2 files changed, 189 insertions, 1 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index e715e8bf2d..a29fb912ec 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.94 2016/12/23 17:41:29 schwarze Exp $
+# $OpenBSD: Makefile,v 1.95 2016/12/23 18:50:23 schwarze Exp $
 .include <bsd.own.mk>
@@ -158,6 +158,7 @@ MAN=	\
        PKCS7_sign_add_signer.3 \
        PKCS7_verify.3 \
        PKCS8_PRIV_KEY_INFO_new.3 \
+        POLICYINFO_new.3 \
        RAND_add.3 \
        RAND_bytes.3 \
        RAND_load_file.3 \
diff --git a/src/lib/libcrypto/man/POLICYINFO_new.3 b/src/lib/libcrypto/man/POLICYINFO_new.3
new file mode 100644
index 0000000000..a76385fc6b
--- /dev/null
+++ b/src/lib/libcrypto/man/POLICYINFO_new.3
@@ -0,0 +1,187 @@
+.\"     $OpenBSD: POLICYINFO_new.3,v 1.1 2016/12/23 18:50:23 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 23 2016 $
+.Dt POLICYINFO_NEW 3
+.Os
+.Sh NAME
+.Nm POLICYINFO_new ,
+.Nm POLICYINFO_free ,
+.Nm CERTIFICATEPOLICIES_new ,
+.Nm CERTIFICATEPOLICIES_free ,
+.Nm POLICYQUALINFO_new ,
+.Nm POLICYQUALINFO_free ,
+.Nm USERNOTICE_new ,
+.Nm USERNOTICE_free ,
+.Nm NOTICEREF_new ,
+.Nm NOTICEREF_free ,
+.Nm POLICY_MAPPING_new ,
+.Nm POLICY_MAPPING_free ,
+.Nm POLICY_CONSTRAINTS_new ,
+.Nm POLICY_CONSTRAINTS_free
+.Nd X.509 certificate policies
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft POLICYINFO *
+.Fn POLICYINFO_new void
+.Ft void
+.Fn POLICYINFO_free "POLICYINFO *pi"
+.Ft CERTIFICATEPOLICIES *
+.Fn CERTIFICATEPOLICIES_new void
+.Ft void
+.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis"
+.Ft POLICYQUALINFO *
+.Fn POLICYQUALINFO_new void
+.Ft void
+.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi"
+.Ft USERNOTICE *
+.Fn USERNOTICE_new void
+.Ft void
+.Fn USERNOTICE_free "USERNOTICE *usernotice"
+.Ft NOTICEREF *
+.Fn NOTICEREF_new void
+.Ft void
+.Fn NOTICEREF_free "NOTICEREF *noticeref"
+.Ft POLICY_MAPPING *
+.Fn POLICY_MAPPING_new void
+.Ft void
+.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm"
+.Ft POLICY_CONSTRAINTS *
+.Fn POLICY_CONSTRAINTS_new void
+.Ft void
+.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc"
+.Sh DESCRIPTION
+X.509 CA and end entity certificates can optionally indicate
+restrictions on their intended use.
+.Pp
+.Fn POLICYINFO_new
+allocates and initializes an empty
+.Vt POLICYINFO
+object, representing an ASN.1 PolicyInformation structure
+defined in RFC 5280 section 4.2.1.4.
+It can hold a policy identifier and optional advisory qualifiers.
+.Fn POLICYINFO_free
+frees
+.Fa pi .
+.Pp
+.Fn CERTIFICATEPOLICIES_new
+allocates and initializes an empty
+.Vt CERTIFICATEPOLICIES
+object, which is a
+.Vt STACK_OF(POLICYINFO)
+and represents an ASN.1 CertificatePolicies structure
+defined in RFC 5280 section 4.2.1.4.
+It can be used by
+.Vt X509
+objects, both by CA certificates and end entity certificates.
+.Fn CERTIFICATEPOLICIES_free
+frees
+.Fa pis .
+.Pp
+.Fn POLICYQUALINFO_new
+allocates and initializes an empty
+.Vt POLICYQUALINFO
+object, representing an ASN.1 PolicyQualifierInfo structure
+defined in RFC 5280 section 4.2.1.4.
+It can be used in
+.Vt POLICYINFO
+and it can hold either a uniform resource identifier of a certification
+practice statement published by the CA, or a pointer to a
+.Vt USERNOTICE
+object, or arbitrary other information.
+.Fn POLICYQUALINFO_free
+frees
+.Fa pqi .
+.Pp
+.Fn USERNOTICE_new
+allocates and initializes an empty
+.Vt USERNOTICE
+object, representing an ASN.1 UserNotice structure
+defined in RFC 5280 section 4.2.1.4.
+It can be used in
+.Vt POLICYQUALINFO
+and it can hold either an
+.Vt ASN1_STRING
+intended for display to the user or a pointer to a
+.Vt NOTICEREF
+object.
+.Fn NOTICEREF_free
+frees
+.Fa usernotice .
+.Pp
+.Fn NOTICEREF_new
+allocates and initializes an empty
+.Vt NOTICEREF
+object, representing an ASN.1 NoticeReference structure
+defined in RFC 5280 section 4.2.1.4.
+It can be used in
+.Vt USERNOTICE
+and can hold an organization name and a stack of notice numbers.
+.Fn NOTICEREF_free
+frees
+.Fa noticeref .
+.Pp
+.Fn POLICY_MAPPING_new
+allocates and initializes an empty
+.Vt POLICY_MAPPING
+object, representing an ASN.1 PolicyMappings structure
+defined in RFC 5280 section 4.2.1.5.
+It can be used in
+.Vt X509
+CA certificates and can hold a list of pairs of policy identifiers,
+declaring one of the policies in each pair as equivalent to the
+other.
+.Fn POLICY_MAPPING_free
+frees
+.Fa pm .
+.Pp
+.Fn POLICY_CONSTRAINTS_new
+allocates and initializes an empty
+.Vt POLICY_CONSTRAINTS
+object, representing an ASN.1 PolicyConstraints structure
+defined in RFC 5280 section 4.2.1.11.
+It can be used in
+.Vt X509
+CA certificates to restrict policy mapping and/or to require explicit
+certificate policies in subsequent intermediate certificates in the
+certification path.
+.Fn POLICY_CONSTRAINTS_free
+frees
+.Fa pc .
+.Sh RETURN VALUES
+The constructor functions return a new object of the respective
+type or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr BASIC_CONSTRAINTS_new 3 ,
+.Xr NAME_CONSTRAINTS_new 3 ,
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_new 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile:
+.Bl -dash -compact
+.It
+section 4.2.1.4: Certificate Policies
+.It
+section 4.2.1.5: Policy Mappings
+.It
+section 4.2.1.11: Policy Constraints
+.El
+.Sh BUGS
+This is a lot of nested data structures, but most of them are
+designed to have almost no effect.

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index e715e8bf2d..a29fb912ec 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.94 2016/12/23 17:41:29 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.95 2016/12/23 18:50:23 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -158,6 +158,7 @@ MAN= \
158	PKCS7_sign_add_signer.3 \	158	PKCS7_sign_add_signer.3 \
159	PKCS7_verify.3 \	159	PKCS7_verify.3 \
160	PKCS8_PRIV_KEY_INFO_new.3 \	160	PKCS8_PRIV_KEY_INFO_new.3 \
		161	POLICYINFO_new.3 \
161	RAND_add.3 \	162	RAND_add.3 \
162	RAND_bytes.3 \	163	RAND_bytes.3 \
163	RAND_load_file.3 \	164	RAND_load_file.3 \


diff --git a/src/lib/libcrypto/man/POLICYINFO_new.3 b/src/lib/libcrypto/man/POLICYINFO_new.3 new file mode 100644 index 0000000000..a76385fc6b --- /dev/null +++ b/src/lib/libcrypto/man/POLICYINFO_new.3
@@ -0,0 +1,187 @@
		1	.\" $OpenBSD: POLICYINFO_new.3,v 1.1 2016/12/23 18:50:23 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 23 2016 $
		18	.Dt POLICYINFO_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm POLICYINFO_new ,
		22	.Nm POLICYINFO_free ,
		23	.Nm CERTIFICATEPOLICIES_new ,
		24	.Nm CERTIFICATEPOLICIES_free ,
		25	.Nm POLICYQUALINFO_new ,
		26	.Nm POLICYQUALINFO_free ,
		27	.Nm USERNOTICE_new ,
		28	.Nm USERNOTICE_free ,
		29	.Nm NOTICEREF_new ,
		30	.Nm NOTICEREF_free ,
		31	.Nm POLICY_MAPPING_new ,
		32	.Nm POLICY_MAPPING_free ,
		33	.Nm POLICY_CONSTRAINTS_new ,
		34	.Nm POLICY_CONSTRAINTS_free
		35	.Nd X.509 certificate policies
		36	.Sh SYNOPSIS
		37	.In openssl/x509v3.h
		38	.Ft POLICYINFO *
		39	.Fn POLICYINFO_new void
		40	.Ft void
		41	.Fn POLICYINFO_free "POLICYINFO *pi"
		42	.Ft CERTIFICATEPOLICIES *
		43	.Fn CERTIFICATEPOLICIES_new void
		44	.Ft void
		45	.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis"
		46	.Ft POLICYQUALINFO *
		47	.Fn POLICYQUALINFO_new void
		48	.Ft void
		49	.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi"
		50	.Ft USERNOTICE *
		51	.Fn USERNOTICE_new void
		52	.Ft void
		53	.Fn USERNOTICE_free "USERNOTICE *usernotice"
		54	.Ft NOTICEREF *
		55	.Fn NOTICEREF_new void
		56	.Ft void
		57	.Fn NOTICEREF_free "NOTICEREF *noticeref"
		58	.Ft POLICY_MAPPING *
		59	.Fn POLICY_MAPPING_new void
		60	.Ft void
		61	.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm"
		62	.Ft POLICY_CONSTRAINTS *
		63	.Fn POLICY_CONSTRAINTS_new void
		64	.Ft void
		65	.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc"
		66	.Sh DESCRIPTION
		67	X.509 CA and end entity certificates can optionally indicate
		68	restrictions on their intended use.
		69	.Pp
		70	.Fn POLICYINFO_new
		71	allocates and initializes an empty
		72	.Vt POLICYINFO
		73	object, representing an ASN.1 PolicyInformation structure
		74	defined in RFC 5280 section 4.2.1.4.
		75	It can hold a policy identifier and optional advisory qualifiers.
		76	.Fn POLICYINFO_free
		77	frees
		78	.Fa pi .
		79	.Pp
		80	.Fn CERTIFICATEPOLICIES_new
		81	allocates and initializes an empty
		82	.Vt CERTIFICATEPOLICIES
		83	object, which is a
		84	.Vt STACK_OF(POLICYINFO)
		85	and represents an ASN.1 CertificatePolicies structure
		86	defined in RFC 5280 section 4.2.1.4.
		87	It can be used by
		88	.Vt X509
		89	objects, both by CA certificates and end entity certificates.
		90	.Fn CERTIFICATEPOLICIES_free
		91	frees
		92	.Fa pis .
		93	.Pp
		94	.Fn POLICYQUALINFO_new
		95	allocates and initializes an empty
		96	.Vt POLICYQUALINFO
		97	object, representing an ASN.1 PolicyQualifierInfo structure
		98	defined in RFC 5280 section 4.2.1.4.
		99	It can be used in
		100	.Vt POLICYINFO
		101	and it can hold either a uniform resource identifier of a certification
		102	practice statement published by the CA, or a pointer to a
		103	.Vt USERNOTICE
		104	object, or arbitrary other information.
		105	.Fn POLICYQUALINFO_free
		106	frees
		107	.Fa pqi .
		108	.Pp
		109	.Fn USERNOTICE_new
		110	allocates and initializes an empty
		111	.Vt USERNOTICE
		112	object, representing an ASN.1 UserNotice structure
		113	defined in RFC 5280 section 4.2.1.4.
		114	It can be used in
		115	.Vt POLICYQUALINFO
		116	and it can hold either an
		117	.Vt ASN1_STRING
		118	intended for display to the user or a pointer to a
		119	.Vt NOTICEREF
		120	object.
		121	.Fn NOTICEREF_free
		122	frees
		123	.Fa usernotice .
		124	.Pp
		125	.Fn NOTICEREF_new
		126	allocates and initializes an empty
		127	.Vt NOTICEREF
		128	object, representing an ASN.1 NoticeReference structure
		129	defined in RFC 5280 section 4.2.1.4.
		130	It can be used in
		131	.Vt USERNOTICE
		132	and can hold an organization name and a stack of notice numbers.
		133	.Fn NOTICEREF_free
		134	frees
		135	.Fa noticeref .
		136	.Pp
		137	.Fn POLICY_MAPPING_new
		138	allocates and initializes an empty
		139	.Vt POLICY_MAPPING
		140	object, representing an ASN.1 PolicyMappings structure
		141	defined in RFC 5280 section 4.2.1.5.
		142	It can be used in
		143	.Vt X509
		144	CA certificates and can hold a list of pairs of policy identifiers,
		145	declaring one of the policies in each pair as equivalent to the
		146	other.
		147	.Fn POLICY_MAPPING_free
		148	frees
		149	.Fa pm .
		150	.Pp
		151	.Fn POLICY_CONSTRAINTS_new
		152	allocates and initializes an empty
		153	.Vt POLICY_CONSTRAINTS
		154	object, representing an ASN.1 PolicyConstraints structure
		155	defined in RFC 5280 section 4.2.1.11.
		156	It can be used in
		157	.Vt X509
		158	CA certificates to restrict policy mapping and/or to require explicit
		159	certificate policies in subsequent intermediate certificates in the
		160	certification path.
		161	.Fn POLICY_CONSTRAINTS_free
		162	frees
		163	.Fa pc .
		164	.Sh RETURN VALUES
		165	The constructor functions return a new object of the respective
		166	type or
		167	.Dv NULL
		168	if an error occurs.
		169	.Sh SEE ALSO
		170	.Xr BASIC_CONSTRAINTS_new 3 ,
		171	.Xr NAME_CONSTRAINTS_new 3 ,
		172	.Xr X509_EXTENSION_new 3 ,
		173	.Xr X509_new 3
		174	.Sh STANDARDS
		175	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
		176	Certificate Revocation List (CRL) Profile:
		177	.Bl -dash -compact
		178	.It
		179	section 4.2.1.4: Certificate Policies
		180	.It
		181	section 4.2.1.5: Policy Mappings
		182	.It
		183	section 4.2.1.11: Policy Constraints
		184	.El
		185	.Sh BUGS
		186	This is a lot of nested data structures, but most of them are
		187	designed to have almost no effect.