509_REQ_add1_attr(), X509_REQ_add1_attr_by_OBJ(), X509_REQ_add1_attr_by_NID()

+and X509_REQ_add1_attr_by_txt() return 1 on success or 0 on error.

+=head1 NOTES

+Any functions that modify the attributes (add or delete) internally set a flag

+to indicate the ASN.1 encoding has been modified.

+=head1 SEE ALSO

+L<X509_ATTRIBUTE(3)>

+=head1 COPYRIGHT

+Licensed under the Apache License 2.0 (the "License"). You may not use

+this file except in compliance with the License. You can obtain a copy

+in the file LICENSE in the source distribution or at

+L<https://www.openssl.org/source/license.html>.

+=cut

diff --git a/doc/man3/X509_REQ_get_extensions.pod b/doc/man3/X509_REQ_get_extensions.pod
new file mode 100644
index 000000000000..00ab1e3cfb41
--- /dev/null
+++ b/doc/man3/X509_REQ_get_extensions.pod

@@ -0,0 +1,50 @@

+=pod

+=head1 NAME

+X509_REQ_get_extensions,

+X509_REQ_add_extensions, X509_REQ_add_extensions_nid

+- handle X.509 extension attributes of a CSR

+=head1 SYNOPSIS

+ #include <openssl/x509.h>

+ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);

+ int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts);

+ int X509_REQ_add_extensions_nid(X509_REQ *req,

+ const STACK_OF(X509_EXTENSION) *exts, int nid);

+=head1 DESCRIPTION

+X509_REQ_get_extensions() returns the first list of X.509 extensions

+found in the attributes of I<req>.

+The returned list is empty if there are no such extensions in I<req>.

+The caller is responsible for freeing the list obtained.

+X509_REQ_add_extensions() adds to I<req> a list of X.509 extensions I<exts>,

+which must not be NULL, using the default B<NID_ext_req>.

+This function must not be called more than once on the same I<req>.

+X509_REQ_add_extensions_nid() is like X509_REQ_add_extensions()

+except that I<nid> is used to identify the extensions attribute.

+This function must not be called more than once with the same I<req> and I<nid>.

+=head1 RETURN VALUES

+X509_REQ_get_extensions() returns a pointer to B<STACK_OF(X509_EXTENSION)>

+or NULL on error.

+X509_REQ_add_extensions() and X509_REQ_add_extensions_nid()

+return 1 on success, 0 on error.

+=head1 COPYRIGHT

+Licensed under the Apache License 2.0 (the "License"). You may not use

+this file except in compliance with the License. You can obtain a copy

+in the file LICENSE in the source distribution or at

+L<https://www.openssl.org/source/license.html>.

+=cut

diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 1c9e4b95bc7b..849364e2aae7 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod

@@ -356,6 +356,15 @@ algorithms from providers. This created object can then be used when loading

binary data using B<d2i_I<TYPE>>().

B<I<TYPE>_dup>() copies an existing object, leaving it untouched.

+Note, however, that the internal representation of the object

+may contain (besides the ASN.1 structure) further data, which is not copied.

+For instance, an B<X509> object usually is augmented by cached information

+on X.509v3 extensions, etc., and losing it can lead to wrong validation results.

+To avoid such situations, better use B<I<TYPE>_up_ref>() if available.

+For the case of B<X509> objects, an alternative to using L<X509_up_ref(3)>

+may be to still call B<I<TYPE>_dup>(), e.g., I<copied_cert = X509_dup(cert)>,

+followed by I<X509_check_purpose(copied_cert, -1, 0)>,

+which re-builds the cached data.

B<I<TYPE>_free>() releases the object and all pointers and sub-objects

within it.

@@ -373,6 +382,10 @@ the object or NULL on failure.

B<I<TYPE>_print_ctx>() returns 1 on success or zero on failure.

+=head1 SEE ALSO

+L<X509_up_ref(3)>

=head1 HISTORY

The functions X509_REQ_new_ex(), X509_CRL_new_ex(), PKCS7_new_ex() and

@@ -383,7 +396,7 @@ deprecated in 3.0.

=head1 COPYRIGHT

Licensed under the Apache License 2.0 (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy