4 files changed, 168 insertions, 6 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index c3dcaa06a3..a1ea6af33a 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.186 2021/07/24 14:33:14 schwarze Exp $
+# $OpenBSD: Makefile,v 1.187 2021/07/26 14:03:43 schwarze Exp $
 .include <bsd.own.mk>
@@ -327,6 +327,7 @@ MAN=	\
        X509_get1_email.3 \
        X509_keyid_set1.3 \
        X509_new.3 \
+        X509_policy_tree_level_count.3 \
        X509_print_ex.3 \
        X509_sign.3 \
        X509_signature_dump.3 \
diff --git a/src/lib/libcrypto/man/POLICYINFO_new.3 b/src/lib/libcrypto/man/POLICYINFO_new.3
index 4b88cf00eb..7938ed591d 100644
--- a/src/lib/libcrypto/man/POLICYINFO_new.3
+++ b/src/lib/libcrypto/man/POLICYINFO_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: POLICYINFO_new.3,v 1.7 2019/06/06 17:41:43 schwarze Exp $
+.\"     $OpenBSD: POLICYINFO_new.3,v 1.8 2021/07/26 14:03:43 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: July 26 2021 $
 .Dt POLICYINFO_NEW 3
 .Os
 .Sh NAME
@@ -178,7 +178,8 @@ if an error occurs.
 .Xr d2i_POLICYINFO 3 ,
 .Xr NAME_CONSTRAINTS_new 3 ,
 .Xr X509_EXTENSION_new 3 ,
-.Xr X509_new 3
+.Xr X509_new 3 ,
+.Xr X509_policy_tree_level_count 3
 .Sh STANDARDS
 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
 Certificate Revocation List (CRL) Profile:
diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3
index e06203f87c..304045f657 100644
--- a/src/lib/libcrypto/man/X509_new.3
+++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_new.3,v 1.26 2021/07/24 14:33:14 schwarze Exp $
+.\" $OpenBSD: X509_new.3,v 1.27 2021/07/26 14:03:43 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 24 2021 $
+.Dd $Mdocdate: July 26 2021 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
@@ -193,6 +193,7 @@ if an error occurs.
 .Xr X509_get_version 3 ,
 .Xr X509_INFO_new 3 ,
 .Xr X509_NAME_new 3 ,
+.Xr X509_policy_tree_level_count 3 ,
 .Xr X509_print_ex 3 ,
 .Xr X509_PUBKEY_new 3 ,
 .Xr X509_PURPOSE_set 3 ,
diff --git a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 b/src/lib/libcrypto/man/X509_policy_tree_level_count.3
new file mode 100644
index 0000000000..523cb55f1d
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_policy_tree_level_count.3
@@ -0,0 +1,159 @@
+.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.1 2021/07/26 14:03:43 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 26 2021 $
+.Dt X509_POLICY_TREE_LEVEL_COUNT 3
+.Os
+.Sh NAME
+.Nm X509_policy_tree_level_count ,
+.Nm X509_policy_tree_get0_level ,
+.Nm X509_policy_level_node_count ,
+.Nm X509_policy_level_get0_node ,
+.Nm X509_policy_node_get0_policy ,
+.Nm X509_policy_node_get0_qualifiers ,
+.Nm X509_policy_node_get0_parent
+.Nd inspect X.509 policy tree objects
+.Sh SYNOPSIS
+.In openssl/x509_vfy.h
+.Ft int
+.Fn X509_policy_tree_level_count "const X509_POLICY_TREE *tree"
+.Ft X509_POLICY_LEVEL *
+.Fn X509_policy_tree_get0_level "const X509_POLICY_TREE *tree" "int index"
+.Ft int
+.Fn X509_policy_level_node_count "X509_POLICY_LEVEL *level"
+.Ft X509_POLICY_NODE *
+.Fn X509_policy_level_get0_node "X509_POLICY_LEVEL *level" "int index"
+.Ft const ASN1_OBJECT *
+.Fn X509_policy_node_get0_policy "const X509_POLICY_NODE *node"
+.Ft STACK_OF(POLICYQUALINFO) *
+.Fn X509_policy_node_get0_qualifiers "const X509_POLICY_NODE *node"
+.Ft const X509_POLICY_NODE *
+.Fn X509_policy_node_get0_parent "const X509_POLICY_NODE *node"
+.Sh DESCRIPTION
+The
+.Vt X509_POLICY_TREE
+object represents a
+.Vt valid_policy_tree
+as described in RFC 5280 section 6.1.
+.Pp
+The
+.Vt X509_POLICY_LEVEL
+object represents one level of such a tree,
+corresponding to one certificate.
+.Pp
+The
+.Vt X509_POLICY_NODE
+object represents one node in the tree.
+.Sh RETURN VALUES
+.Fn X509_policy_tree_level_count
+returns the number of levels in the
+.Fa tree
+or 0 if the
+.Fa tree
+argument is
+.Dv NULL .
+.Pp
+.Fn X509_policy_tree_get0_level
+returns an internal pointer to the level of the
+.Fa tree
+with the given
+.Fa index
+or
+.Dv NULL
+if the
+.Fa tree
+argument is
+.Dv NULL
+or the
+.Fa index
+is less than 0 or greater than or equal to the number of levels in the
+.Fa tree .
+.Pp
+.Fn X509_policy_level_node_count
+returns the number of nodes on the
+.Fa level ,
+including an
+.Sy anyPolicy
+node if it is present, or 0 if the
+.Fa level
+argument is
+.Dv NULL .
+.Pp
+.Fn X509_policy_level_get0_node
+returns an internal pointer to the node on the
+.Fa level
+with the given
+.Fa index
+or
+.Dv NULL
+if the
+.Fa level
+argument is
+.Dv NULL
+or the
+.Fa index
+is less than 0 or greater than or equal to the number of nodes on the level.
+If an
+.Sy anyPolicy
+node is present on the level, it can be retrieved by passing an
+.Fa index
+of 0.
+.Pp
+.Fn X509_policy_node_get0_policy
+returns an internal pointer to the
+.Fa valid_policy
+child object of the node or
+.Dv NULL
+if the
+.Fa node
+argument is
+.Dv NULL .
+.Pp
+.Fn X509_policy_node_get0_qualifiers
+returns an an internal pointer to the
+.Fa qualifier_set
+child object of the node or
+.Dv NULL
+if the
+.Fa node
+argument is
+.Dv NULL .
+.Pp
+.Fn X509_policy_node_get0_parent
+returns
+.Dv NULL
+if the
+.Fa node
+argument is
+.Dv NULL
+or located on level 0.
+Otherwise, it returns an an internal pointer to the parent node of the
+.Fa node
+argument.
+The parent node is always located on the previous level.
+.Sh SEE ALSO
+.Xr ASN1_OBJECT_new 3 ,
+.Xr OBJ_obj2txt 3 ,
+.Xr POLICYQUALINFO_new 3 ,
+.Xr STACK_OF 3 ,
+.Xr X509_new 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+and Certificate Revocation List (CRL) Profile,
+section 6.1: Basic Path Validation
+.Sh HISTORY
+These function first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index c3dcaa06a3..a1ea6af33a 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.186 2021/07/24 14:33:14 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.187 2021/07/26 14:03:43 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -327,6 +327,7 @@ MAN= \
327	X509_get1_email.3 \	327	X509_get1_email.3 \
328	X509_keyid_set1.3 \	328	X509_keyid_set1.3 \
329	X509_new.3 \	329	X509_new.3 \
		330	X509_policy_tree_level_count.3 \
330	X509_print_ex.3 \	331	X509_print_ex.3 \
331	X509_sign.3 \	332	X509_sign.3 \
332	X509_signature_dump.3 \	333	X509_signature_dump.3 \


diff --git a/src/lib/libcrypto/man/POLICYINFO_new.3 b/src/lib/libcrypto/man/POLICYINFO_new.3 index 4b88cf00eb..7938ed591d 100644 --- a/src/lib/libcrypto/man/POLICYINFO_new.3 +++ b/src/lib/libcrypto/man/POLICYINFO_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: POLICYINFO_new.3,v 1.7 2019/06/06 17:41:43 schwarze Exp $	1	.\" $OpenBSD: POLICYINFO_new.3,v 1.8 2021/07/26 14:03:43 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: June 6 2019 $	17	.Dd $Mdocdate: July 26 2021 $
18	.Dt POLICYINFO_NEW 3	18	.Dt POLICYINFO_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -178,7 +178,8 @@ if an error occurs.
178	.Xr d2i_POLICYINFO 3 ,	178	.Xr d2i_POLICYINFO 3 ,
179	.Xr NAME_CONSTRAINTS_new 3 ,	179	.Xr NAME_CONSTRAINTS_new 3 ,
180	.Xr X509_EXTENSION_new 3 ,	180	.Xr X509_EXTENSION_new 3 ,
181	.Xr X509_new 3	181	.Xr X509_new 3 ,
		182	.Xr X509_policy_tree_level_count 3
182	.Sh STANDARDS	183	.Sh STANDARDS
183	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and	184	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
184	Certificate Revocation List (CRL) Profile:	185	Certificate Revocation List (CRL) Profile:


diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 index e06203f87c..304045f657 100644 --- a/src/lib/libcrypto/man/X509_new.3 +++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_new.3,v 1.26 2021/07/24 14:33:14 schwarze Exp $	1	.\" $OpenBSD: X509_new.3,v 1.27 2021/07/26 14:03:43 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -66,7 +66,7 @@
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"	68	.\"
69	.Dd $Mdocdate: July 24 2021 $	69	.Dd $Mdocdate: July 26 2021 $
70	.Dt X509_NEW 3	70	.Dt X509_NEW 3
71	.Os	71	.Os
72	.Sh NAME	72	.Sh NAME
@@ -193,6 +193,7 @@ if an error occurs.
193	.Xr X509_get_version 3 ,	193	.Xr X509_get_version 3 ,
194	.Xr X509_INFO_new 3 ,	194	.Xr X509_INFO_new 3 ,
195	.Xr X509_NAME_new 3 ,	195	.Xr X509_NAME_new 3 ,
		196	.Xr X509_policy_tree_level_count 3 ,
196	.Xr X509_print_ex 3 ,	197	.Xr X509_print_ex 3 ,
197	.Xr X509_PUBKEY_new 3 ,	198	.Xr X509_PUBKEY_new 3 ,
198	.Xr X509_PURPOSE_set 3 ,	199	.Xr X509_PURPOSE_set 3 ,


diff --git a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 b/src/lib/libcrypto/man/X509_policy_tree_level_count.3 new file mode 100644 index 0000000000..523cb55f1d --- /dev/null +++ b/src/lib/libcrypto/man/X509_policy_tree_level_count.3
@@ -0,0 +1,159 @@
		1	.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.1 2021/07/26 14:03:43 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: July 26 2021 $
		18	.Dt X509_POLICY_TREE_LEVEL_COUNT 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509_policy_tree_level_count ,
		22	.Nm X509_policy_tree_get0_level ,
		23	.Nm X509_policy_level_node_count ,
		24	.Nm X509_policy_level_get0_node ,
		25	.Nm X509_policy_node_get0_policy ,
		26	.Nm X509_policy_node_get0_qualifiers ,
		27	.Nm X509_policy_node_get0_parent
		28	.Nd inspect X.509 policy tree objects
		29	.Sh SYNOPSIS
		30	.In openssl/x509_vfy.h
		31	.Ft int
		32	.Fn X509_policy_tree_level_count "const X509_POLICY_TREE *tree"
		33	.Ft X509_POLICY_LEVEL *
		34	.Fn X509_policy_tree_get0_level "const X509_POLICY_TREE *tree" "int index"
		35	.Ft int
		36	.Fn X509_policy_level_node_count "X509_POLICY_LEVEL *level"
		37	.Ft X509_POLICY_NODE *
		38	.Fn X509_policy_level_get0_node "X509_POLICY_LEVEL *level" "int index"
		39	.Ft const ASN1_OBJECT *
		40	.Fn X509_policy_node_get0_policy "const X509_POLICY_NODE *node"
		41	.Ft STACK_OF(POLICYQUALINFO) *
		42	.Fn X509_policy_node_get0_qualifiers "const X509_POLICY_NODE *node"
		43	.Ft const X509_POLICY_NODE *
		44	.Fn X509_policy_node_get0_parent "const X509_POLICY_NODE *node"
		45	.Sh DESCRIPTION
		46	The
		47	.Vt X509_POLICY_TREE
		48	object represents a
		49	.Vt valid_policy_tree
		50	as described in RFC 5280 section 6.1.
		51	.Pp
		52	The
		53	.Vt X509_POLICY_LEVEL
		54	object represents one level of such a tree,
		55	corresponding to one certificate.
		56	.Pp
		57	The
		58	.Vt X509_POLICY_NODE
		59	object represents one node in the tree.
		60	.Sh RETURN VALUES
		61	.Fn X509_policy_tree_level_count
		62	returns the number of levels in the
		63	.Fa tree
		64	or 0 if the
		65	.Fa tree
		66	argument is
		67	.Dv NULL .
		68	.Pp
		69	.Fn X509_policy_tree_get0_level
		70	returns an internal pointer to the level of the
		71	.Fa tree
		72	with the given
		73	.Fa index
		74	or
		75	.Dv NULL
		76	if the
		77	.Fa tree
		78	argument is
		79	.Dv NULL
		80	or the
		81	.Fa index
		82	is less than 0 or greater than or equal to the number of levels in the
		83	.Fa tree .
		84	.Pp
		85	.Fn X509_policy_level_node_count
		86	returns the number of nodes on the
		87	.Fa level ,
		88	including an
		89	.Sy anyPolicy
		90	node if it is present, or 0 if the
		91	.Fa level
		92	argument is
		93	.Dv NULL .
		94	.Pp
		95	.Fn X509_policy_level_get0_node
		96	returns an internal pointer to the node on the
		97	.Fa level
		98	with the given
		99	.Fa index
		100	or
		101	.Dv NULL
		102	if the
		103	.Fa level
		104	argument is
		105	.Dv NULL
		106	or the
		107	.Fa index
		108	is less than 0 or greater than or equal to the number of nodes on the level.
		109	If an
		110	.Sy anyPolicy
		111	node is present on the level, it can be retrieved by passing an
		112	.Fa index
		113	of 0.
		114	.Pp
		115	.Fn X509_policy_node_get0_policy
		116	returns an internal pointer to the
		117	.Fa valid_policy
		118	child object of the node or
		119	.Dv NULL
		120	if the
		121	.Fa node
		122	argument is
		123	.Dv NULL .
		124	.Pp
		125	.Fn X509_policy_node_get0_qualifiers
		126	returns an an internal pointer to the
		127	.Fa qualifier_set
		128	child object of the node or
		129	.Dv NULL
		130	if the
		131	.Fa node
		132	argument is
		133	.Dv NULL .
		134	.Pp
		135	.Fn X509_policy_node_get0_parent
		136	returns
		137	.Dv NULL
		138	if the
		139	.Fa node
		140	argument is
		141	.Dv NULL
		142	or located on level 0.
		143	Otherwise, it returns an an internal pointer to the parent node of the
		144	.Fa node
		145	argument.
		146	The parent node is always located on the previous level.
		147	.Sh SEE ALSO
		148	.Xr ASN1_OBJECT_new 3 ,
		149	.Xr OBJ_obj2txt 3 ,
		150	.Xr POLICYQUALINFO_new 3 ,
		151	.Xr STACK_OF 3 ,
		152	.Xr X509_new 3
		153	.Sh STANDARDS
		154	RFC 5280: Internet X.509 Public Key Infrastructure Certificate
		155	and Certificate Revocation List (CRL) Profile,
		156	section 6.1: Basic Path Validation
		157	.Sh HISTORY
		158	These function first appeared in OpenSSL 0.9.8 and have been available since
		159	.Ox 4.5 .