CERTIFICATEPOLICIES_new,
CMS_ContentInfo_free,
CMS_ContentInfo_new,
+CMS_ContentInfo_new_ex,
CMS_ContentInfo_print_ctx,
+CMS_EnvelopedData_it,
CMS_ReceiptRequest_free,
CMS_ReceiptRequest_new,
+CMS_SignedData_free,
+CMS_SignedData_new,
CRL_DIST_POINTS_free,
CRL_DIST_POINTS_new,
DIRECTORYSTRING_free,
DISPLAYTEXT_new,
DIST_POINT_NAME_free,
DIST_POINT_NAME_new,
+DIST_POINT_NAME_dup,
DIST_POINT_free,
DIST_POINT_new,
DSAparams_dup,
ESS_CERT_ID_dup,
ESS_CERT_ID_free,
ESS_CERT_ID_new,
+ESS_CERT_ID_V2_dup,
+ESS_CERT_ID_V2_free,
+ESS_CERT_ID_V2_new,
ESS_ISSUER_SERIAL_dup,
ESS_ISSUER_SERIAL_free,
ESS_ISSUER_SERIAL_new,
ESS_SIGNING_CERT_dup,
ESS_SIGNING_CERT_free,
+ESS_SIGNING_CERT_it,
ESS_SIGNING_CERT_new,
+ESS_SIGNING_CERT_V2_dup,
+ESS_SIGNING_CERT_V2_free,
+ESS_SIGNING_CERT_V2_it,
+ESS_SIGNING_CERT_V2_new,
EXTENDED_KEY_USAGE_free,
EXTENDED_KEY_USAGE_new,
GENERAL_NAMES_free,
GENERAL_NAME_new,
GENERAL_SUBTREE_free,
GENERAL_SUBTREE_new,
+OSSL_IETF_ATTR_SYNTAX_free,
+OSSL_IETF_ATTR_SYNTAX_it,
+OSSL_IETF_ATTR_SYNTAX_new,
IPAddressChoice_free,
IPAddressChoice_new,
IPAddressFamily_free,
IPAddressOrRange_new,
IPAddressRange_free,
IPAddressRange_new,
+ISSUER_SIGN_TOOL_free,
+ISSUER_SIGN_TOOL_it,
+ISSUER_SIGN_TOOL_new,
ISSUING_DIST_POINT_free,
+ISSUING_DIST_POINT_it,
ISSUING_DIST_POINT_new,
NAME_CONSTRAINTS_free,
NAME_CONSTRAINTS_new,
OCSP_SIGNATURE_new,
OCSP_SINGLERESP_free,
OCSP_SINGLERESP_new,
+OSSL_CMP_CRLSTATUS_free,
+OSSL_CMP_ITAV_dup,
+OSSL_CMP_ITAV_free,
+OSSL_CMP_MSG_dup,
+OSSL_CMP_MSG_it,
+OSSL_CMP_MSG_free,
+OSSL_CMP_PKIHEADER_free,
+OSSL_CMP_PKIHEADER_it,
+OSSL_CMP_PKIHEADER_new,
+OSSL_CMP_PKISI_dup,
+OSSL_CMP_PKISI_free,
+OSSL_CMP_PKISI_it,
+OSSL_CMP_PKISI_new,
+OSSL_CMP_PKISTATUS_it,
+OSSL_CRMF_CERTID_dup,
+OSSL_CRMF_CERTID_free,
+OSSL_CRMF_CERTID_it,
+OSSL_CRMF_CERTID_new,
+OSSL_CRMF_CERTTEMPLATE_free,
+OSSL_CRMF_CERTTEMPLATE_it,
+OSSL_CRMF_CERTTEMPLATE_new,
+OSSL_CRMF_ENCRYPTEDVALUE_free,
+OSSL_CRMF_ENCRYPTEDVALUE_it,
+OSSL_CRMF_ENCRYPTEDVALUE_new,
+OSSL_CRMF_MSGS_free,
+OSSL_CRMF_MSGS_it,
+OSSL_CRMF_MSGS_new,
+OSSL_CRMF_MSG_dup,
+OSSL_CRMF_MSG_free,
+OSSL_CRMF_MSG_it,
+OSSL_CRMF_MSG_new,
+OSSL_CRMF_PBMPARAMETER_free,
+OSSL_CRMF_PBMPARAMETER_it,
+OSSL_CRMF_PBMPARAMETER_new,
+OSSL_CRMF_PKIPUBLICATIONINFO_free,
+OSSL_CRMF_PKIPUBLICATIONINFO_it,
+OSSL_CRMF_PKIPUBLICATIONINFO_new,
+OSSL_CRMF_SINGLEPUBINFO_free,
+OSSL_CRMF_SINGLEPUBINFO_it,
+OSSL_CRMF_SINGLEPUBINFO_new,
+OSSL_IETF_ATTR_SYNTAX_VALUE_free,
+OSSL_IETF_ATTR_SYNTAX_VALUE_it,
+OSSL_IETF_ATTR_SYNTAX_VALUE_new,
+OSSL_ISSUER_SERIAL_free,
+OSSL_ISSUER_SERIAL_new,
+OSSL_OBJECT_DIGEST_INFO_free,
+OSSL_OBJECT_DIGEST_INFO_new,
OTHERNAME_free,
OTHERNAME_new,
PBE2PARAM_free,
PKCS7_SIGN_ENVELOPE_new,
PKCS7_dup,
PKCS7_free,
+PKCS7_new_ex,
PKCS7_new,
PKCS7_print_ctx,
PKCS8_PRIV_KEY_INFO_free,
POLICY_CONSTRAINTS_new,
POLICY_MAPPING_free,
POLICY_MAPPING_new,
-PROFESSION_INFO_free,
-PROFESSION_INFO_new,
PROFESSION_INFOS_free,
PROFESSION_INFOS_new,
+PROFESSION_INFO_free,
+PROFESSION_INFO_new,
PROXY_CERT_INFO_EXTENSION_free,
PROXY_CERT_INFO_EXTENSION_new,
PROXY_POLICY_free,
RSA_OAEP_PARAMS_new,
RSA_PSS_PARAMS_free,
RSA_PSS_PARAMS_new,
+RSA_PSS_PARAMS_dup,
SCRYPT_PARAMS_free,
SCRYPT_PARAMS_new,
SXNETID_free,
TS_TST_INFO_new,
USERNOTICE_free,
USERNOTICE_new,
+X509_ACERT_dup,
+X509_ACERT_free,
+X509_ACERT_it,
+X509_ACERT_new,
+X509_ACERT_INFO_free,
+X509_ACERT_INFO_it,
+X509_ACERT_INFO_new,
+X509_ACERT_ISSUER_V2FORM_free,
+X509_ACERT_ISSUER_V2FORM_new,
X509_ALGOR_free,
+X509_ALGOR_it,
X509_ALGOR_new,
X509_ATTRIBUTE_dup,
X509_ATTRIBUTE_free,
X509_CRL_INFO_new,
X509_CRL_dup,
X509_CRL_free,
+X509_CRL_new_ex,
X509_CRL_new,
X509_EXTENSION_dup,
X509_EXTENSION_free,
X509_REQ_dup,
X509_REQ_free,
X509_REQ_new,
+X509_REQ_new_ex,
X509_REVOKED_dup,
X509_REVOKED_free,
X509_REVOKED_new,
=head1 SYNOPSIS
-=for comment generic
+=for openssl generic
#include <openssl/asn1t.h>
extern const ASN1_ITEM TYPE_it;
TYPE *TYPE_new(void);
- TYPE *TYPE_dup(TYPE *a);
+ TYPE *TYPE_dup(const TYPE *a);
void TYPE_free(TYPE *a);
int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
+The following functions have been deprecated since OpenSSL 3.0, and can be
+hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
+see L<openssl_user_macros(7)>:
+
+ DSA *DSAparams_dup(const DSA *dsa);
+ RSA *RSAPrivateKey_dup(const RSA *rsa);
+ RSA *RSAPublicKey_dup(const RSA *rsa);
+
=head1 DESCRIPTION
-In the description below, I<TYPE> is used
-as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
+In the description below, B<I<TYPE>> is used
+as a placeholder for any of the OpenSSL datatypes, such as B<X509>.
The OpenSSL ASN1 parsing library templates are like a data-driven bytecode
interpreter.
to generate the function bodies.
-TYPE_new() allocates an empty object of the indicated type.
-The object returned must be released by calling TYPE_free().
+B<I<TYPE>_new>() allocates an empty object of the indicated type.
+The object returned must be released by calling B<I<TYPE>_free>().
-TYPE_dup() copies an existing object.
+B<I<TYPE>_new_ex>() is similar to B<I<TYPE>_new>() but also passes the
+library context I<libctx> and the property query I<propq> to use when retrieving
+algorithms from providers. This created object can then be used when loading
+binary data using B<d2i_I<TYPE>>().
-TYPE_free() releases the object and all pointers and sub-objects
+B<I<TYPE>_dup>() copies an existing object, leaving it untouched.
+Note, however, that the internal representation of the object
+may contain (besides the ASN.1 structure) further data, which is not copied.
+For instance, an B<X509> object usually is augmented by cached information
+on X.509v3 extensions, etc., and losing it can lead to wrong validation results.
+To avoid such situations, better use B<I<TYPE>_up_ref>() if available.
+For the case of B<X509> objects, an alternative to using L<X509_up_ref(3)>
+may be to still call B<I<TYPE>_dup>(), e.g., I<copied_cert = X509_dup(cert)>,
+followed by I<X509_check_purpose(copied_cert, -1, 0)>,
+which re-builds the cached data.
+
+B<I<TYPE>_free>() releases the object and all pointers and sub-objects
within it.
-TYPE_print_ctx() prints the object B<a> on the specified BIO B<out>.
-Each line will be prefixed with B<indent> spaces.
-The B<pctx> specifies the printing context and is for internal
+B<I<TYPE>_print_ctx>() prints the object I<a> on the specified BIO I<out>.
+Each line will be prefixed with I<indent> spaces.
+The I<pctx> specifies the printing context and is for internal
use; use NULL to get the default behavior. If a print function is
-user-defined, then pass in any B<pctx> down to any nested calls.
+user-defined, then pass in any I<pctx> down to any nested calls.
=head1 RETURN VALUES
-TYPE_new() and TYPE_dup() return a pointer to the object or NULL on failure.
+B<I<TYPE>_new>(), B<I<TYPE>_new_ex>() and B<I<TYPE>_dup>() return a pointer to
+the object or NULL on failure.
+
+B<I<TYPE>_print_ctx>() returns 1 on success or zero on failure.
+
+=head1 SEE ALSO
+
+L<X509_up_ref(3)>
+
+=head1 HISTORY
+
+The functions X509_REQ_new_ex(), X509_CRL_new_ex(), PKCS7_new_ex() and
+CMS_ContentInfo_new_ex() were added in OpenSSL 3.0.
-TYPE_print_ctx() returns 1 on success or zero on failure.
+The functions DSAparams_dup(), RSAPrivateKey_dup() and RSAPublicKey_dup() were
+deprecated in 3.0.
=head1 COPYRIGHT
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.