Re-convert and re-import the CMS manual pages from OpenSSL 1.1.1

(which are still under a free license) with pod2mdoc(1) now that jsing@ has begun work to provide these APIs. Some formatting was improved and some typos were fixed, but apart from that, little was changed, so there is still much to polish.
author: schwarze <> 2019-08-10 23:41:22 +0000
committer: schwarze <> 2019-08-10 23:41:22 +0000
commit: 4828805cb3ae85d08514ac3a640cd5f4822af2c4 (patch)
tree: 3f70859fec97a5fc0a89365840d52dc9deee7bf9 /src/lib/libcrypto/man/CMS_sign.3
parent: a1b36756aaebda315e1da2654bfa352b4aa458c9 (diff)
download: openbsd-4828805cb3ae85d08514ac3a640cd5f4822af2c4.tar.gz
openbsd-4828805cb3ae85d08514ac3a640cd5f4822af2c4.tar.bz2
openbsd-4828805cb3ae85d08514ac3a640cd5f4822af2c4.zip
1 files changed, 224 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3
new file mode 100644
index 0000000000..54d95f4a5d
--- /dev/null
+++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -0,0 +1,224 @@
+.\" $OpenBSD: CMS_sign.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
+.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 10 2019 $
+.Dt CMS_SIGN 3
+.Os
+.Sh NAME
+.Nm CMS_sign
+.Nd create a CMS SignedData structure
+.Sh SYNOPSIS
+.In openssl/cms.h
+.Ft CMS_ContentInfo *
+.Fo CMS_sign
+.Fa "X509 *signcert"
+.Fa "EVP_PKEY *pkey"
+.Fa "STACK_OF(X509) *certs"
+.Fa "BIO *data"
+.Fa "unsigned int flags"
+.Fc
+.Sh DESCRIPTION
+.Fn CMS_sign
+creates and returns a CMS SignedData structure.
+.Fa signcert
+is the certificate to sign with,
+.Fa pkey
+is the corresponding private key.
+.Fa certs
+is an optional additional set of certificates to include in the CMS
+structure (for example any intermediate CAs in the chain).
+Any or all of these parameters can be
+.Dv NULL .
+.Pp
+The data to be signed is read from
+.Fa data .
+.Pp
+.Fa flags
+is an optional set of flags.
+.Pp
+Any of the following flags (OR'ed together) can be passed in the
+.Fa flags
+parameter:
+.Bl -tag -width Ds
+.It Dv CMS_TEXT
+Prepend MIME headers for the type text/plain to the data.
+Many S/MIME clients expect the signed content to include valid MIME
+headers.
+.It Dv CMS_NOCERTS
+Do not include the signer's certificate in the
+.Vt CMS_ContentInfo
+structure.
+The signer's certificate must still be supplied in the
+.Fa signcert
+parameter though.
+This can reduce the size of the signature if the signers certificate can
+be obtained by other means: for example a previously signed message.
+.It Dv CMS_DETACHED
+Omit the data being signed from the
+.Vt CMS_ContentInfo
+structure.
+This is used for
+.Vt CMS_ContentInfo
+detached signatures which are used in S/MIME plaintext signed messages
+for example.
+.It Dv CMS_BINARY
+Do not translate the supplied content into MIME canonical format
+even though that is required by the S/MIME specifications.
+This option should be used if the supplied data is in binary format.
+Otherwise the translation will corrupt it.
+.It Dv CMS_NOATTR
+Do not use any signedAttributes.
+By default, the SignedData structure includes several CMS
+signedAttributes including the signing time, the CMS content type,
+and the supported list of ciphers in an SMIMECapabilities attribute.
+.It Dv CMS_NOSMIMECAP
+Omit just the SMIMECapabilities.
+If present, the SMIMECapabilities attribute indicates support for the
+following algorithms in preference order: 256 bit AES, Gost R3411-94,
+Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
+RC2, DES and 40 bit RC2.
+If any of these algorithms is not available, then it will not be
+included: for example the GOST algorithms will not be included if
+the GOST ENGINE is not loaded.
+.It Dv CMS_USE_KEYID
+Use the subject key identifier value to identify signing certificates.
+An error occurs if the signing certificate does not have a subject key
+identifier extension.
+By default, issuer name and serial number are used instead.
+.It Dv CMS_STREAM
+Only initialize the returned
+.Vt CMS_ContentInfo
+structure to prepare it for performing the signing operation.
+The signing is however
+.Em not
+performed and the data to be signed is not read from the
+.Fa data
+parameter.
+Signing is deferred until after the data has been written.
+In this way, data can be signed in a single pass.
+The returned
+.Vt CMS_ContentInfo
+structure is
+.Em not
+complete and outputting its contents via a function that does not
+properly finalize the
+.Vt CMS_ContentInfo
+structure will give unpredictable results.
+Several functions including
+.Xr SMIME_write_CMS 3 ,
+.Xr i2d_CMS_bio_stream 3 ,
+or
+.Xr PEM_write_bio_CMS_stream 3
+finalize the structure.
+Alternatively, finalization can be performed by obtaining the streaming
+ASN1
+.Vt BIO
+directly using
+.Xr BIO_new_CMS 3 .
+.It Dv CMS_PARTIAL
+Output a partial
+.Vt CMS_ContentInfo
+structure to which additional signers and capabilities can be
+added before finalization.
+.El
+.Pp
+If a signer is specified, it will use the default digest for the signing
+algorithm.
+This is SHA1 for both RSA and DSA keys.
+.Pp
+If
+.Fa signcert
+and
+.Fa pkey
+are
+.Dv NULL ,
+then a certificates only CMS structure is output.
+.Pp
+The function
+.Fn CMS_sign
+is a basic CMS signing function whose output will be suitable for many
+purposes.
+For finer control of the output format the
+.Fa certs ,
+.Fa signcert
+and
+.Fa pkey
+parameters can all be
+.Dv NULL
+and the
+.Dv CMS_PARTIAL
+flag set.
+Then one or more signers can be added using the function
+.Xr CMS_sign_add1_signer 3 ,
+non default digests can be used and custom attributes added.
+.Xr CMS_final 3
+must then be called to finalize the structure if streaming is not
+enabled.
+.Sh RETURN VALUES
+.Fn CMS_sign
+returns either a valid
+.Vt CMS_ContentInfo
+structure or
+.Dv NULL
+if an error occurred.
+The error can be obtained from
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr CMS_verify 3
+.Sh HISTORY
+.Fn CMS_sign
+was added to OpenSSL 0.9.8.
+.Pp
+The
+.Dv CMS_STREAM
+flag is only supported for detached data in OpenSSL 0.9.8, it is
+supported for embedded data in OpenSSL 1.0.0 and later.
+.Sh BUGS
+Some attributes such as counter signatures are not supported.
author	schwarze <>	2019-08-10 23:41:22 +0000
committer	schwarze <>	2019-08-10 23:41:22 +0000
commit	4828805cb3ae85d08514ac3a640cd5f4822af2c4 (patch)
tree	3f70859fec97a5fc0a89365840d52dc9deee7bf9 /src/lib/libcrypto/man/CMS_sign.3
parent	a1b36756aaebda315e1da2654bfa352b4aa458c9 (diff)
download	openbsd-4828805cb3ae85d08514ac3a640cd5f4822af2c4.tar.gz openbsd-4828805cb3ae85d08514ac3a640cd5f4822af2c4.tar.bz2 openbsd-4828805cb3ae85d08514ac3a640cd5f4822af2c4.zip

diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3 new file mode 100644 index 0000000000..54d95f4a5d --- /dev/null +++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -0,0 +1,224 @@
	1	.\" $OpenBSD: CMS_sign.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
	5	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\"
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\"
	14	.\" 2. Redistributions in binary form must reproduce the above copyright
	15	.\" notice, this list of conditions and the following disclaimer in
	16	.\" the documentation and/or other materials provided with the
	17	.\" distribution.
	18	.\"
	19	.\" 3. All advertising materials mentioning features or use of this
	20	.\" software must display the following acknowledgment:
	21	.\" "This product includes software developed by the OpenSSL Project
	22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	.\"
	24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	.\" endorse or promote products derived from this software without
	26	.\" prior written permission. For written permission, please contact
	27	.\" openssl-core@openssl.org.
	28	.\"
	29	.\" 5. Products derived from this software may not be called "OpenSSL"
	30	.\" nor may "OpenSSL" appear in their names without prior written
	31	.\" permission of the OpenSSL Project.
	32	.\"
	33	.\" 6. Redistributions of any form whatsoever must retain the following
	34	.\" acknowledgment:
	35	.\" "This product includes software developed by the OpenSSL Project
	36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	.\"
	38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	50	.\"
	51	.Dd $Mdocdate: August 10 2019 $
	52	.Dt CMS_SIGN 3
	53	.Os
	54	.Sh NAME
	55	.Nm CMS_sign
	56	.Nd create a CMS SignedData structure
	57	.Sh SYNOPSIS
	58	.In openssl/cms.h
	59	.Ft CMS_ContentInfo *
	60	.Fo CMS_sign
	61	.Fa "X509 *signcert"
	62	.Fa "EVP_PKEY *pkey"
	63	.Fa "STACK_OF(X509) *certs"
	64	.Fa "BIO *data"
	65	.Fa "unsigned int flags"
	66	.Fc
	67	.Sh DESCRIPTION
	68	.Fn CMS_sign
	69	creates and returns a CMS SignedData structure.
	70	.Fa signcert
	71	is the certificate to sign with,
	72	.Fa pkey
	73	is the corresponding private key.
	74	.Fa certs
	75	is an optional additional set of certificates to include in the CMS
	76	structure (for example any intermediate CAs in the chain).
	77	Any or all of these parameters can be
	78	.Dv NULL .
	79	.Pp
	80	The data to be signed is read from
	81	.Fa data .
	82	.Pp
	83	.Fa flags
	84	is an optional set of flags.
	85	.Pp
	86	Any of the following flags (OR'ed together) can be passed in the
	87	.Fa flags
	88	parameter:
	89	.Bl -tag -width Ds
	90	.It Dv CMS_TEXT
	91	Prepend MIME headers for the type text/plain to the data.
	92	Many S/MIME clients expect the signed content to include valid MIME
	93	headers.
	94	.It Dv CMS_NOCERTS
	95	Do not include the signer's certificate in the
	96	.Vt CMS_ContentInfo
	97	structure.
	98	The signer's certificate must still be supplied in the
	99	.Fa signcert
	100	parameter though.
	101	This can reduce the size of the signature if the signers certificate can
	102	be obtained by other means: for example a previously signed message.
	103	.It Dv CMS_DETACHED
	104	Omit the data being signed from the
	105	.Vt CMS_ContentInfo
	106	structure.
	107	This is used for
	108	.Vt CMS_ContentInfo
	109	detached signatures which are used in S/MIME plaintext signed messages
	110	for example.
	111	.It Dv CMS_BINARY
	112	Do not translate the supplied content into MIME canonical format
	113	even though that is required by the S/MIME specifications.
	114	This option should be used if the supplied data is in binary format.
	115	Otherwise the translation will corrupt it.
	116	.It Dv CMS_NOATTR
	117	Do not use any signedAttributes.
	118	By default, the SignedData structure includes several CMS
	119	signedAttributes including the signing time, the CMS content type,
	120	and the supported list of ciphers in an SMIMECapabilities attribute.
	121	.It Dv CMS_NOSMIMECAP
	122	Omit just the SMIMECapabilities.
	123	If present, the SMIMECapabilities attribute indicates support for the
	124	following algorithms in preference order: 256 bit AES, Gost R3411-94,
	125	Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
	126	RC2, DES and 40 bit RC2.
	127	If any of these algorithms is not available, then it will not be
	128	included: for example the GOST algorithms will not be included if
	129	the GOST ENGINE is not loaded.
	130	.It Dv CMS_USE_KEYID
	131	Use the subject key identifier value to identify signing certificates.
	132	An error occurs if the signing certificate does not have a subject key
	133	identifier extension.
	134	By default, issuer name and serial number are used instead.
	135	.It Dv CMS_STREAM
	136	Only initialize the returned
	137	.Vt CMS_ContentInfo
	138	structure to prepare it for performing the signing operation.
	139	The signing is however
	140	.Em not
	141	performed and the data to be signed is not read from the
	142	.Fa data
	143	parameter.
	144	Signing is deferred until after the data has been written.
	145	In this way, data can be signed in a single pass.
	146	The returned
	147	.Vt CMS_ContentInfo
	148	structure is
	149	.Em not
	150	complete and outputting its contents via a function that does not
	151	properly finalize the
	152	.Vt CMS_ContentInfo
	153	structure will give unpredictable results.
	154	Several functions including
	155	.Xr SMIME_write_CMS 3 ,
	156	.Xr i2d_CMS_bio_stream 3 ,
	157	or
	158	.Xr PEM_write_bio_CMS_stream 3
	159	finalize the structure.
	160	Alternatively, finalization can be performed by obtaining the streaming
	161	ASN1
	162	.Vt BIO
	163	directly using
	164	.Xr BIO_new_CMS 3 .
	165	.It Dv CMS_PARTIAL
	166	Output a partial
	167	.Vt CMS_ContentInfo
	168	structure to which additional signers and capabilities can be
	169	added before finalization.
	170	.El
	171	.Pp
	172	If a signer is specified, it will use the default digest for the signing
	173	algorithm.
	174	This is SHA1 for both RSA and DSA keys.
	175	.Pp
	176	If
	177	.Fa signcert
	178	and
	179	.Fa pkey
	180	are
	181	.Dv NULL ,
	182	then a certificates only CMS structure is output.
	183	.Pp
	184	The function
	185	.Fn CMS_sign
	186	is a basic CMS signing function whose output will be suitable for many
	187	purposes.
	188	For finer control of the output format the
	189	.Fa certs ,
	190	.Fa signcert
	191	and
	192	.Fa pkey
	193	parameters can all be
	194	.Dv NULL
	195	and the
	196	.Dv CMS_PARTIAL
	197	flag set.
	198	Then one or more signers can be added using the function
	199	.Xr CMS_sign_add1_signer 3 ,
	200	non default digests can be used and custom attributes added.
	201	.Xr CMS_final 3
	202	must then be called to finalize the structure if streaming is not
	203	enabled.
	204	.Sh RETURN VALUES
	205	.Fn CMS_sign
	206	returns either a valid
	207	.Vt CMS_ContentInfo
	208	structure or
	209	.Dv NULL
	210	if an error occurred.
	211	The error can be obtained from
	212	.Xr ERR_get_error 3 .
	213	.Sh SEE ALSO
	214	.Xr CMS_verify 3
	215	.Sh HISTORY
	216	.Fn CMS_sign
	217	was added to OpenSSL 0.9.8.
	218	.Pp
	219	The
	220	.Dv CMS_STREAM
	221	flag is only supported for detached data in OpenSSL 0.9.8, it is
	222	supported for embedded data in OpenSSL 1.0.0 and later.
	223	.Sh BUGS
	224	Some attributes such as counter signatures are not supported.