This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

1 files changed, 0 insertions, 230 deletions

diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3
deleted file mode 100644
index 63f1b8bb18..0000000000
--- a/src/lib/libcrypto/man/CMS_verify.3
+++ /dev/null
@@ -1,230 +0,0 @@
-.\" $OpenBSD: CMS_verify.3,v 1.10 2024/03/29 06:43:12 tb Exp $
-.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
-.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 29 2024 $
-.Dt CMS_VERIFY 3
-.Os
-.Sh NAME
-.Nm CMS_verify ,
-.Nm CMS_get0_signers
-.Nd verify a CMS SignedData structure
-.Sh SYNOPSIS
-.In openssl/cms.h
-.Ft int
-.Fo CMS_verify
-.Fa "CMS_ContentInfo *cms"
-.Fa "STACK_OF(X509) *certs"
-.Fa "X509_STORE *store"
-.Fa "BIO *indata"
-.Fa "BIO *out"
-.Fa "unsigned int flags"
-.Fc
-.Ft STACK_OF(X509) *
-.Fo CMS_get0_signers
-.Fa "CMS_ContentInfo *cms"
-.Fc
-.Sh DESCRIPTION
-.Fn CMS_verify
-verifies the CMS
-.Vt SignedData
-structure
-.Fa cms .
-.Fa certs
-is a set of certificates in which to search for the signing
-certificate(s).
-.Fa store
-is a trusted certificate store used for chain verification.
-.Fa indata
-is the detached content if the content is not present in
-.Fa cms .
-The content is written to
-.Fa out
-if it is not
-.Dv NULL .
-.Pp
-.Fn CMS_get0_signers
-retrieves the signing certificate(s) from
-.Fa cms .
-It may only be called after a successful
-.Fn CMS_verify
-operation.
-The signers must be freed with
-.Fn sk_X509_free .
-.Pp
-Normally the verify process proceeds as follows.
-.Pp
-Initially some sanity checks are performed on
-.Fa cms .
-There must be at least one signature on the data.
-If the content is detached,
-.Fa indata
-cannot be
-.Dv NULL .
-.Pp
-An attempt is made to locate all the signing certificate(s), first
-looking in the
-.Fa certs
-parameter (if it is not
-.Dv NULL )
-and then looking in any certificates contained in the
-.Fa cms
-structure itself.
-If any signing certificate cannot be located, the operation fails.
-.Pp
-Each signing certificate is chain verified using the
-.Sy smimesign
-purpose and the supplied trusted certificate
-.Fa store .
-Any internal certificates in the message are used as untrusted CAs.
-If CRL checking is enabled in
-.Fa store ,
-any internal CRLs are used in addition to attempting to look them up in
-.Fa store .
-If any chain verify fails, an error code is returned.
-.Pp
-Finally the signed content is read (and written to
-.Fa out
-if it is not
-.Dv NULL )
-and the signature is checked.
-.Pp
-If all signatures verify correctly, then the function is successful.
-.Pp
-Any of the following
-.Fa flags
-(OR'ed together) can be passed to change the default verify behaviour:
-.Bl -tag -width Ds
-.It Dv CMS_NOINTERN
-Do not use the certificates in the message itself when
-locating the signing certificate(s).
-This means that all the signing certificates must be in the
-.Fa certs
-parameter.
-.It Dv CMS_NOCRL
-If CRL checking is enabled in
-.Fa store ,
-then any CRLs in the message itself are ignored.
-.It Dv CMS_TEXT
-MIME headers for type text/plain are deleted from the content.
-If the content is not of type text/plain, an error is returned.
-.It Dv CMS_NO_SIGNER_CERT_VERIFY
-Do not verify signing certificates.
-.It Dv CMS_NO_ATTR_VERIFY
-Do not check the signed attributes signature.
-.It Dv CMS_NO_CONTENT_VERIFY
-Do not check the content digest.
-.El
-.Pp
-One application of
-.Dv CMS_NOINTERN
-is to only accept messages signed by a small number of certificates.
-The acceptable certificates would be passed in the
-.Fa certs
-parameter.
-In this case, if the signer is not one of the certificates supplied in
-.Fa certs ,
-then the verify will fail because the signer cannot be found.
-.Pp
-In some cases the standard techniques for looking up and validating
-certificates are not appropriate: for example an application may wish to
-lookup certificates in a database or perform customised verification.
-This can be achieved by setting and verifying the signers certificates
-manually using the signed data utility functions.
-.Pp
-Care should be taken when modifying the default verify behaviour, for
-example setting
-.Dv CMS_NO_CONTENT_VERIFY
-will totally disable all content verification and any modified content
-will be considered valid.
-This combination is however useful if one merely wishes to write the
-content to
-.Fa out
-and its validity is not considered important.
-.Pp
-Chain verification should arguably be performed using the signing time
-rather than the current time.
-However since the signing time is supplied by the signer it cannot be
-trusted without additional evidence (such as a trusted timestamp).
-.Sh RETURN VALUES
-.Fn CMS_verify
-returns 1 for a successful verification or 0 if an error occurred.
-.Pp
-.Fn CMS_get0_signers
-returns all signers or
-.Dv NULL
-if an error occurred.
-The signers must be freed with
-.Fn sk_X509_free .
-.Pp
-The error can be obtained from
-.Xr ERR_get_error 3 .
-.Sh SEE ALSO
-.Xr CMS_ContentInfo_new 3 ,
-.Xr CMS_get0_SignerInfos 3 ,
-.Xr CMS_sign 3 ,
-.Xr CMS_verify_receipt 3
-.Sh STANDARDS
-RFC 5652: Cryptographic Message Syntax (CMS),
-section 5.1: SignedData Type
-.Pp
-RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures
-in the Cryptographic Message Syntax (CMS)
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.8h
-and have been available since
-.Ox 6.7 .
-.Sh BUGS
-The trusted certificate store is not searched for the signing certificate.
-This is primarily due to the inadequacies of the current
-.Vt X509_STORE
-functionality.
-.Pp
-The lack of single pass processing means that the signed content must
-all be held in memory if it is not detached.