4 files changed, 110 insertions, 6 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 6e8753b379..4a22484ea3 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.210 2021/11/09 16:23:04 schwarze Exp $
+# $OpenBSD: Makefile,v 1.211 2021/11/11 12:06:25 schwarze Exp $
 .include <bsd.own.mk>
@@ -352,6 +352,7 @@ MAN=	\
        X509_new.3 \
        X509_ocspid_print.3 \
        X509_policy_check.3 \
+        X509_policy_tree_get0_policies.3 \
        X509_policy_tree_level_count.3 \
        X509_print_ex.3 \
        X509_sign.3 \
diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3
index e4b3be0d43..5ea774a3ef 100644
--- a/src/lib/libcrypto/man/X509_policy_check.3
+++ b/src/lib/libcrypto/man/X509_policy_check.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_policy_check.3,v 1.5 2021/07/30 15:01:40 schwarze Exp $
+.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 30 2021 $
+.Dd $Mdocdate: November 11 2021 $
 .Dt X509_POLICY_CHECK 3
 .Os
 .Sh NAME
@@ -177,6 +177,7 @@ to 0.
 .Xr X509_check_purpose 3 ,
 .Xr X509_check_trust 3 ,
 .Xr X509_new 3 ,
+.Xr X509_policy_tree_get0_policies 3 ,
 .Xr X509_policy_tree_level_count 3 ,
 .Xr X509_verify_cert 3
 .Sh STANDARDS
diff --git a/src/lib/libcrypto/man/X509_policy_tree_get0_policies.3 b/src/lib/libcrypto/man/X509_policy_tree_get0_policies.3
new file mode 100644
index 0000000000..cb0715d6cb
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_policy_tree_get0_policies.3
@@ -0,0 +1,101 @@
+.\" $OpenBSD: X509_policy_tree_get0_policies.3,v 1.1 2021/11/11 12:06:25 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 11 2021 $
+.Dt X509_POLICY_TREE_GET0_POLICIES 3
+.Os
+.Sh NAME
+.Nm X509_policy_tree_get0_policies ,
+.Nm X509_policy_tree_get0_user_policies
+.Nd retrieve arrays of policy tree nodes
+.Sh SYNOPSIS
+.In openssl/x509_vfy.h
+.Ft STACK_OF(X509_POLICY_NODE) *
+.Fn X509_policy_tree_get0_policies "const X509_POLICY_TREE *tree"
+.Ft STACK_OF(X509_POLICY_NODE) *
+.Fn X509_policy_tree_get0_user_policies "const X509_POLICY_TREE *tree"
+.Sh DESCRIPTION
+The
+.Em authority set
+and the
+.Em user set
+are arrays of nodes from a policy
+.Fa tree .
+.Pp
+If the last level of a
+.Fa tree ,
+or equivalently, all levels of it, contain an
+.Sy anyPolicy
+node, the authority set contains
+only this anyPolicy node from the last level.
+Unless the array of
+.Fa policy_oids
+passed to
+.Xr X509_policy_check 3
+contained an anyPolicy object,
+the user set contains one node for each of the
+.Fa policy_oids ;
+specifically, the first matching node that is a child of an anyPolicy node.
+.Pp
+If the last level of the
+.Fa tree
+does not contain an
+.Sy anyPolicy
+node, the authority set contains
+all non-anyPolicy nodes that are children of anyPolicy nodes.
+For each element of the
+.Fa policy_oids ,
+the user set contains the first node from the authority set
+matching it, if any.
+.Pp
+These functions are intended to be called after
+.Xr X509_policy_check 3
+was called either directly or indirectly through
+.Xr X509_verify_cert 3 .
+.Sh RETURN VALUES
+.Fn X509_policy_tree_get0_policies
+returns an internal pointer to the authority set
+or
+.Dv NULL
+if the
+.Fa tree
+argument is
+.Dv NULL .
+.Pp
+.Fn X509_policy_tree_get0_user_policies
+returns an internal pointer to the user set or
+.Dv NULL
+if the
+.Fa tree
+argument is
+.Dv NULL
+or if the array of
+.Fa policy_oids
+passed to
+.Xr X509_policy_check 3
+was empty or contained an anyPolicy object.
+.Sh SEE ALSO
+.Xr STACK_OF 3 ,
+.Xr X509_policy_check 3 ,
+.Xr X509_policy_level_get0_node 3 ,
+.Xr X509_STORE_CTX_get0_policy_tree 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+and Certificate Revocation List (CRL) Profile,
+section 6.1: Basic Path Validation
+.Sh HISTORY
+These function first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
diff --git a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 b/src/lib/libcrypto/man/X509_policy_tree_level_count.3
index f74754c362..4b13e6a967 100644
--- a/src/lib/libcrypto/man/X509_policy_tree_level_count.3
+++ b/src/lib/libcrypto/man/X509_policy_tree_level_count.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.3 2021/07/28 13:47:21 schwarze Exp $
+.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.4 2021/11/11 12:06:25 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 28 2021 $
+.Dd $Mdocdate: November 11 2021 $
 .Dt X509_POLICY_TREE_LEVEL_COUNT 3
 .Os
 .Sh NAME
@@ -167,7 +167,8 @@ The parent node is always located on the previous level.
 .Xr POLICYQUALINFO_new 3 ,
 .Xr STACK_OF 3 ,
 .Xr X509_new 3 ,
-.Xr X509_policy_check 3
+.Xr X509_policy_check 3 ,
+.Xr X509_policy_tree_get0_policies 3
 .Sh STANDARDS
 RFC 5280: Internet X.509 Public Key Infrastructure Certificate
 and Certificate Revocation List (CRL) Profile,

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 6e8753b379..4a22484ea3 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.210 2021/11/09 16:23:04 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.211 2021/11/11 12:06:25 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -352,6 +352,7 @@ MAN= \
352	X509_new.3 \	352	X509_new.3 \
353	X509_ocspid_print.3 \	353	X509_ocspid_print.3 \
354	X509_policy_check.3 \	354	X509_policy_check.3 \
		355	X509_policy_tree_get0_policies.3 \
355	X509_policy_tree_level_count.3 \	356	X509_policy_tree_level_count.3 \
356	X509_print_ex.3 \	357	X509_print_ex.3 \
357	X509_sign.3 \	358	X509_sign.3 \


diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3 index e4b3be0d43..5ea774a3ef 100644 --- a/src/lib/libcrypto/man/X509_policy_check.3 +++ b/src/lib/libcrypto/man/X509_policy_check.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_policy_check.3,v 1.5 2021/07/30 15:01:40 schwarze Exp $	1	.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 30 2021 $	17	.Dd $Mdocdate: November 11 2021 $
18	.Dt X509_POLICY_CHECK 3	18	.Dt X509_POLICY_CHECK 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -177,6 +177,7 @@ to 0.
177	.Xr X509_check_purpose 3 ,	177	.Xr X509_check_purpose 3 ,
178	.Xr X509_check_trust 3 ,	178	.Xr X509_check_trust 3 ,
179	.Xr X509_new 3 ,	179	.Xr X509_new 3 ,
		180	.Xr X509_policy_tree_get0_policies 3 ,
180	.Xr X509_policy_tree_level_count 3 ,	181	.Xr X509_policy_tree_level_count 3 ,
181	.Xr X509_verify_cert 3	182	.Xr X509_verify_cert 3
182	.Sh STANDARDS	183	.Sh STANDARDS


diff --git a/src/lib/libcrypto/man/X509_policy_tree_get0_policies.3 b/src/lib/libcrypto/man/X509_policy_tree_get0_policies.3 new file mode 100644 index 0000000000..cb0715d6cb --- /dev/null +++ b/src/lib/libcrypto/man/X509_policy_tree_get0_policies.3
@@ -0,0 +1,101 @@
		1	.\" $OpenBSD: X509_policy_tree_get0_policies.3,v 1.1 2021/11/11 12:06:25 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: November 11 2021 $
		18	.Dt X509_POLICY_TREE_GET0_POLICIES 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509_policy_tree_get0_policies ,
		22	.Nm X509_policy_tree_get0_user_policies
		23	.Nd retrieve arrays of policy tree nodes
		24	.Sh SYNOPSIS
		25	.In openssl/x509_vfy.h
		26	.Ft STACK_OF(X509_POLICY_NODE) *
		27	.Fn X509_policy_tree_get0_policies "const X509_POLICY_TREE *tree"
		28	.Ft STACK_OF(X509_POLICY_NODE) *
		29	.Fn X509_policy_tree_get0_user_policies "const X509_POLICY_TREE *tree"
		30	.Sh DESCRIPTION
		31	The
		32	.Em authority set
		33	and the
		34	.Em user set
		35	are arrays of nodes from a policy
		36	.Fa tree .
		37	.Pp
		38	If the last level of a
		39	.Fa tree ,
		40	or equivalently, all levels of it, contain an
		41	.Sy anyPolicy
		42	node, the authority set contains
		43	only this anyPolicy node from the last level.
		44	Unless the array of
		45	.Fa policy_oids
		46	passed to
		47	.Xr X509_policy_check 3
		48	contained an anyPolicy object,
		49	the user set contains one node for each of the
		50	.Fa policy_oids ;
		51	specifically, the first matching node that is a child of an anyPolicy node.
		52	.Pp
		53	If the last level of the
		54	.Fa tree
		55	does not contain an
		56	.Sy anyPolicy
		57	node, the authority set contains
		58	all non-anyPolicy nodes that are children of anyPolicy nodes.
		59	For each element of the
		60	.Fa policy_oids ,
		61	the user set contains the first node from the authority set
		62	matching it, if any.
		63	.Pp
		64	These functions are intended to be called after
		65	.Xr X509_policy_check 3
		66	was called either directly or indirectly through
		67	.Xr X509_verify_cert 3 .
		68	.Sh RETURN VALUES
		69	.Fn X509_policy_tree_get0_policies
		70	returns an internal pointer to the authority set
		71	or
		72	.Dv NULL
		73	if the
		74	.Fa tree
		75	argument is
		76	.Dv NULL .
		77	.Pp
		78	.Fn X509_policy_tree_get0_user_policies
		79	returns an internal pointer to the user set or
		80	.Dv NULL
		81	if the
		82	.Fa tree
		83	argument is
		84	.Dv NULL
		85	or if the array of
		86	.Fa policy_oids
		87	passed to
		88	.Xr X509_policy_check 3
		89	was empty or contained an anyPolicy object.
		90	.Sh SEE ALSO
		91	.Xr STACK_OF 3 ,
		92	.Xr X509_policy_check 3 ,
		93	.Xr X509_policy_level_get0_node 3 ,
		94	.Xr X509_STORE_CTX_get0_policy_tree 3
		95	.Sh STANDARDS
		96	RFC 5280: Internet X.509 Public Key Infrastructure Certificate
		97	and Certificate Revocation List (CRL) Profile,
		98	section 6.1: Basic Path Validation
		99	.Sh HISTORY
		100	These function first appeared in OpenSSL 0.9.8 and have been available since
		101	.Ox 4.5 .


diff --git a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 b/src/lib/libcrypto/man/X509_policy_tree_level_count.3 index f74754c362..4b13e6a967 100644 --- a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 +++ b/src/lib/libcrypto/man/X509_policy_tree_level_count.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.3 2021/07/28 13:47:21 schwarze Exp $	1	.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.4 2021/11/11 12:06:25 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 28 2021 $	17	.Dd $Mdocdate: November 11 2021 $
18	.Dt X509_POLICY_TREE_LEVEL_COUNT 3	18	.Dt X509_POLICY_TREE_LEVEL_COUNT 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -167,7 +167,8 @@ The parent node is always located on the previous level.
167	.Xr POLICYQUALINFO_new 3 ,	167	.Xr POLICYQUALINFO_new 3 ,
168	.Xr STACK_OF 3 ,	168	.Xr STACK_OF 3 ,
169	.Xr X509_new 3 ,	169	.Xr X509_new 3 ,
170	.Xr X509_policy_check 3	170	.Xr X509_policy_check 3 ,
		171	.Xr X509_policy_tree_get0_policies 3
171	.Sh STANDARDS	172	.Sh STANDARDS
172	RFC 5280: Internet X.509 Public Key Infrastructure Certificate	173	RFC 5280: Internet X.509 Public Key Infrastructure Certificate
173	and Certificate Revocation List (CRL) Profile,	174	and Certificate Revocation List (CRL) Profile,