minor cleanup:

* add the missing STANDARDS sections * mark up ASN.1 type names * GOST does not need an ENGINE in LibreSSL, so don't use it as an example * and minor wording improvements and typo fixes
author: schwarze <> 2019-08-18 12:06:51 +0000
committer: schwarze <> 2019-08-18 12:06:51 +0000
commit: 0fc04f9f313a0675c6689b0b146c615e2005c6d8 (patch)
tree: c07653e3f91a7205f7af074ddae021ab713bba90 /src
parent: 8287ed3c26f4dba696df881277cbd91ece5196fb (diff)
download: openbsd-0fc04f9f313a0675c6689b0b146c615e2005c6d8.tar.gz
openbsd-0fc04f9f313a0675c6689b0b146c615e2005c6d8.tar.bz2
openbsd-0fc04f9f313a0675c6689b0b146c615e2005c6d8.zip
4 files changed, 74 insertions, 54 deletions
diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3
index 1ef0f2d48a..1dfd153ee2 100644
--- a/src/lib/libcrypto/man/CMS_sign.3
+++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_sign.3,v 1.5 2019/08/12 16:17:50 schwarze Exp $
+.\" $OpenBSD: CMS_sign.3,v 1.6 2019/08/18 12:06:51 schwarze Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 12 2019 $
+.Dd $Mdocdate: August 18 2019 $
 .Dt CMS_SIGN 3
 .Os
 .Sh NAME
@@ -66,7 +66,9 @@
 .Fc
 .Sh DESCRIPTION
 .Fn CMS_sign
-creates and returns a CMS SignedData structure.
+creates and returns a CMS
+.Vt SignedData
+structure.
 .Fa signcert
 is the certificate to sign with,
 .Fa pkey
@@ -80,12 +82,9 @@ Any or all of these parameters can be
 The data to be signed is read from
 .Fa data .
 .Pp
-.Fa flags
-is an optional set of flags.
-.Pp
 Any of the following flags (OR'ed together) can be passed in the
 .Fa flags
-parameter:
+argument:
 .Bl -tag -width Ds
 .It Dv CMS_TEXT
 Prepend MIME headers for the type text/plain to the data.
@@ -98,8 +97,8 @@ structure.
 The signer's certificate must still be supplied in the
 .Fa signcert
 parameter though.
-This can reduce the size of the signature if the signers certificate can
+This can reduce the size of the signature if the signer's certificate can
-be obtained by other means: for example a previously signed message.
+be obtained by other means, for example from a previously signed message.
 .It Dv CMS_DETACHED
 Omit the data being signed from the
 .Vt CMS_ContentInfo
@@ -114,19 +113,25 @@ even though that is required by the S/MIME specifications.
 This option should be used if the supplied data is in binary format.
 Otherwise the translation will corrupt it.
 .It Dv CMS_NOATTR
-Do not use any signedAttributes.
+Do not add any
-By default, the SignedData structure includes several CMS
+.Vt SignedAttributes .
-signedAttributes including the signing time, the CMS content type,
+By default, the
-and the supported list of ciphers in an SMIMECapabilities attribute.
+.Fa signerInfos
+field includes several CMS
+.Vt SignedAttributes
+including the signing time, the CMS content type,
+and the supported list of ciphers in an
+.Vt SMIMECapabilities
+attribute.
 .It Dv CMS_NOSMIMECAP
-Omit just the SMIMECapabilities.
+Omit just the
+.Vt SMIMECapabilities .
 If present, the SMIMECapabilities attribute indicates support for the
 following algorithms in preference order: 256 bit AES, Gost R3411-94,
 Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
 RC2, DES and 40 bit RC2.
 If any of these algorithms is not available, then it will not be
-included: for example the GOST algorithms will not be included if
+included.
-the GOST ENGINE is not loaded.
 .It Dv CMS_USE_KEYID
 Use the subject key identifier value to identify signing certificates.
 An error occurs if the signing certificate does not have a subject key
@@ -212,6 +217,18 @@ The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_verify 3
+.Sh STANDARDS
+RFC 5652: Cryptographic Message Syntax (CMS)
+.Bl -dash -compact -offset indent
+.It
+section 5.1: SignedData Type
+.It
+section 5.3: SignerInfo Type
+.El
+.Pp
+RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
+Version\ 4.0 Message Specification,
+section 2.5.2: SMIMECapabilities Attribute
 .Sh HISTORY
 .Fn CMS_sign
 first appeared in OpenSSL 0.9.8h
diff --git a/src/lib/libcrypto/man/CMS_sign_receipt.3 b/src/lib/libcrypto/man/CMS_sign_receipt.3
index 88d03d79db..e827900a84 100644
--- a/src/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/src/lib/libcrypto/man/CMS_sign_receipt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_sign_receipt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $
+.\" $OpenBSD: CMS_sign_receipt.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2019 $
+.Dd $Mdocdate: August 18 2019 $
 .Dt CMS_SIGN_RECEIPT 3
 .Os
 .Sh NAME
@@ -66,10 +66,14 @@
 .Fc
 .Sh DESCRIPTION
 .Fn CMS_sign_receipt
-creates and returns a CMS signed receipt structure.
+creates a new CMS
+.Vt SignedData
+structure containing a signed
+.Vt Receipt
+as its embedded content.
 .Fa si
 is the
-.Vt CMS_SignerInfo
+.Vt SignerInfo
 structure containing the signed receipt request.
 .Fa signcert
 is the certificate to sign with,
@@ -79,12 +83,11 @@ is the corresponding private key.
 is an optional additional set of certificates to include in the CMS
 structure (for example any intermediate CAs in the chain).
 .Pp
-.Fa flags
-is an optional set of flags.
-.Pp
 This functions behaves in a similar way to
 .Xr CMS_sign 3
-except the flag values
+except that the
+.Fa flags
+values
 .Dv CMS_DETACHED ,
 .Dv CMS_BINARY ,
 .Dv CMS_NOATTR ,
@@ -105,6 +108,8 @@ The error can be obtained from
 .Sh SEE ALSO
 .Xr CMS_sign 3 ,
 .Xr CMS_verify_receipt 3
+.Sh STANDARDS
+RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax
 .Sh HISTORY
 .Fn CMS_sign_receipt
 first appeared in OpenSSL 0.9.8h
diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3
index 5b17a75ca0..ae489933de 100644
--- a/src/lib/libcrypto/man/CMS_verify.3
+++ b/src/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_verify.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $
+.\" $OpenBSD: CMS_verify.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2019 $
+.Dd $Mdocdate: August 18 2019 $
 .Dt CMS_VERIFY 3
 .Os
 .Sh NAME
@@ -72,11 +72,10 @@
 .Fc
 .Sh DESCRIPTION
 .Fn CMS_verify
-verifies a CMS SignedData structure.
+verifies the CMS
-.Fa cms
+.Vt SignedData
-is the
+structure
-.Vt CMS_ContentInfo
+.Fa cms .
-structure to verify.
 .Fa certs
 is a set of certificates in which to search for the signing
 certificate(s).
@@ -90,10 +89,6 @@ The content is written to
 if it is not
 .Dv NULL .
 .Pp
-.Fa flags
-is an optional set of flags, which can be used to modify the verify
-operation.
-.Pp
 .Fn CMS_get0_signers
 retrieves the signing certificate(s) from
 .Fa cms .
@@ -105,11 +100,8 @@ Normally the verify process proceeds as follows.
 .Pp
 Initially some sanity checks are performed on
 .Fa cms .
-The type of
+There must be at least one signature on the data.
-.Fa cms
+If the content is detached,
-must be SignedData.
-There must be at least one signature on the data and if the content is
-detached;
 .Fa indata
 cannot be
 .Dv NULL .
@@ -126,7 +118,8 @@ If any signing certificate cannot be located, the operation fails.
 .Pp
 Each signing certificate is chain verified using the
 .Sy smimesign
-purpose and the supplied trusted certificate store.
+purpose and the supplied trusted certificate
+.Fa store .
 Any internal certificates in the message are used as untrusted CAs.
 If CRL checking is enabled in
 .Fa store ,
@@ -142,9 +135,9 @@ and the signature is checked.
 .Pp
 If all signatures verify correctly, then the function is successful.
 .Pp
-Any of the following flags (OR'ed together) can be passed in the
+Any of the following
 .Fa flags
-parameter to change the default verify behaviour:
+(OR'ed together) can be passed to change the default verify behaviour:
 .Bl -tag -width Ds
 .It Dv CMS_NOINTERN
 Do not use the certificates in the message itself when
@@ -156,7 +149,7 @@ parameter.
 If CRL checking is enabled in
 .Fa store ,
 then any CRLs in the message itself are ignored.
-It Dv CMS_TEXT
+.It Dv CMS_TEXT
 MIME headers for type text/plain are deleted from the content.
 If the content is not of type text/plain, an error is returned.
 .It Dv CMS_NO_SIGNER_CERT_VERIFY
@@ -199,7 +192,7 @@ However since the signing time is supplied by the signer it cannot be
 trusted without additional evidence (such as a trusted timestamp).
 .Sh RETURN VALUES
 .Fn CMS_verify
-returns 1 for a successful verification or zero if an error occurred.
+returns 1 for a successful verification or 0 if an error occurred.
 .Pp
 .Fn CMS_get0_signers
 returns all signers or
@@ -210,6 +203,9 @@ The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_sign 3
+.Sh STANDARDS
+RFC 5652: Cryptographic Message Syntax (CMS),
+section 5.1: SignedData Type
 .Sh HISTORY
 These functions first appeared in OpenSSL 0.9.8h
 and have been available since
diff --git a/src/lib/libcrypto/man/CMS_verify_receipt.3 b/src/lib/libcrypto/man/CMS_verify_receipt.3
index 7e74faa3e2..8f9a86f128 100644
--- a/src/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/src/lib/libcrypto/man/CMS_verify_receipt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_verify_receipt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $
+.\" $OpenBSD: CMS_verify_receipt.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2019 $
+.Dd $Mdocdate: August 18 2019 $
 .Dt CMS_VERIFY_RECEIPT 3
 .Os
 .Sh NAME
@@ -70,19 +70,19 @@ verifies a CMS signed receipt.
 .Fa rcms
 is the signed receipt to verify.
 .Fa ocms
-is the original SignedData structure containing the receipt request.
+is the original
+.Vt SignedData
+structure containing the receipt request.
 .Fa certs
 is a set of certificates in which to search for the signing certificate.
 .Fa store
 is a trusted certificate store (used for chain verification).
 .Pp
-.Fa flags
-is an optional set of flags, which can be used to modify the verify
-operation.
-.Pp
 This functions behaves in a similar way to
 .Xr CMS_verify 3
-except the flag values
+except that the
+.Fa flags
+values
 .Dv CMS_DETACHED ,
 .Dv CMS_BINARY ,
 .Dv CMS_TEXT ,
@@ -92,13 +92,15 @@ are not supported since they do not make sense in the context of signed
 receipts.
 .Sh RETURN VALUES
 .Fn CMS_verify_receipt
-returns 1 for a successful verification or zero if an error occurred.
+returns 1 for a successful verification or 0 if an error occurred.
 .Pp
 The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_sign_receipt 3 ,
 .Xr CMS_verify 3
+.Sh STANDARDS
+RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax
 .Sh HISTORY
 .Fn CMS_verify_receipt
 first appeared in OpenSSL 0.9.8h
author	schwarze <>	2019-08-18 12:06:51 +0000
committer	schwarze <>	2019-08-18 12:06:51 +0000
commit	0fc04f9f313a0675c6689b0b146c615e2005c6d8 (patch)
tree	c07653e3f91a7205f7af074ddae021ab713bba90 /src
parent	8287ed3c26f4dba696df881277cbd91ece5196fb (diff)
download	openbsd-0fc04f9f313a0675c6689b0b146c615e2005c6d8.tar.gz openbsd-0fc04f9f313a0675c6689b0b146c615e2005c6d8.tar.bz2 openbsd-0fc04f9f313a0675c6689b0b146c615e2005c6d8.zip

diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3 index 1ef0f2d48a..1dfd153ee2 100644 --- a/src/lib/libcrypto/man/CMS_sign.3 +++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_sign.3,v 1.5 2019/08/12 16:17:50 schwarze Exp $	1	.\" $OpenBSD: CMS_sign.3,v 1.6 2019/08/18 12:06:51 schwarze Exp $
2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: August 12 2019 $	51	.Dd $Mdocdate: August 18 2019 $
52	.Dt CMS_SIGN 3	52	.Dt CMS_SIGN 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -66,7 +66,9 @@
66	.Fc	66	.Fc
67	.Sh DESCRIPTION	67	.Sh DESCRIPTION
68	.Fn CMS_sign	68	.Fn CMS_sign
69	creates and returns a CMS SignedData structure.	69	creates and returns a CMS
		70	.Vt SignedData
		71	structure.
70	.Fa signcert	72	.Fa signcert
71	is the certificate to sign with,	73	is the certificate to sign with,
72	.Fa pkey	74	.Fa pkey
@@ -80,12 +82,9 @@ Any or all of these parameters can be
80	The data to be signed is read from	82	The data to be signed is read from
81	.Fa data .	83	.Fa data .
82	.Pp	84	.Pp
83	.Fa flags
84	is an optional set of flags.
85	.Pp
86	Any of the following flags (OR'ed together) can be passed in the	85	Any of the following flags (OR'ed together) can be passed in the
87	.Fa flags	86	.Fa flags
88	parameter:	87	argument:
89	.Bl -tag -width Ds	88	.Bl -tag -width Ds
90	.It Dv CMS_TEXT	89	.It Dv CMS_TEXT
91	Prepend MIME headers for the type text/plain to the data.	90	Prepend MIME headers for the type text/plain to the data.
@@ -98,8 +97,8 @@ structure.
98	The signer's certificate must still be supplied in the	97	The signer's certificate must still be supplied in the
99	.Fa signcert	98	.Fa signcert
100	parameter though.	99	parameter though.
101	This can reduce the size of the signature if the signers certificate can	100	This can reduce the size of the signature if the signer's certificate can
102	be obtained by other means: for example a previously signed message.	101	be obtained by other means, for example from a previously signed message.
103	.It Dv CMS_DETACHED	102	.It Dv CMS_DETACHED
104	Omit the data being signed from the	103	Omit the data being signed from the
105	.Vt CMS_ContentInfo	104	.Vt CMS_ContentInfo
@@ -114,19 +113,25 @@ even though that is required by the S/MIME specifications.
114	This option should be used if the supplied data is in binary format.	113	This option should be used if the supplied data is in binary format.
115	Otherwise the translation will corrupt it.	114	Otherwise the translation will corrupt it.
116	.It Dv CMS_NOATTR	115	.It Dv CMS_NOATTR
117	Do not use any signedAttributes.	116	Do not add any
118	By default, the SignedData structure includes several CMS	117	.Vt SignedAttributes .
119	signedAttributes including the signing time, the CMS content type,	118	By default, the
120	and the supported list of ciphers in an SMIMECapabilities attribute.	119	.Fa signerInfos
		120	field includes several CMS
		121	.Vt SignedAttributes
		122	including the signing time, the CMS content type,
		123	and the supported list of ciphers in an
		124	.Vt SMIMECapabilities
		125	attribute.
121	.It Dv CMS_NOSMIMECAP	126	.It Dv CMS_NOSMIMECAP
122	Omit just the SMIMECapabilities.	127	Omit just the
		128	.Vt SMIMECapabilities .
123	If present, the SMIMECapabilities attribute indicates support for the	129	If present, the SMIMECapabilities attribute indicates support for the
124	following algorithms in preference order: 256 bit AES, Gost R3411-94,	130	following algorithms in preference order: 256 bit AES, Gost R3411-94,
125	Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit	131	Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
126	RC2, DES and 40 bit RC2.	132	RC2, DES and 40 bit RC2.
127	If any of these algorithms is not available, then it will not be	133	If any of these algorithms is not available, then it will not be
128	included: for example the GOST algorithms will not be included if	134	included.
129	the GOST ENGINE is not loaded.
130	.It Dv CMS_USE_KEYID	135	.It Dv CMS_USE_KEYID
131	Use the subject key identifier value to identify signing certificates.	136	Use the subject key identifier value to identify signing certificates.
132	An error occurs if the signing certificate does not have a subject key	137	An error occurs if the signing certificate does not have a subject key
@@ -212,6 +217,18 @@ The error can be obtained from
212	.Xr ERR_get_error 3 .	217	.Xr ERR_get_error 3 .
213	.Sh SEE ALSO	218	.Sh SEE ALSO
214	.Xr CMS_verify 3	219	.Xr CMS_verify 3
		220	.Sh STANDARDS
		221	RFC 5652: Cryptographic Message Syntax (CMS)
		222	.Bl -dash -compact -offset indent
		223	.It
		224	section 5.1: SignedData Type
		225	.It
		226	section 5.3: SignerInfo Type
		227	.El
		228	.Pp
		229	RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
		230	Version\ 4.0 Message Specification,
		231	section 2.5.2: SMIMECapabilities Attribute
215	.Sh HISTORY	232	.Sh HISTORY
216	.Fn CMS_sign	233	.Fn CMS_sign
217	first appeared in OpenSSL 0.9.8h	234	first appeared in OpenSSL 0.9.8h


diff --git a/src/lib/libcrypto/man/CMS_sign_receipt.3 b/src/lib/libcrypto/man/CMS_sign_receipt.3 index 88d03d79db..e827900a84 100644 --- a/src/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/src/lib/libcrypto/man/CMS_sign_receipt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_sign_receipt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $	1	.\" $OpenBSD: CMS_sign_receipt.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: August 11 2019 $	51	.Dd $Mdocdate: August 18 2019 $
52	.Dt CMS_SIGN_RECEIPT 3	52	.Dt CMS_SIGN_RECEIPT 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -66,10 +66,14 @@
66	.Fc	66	.Fc
67	.Sh DESCRIPTION	67	.Sh DESCRIPTION
68	.Fn CMS_sign_receipt	68	.Fn CMS_sign_receipt
69	creates and returns a CMS signed receipt structure.	69	creates a new CMS
		70	.Vt SignedData
		71	structure containing a signed
		72	.Vt Receipt
		73	as its embedded content.
70	.Fa si	74	.Fa si
71	is the	75	is the
72	.Vt CMS_SignerInfo	76	.Vt SignerInfo
73	structure containing the signed receipt request.	77	structure containing the signed receipt request.
74	.Fa signcert	78	.Fa signcert
75	is the certificate to sign with,	79	is the certificate to sign with,
@@ -79,12 +83,11 @@ is the corresponding private key.
79	is an optional additional set of certificates to include in the CMS	83	is an optional additional set of certificates to include in the CMS
80	structure (for example any intermediate CAs in the chain).	84	structure (for example any intermediate CAs in the chain).
81	.Pp	85	.Pp
82	.Fa flags
83	is an optional set of flags.
84	.Pp
85	This functions behaves in a similar way to	86	This functions behaves in a similar way to
86	.Xr CMS_sign 3	87	.Xr CMS_sign 3
87	except the flag values	88	except that the
		89	.Fa flags
		90	values
88	.Dv CMS_DETACHED ,	91	.Dv CMS_DETACHED ,
89	.Dv CMS_BINARY ,	92	.Dv CMS_BINARY ,
90	.Dv CMS_NOATTR ,	93	.Dv CMS_NOATTR ,
@@ -105,6 +108,8 @@ The error can be obtained from
105	.Sh SEE ALSO	108	.Sh SEE ALSO
106	.Xr CMS_sign 3 ,	109	.Xr CMS_sign 3 ,
107	.Xr CMS_verify_receipt 3	110	.Xr CMS_verify_receipt 3
		111	.Sh STANDARDS
		112	RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax
108	.Sh HISTORY	113	.Sh HISTORY
109	.Fn CMS_sign_receipt	114	.Fn CMS_sign_receipt
110	first appeared in OpenSSL 0.9.8h	115	first appeared in OpenSSL 0.9.8h


diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3 index 5b17a75ca0..ae489933de 100644 --- a/src/lib/libcrypto/man/CMS_verify.3 +++ b/src/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_verify.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $	1	.\" $OpenBSD: CMS_verify.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
2	.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200	2	.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: August 11 2019 $	51	.Dd $Mdocdate: August 18 2019 $
52	.Dt CMS_VERIFY 3	52	.Dt CMS_VERIFY 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -72,11 +72,10 @@
72	.Fc	72	.Fc
73	.Sh DESCRIPTION	73	.Sh DESCRIPTION
74	.Fn CMS_verify	74	.Fn CMS_verify
75	verifies a CMS SignedData structure.	75	verifies the CMS
76	.Fa cms	76	.Vt SignedData
77	is the	77	structure
78	.Vt CMS_ContentInfo	78	.Fa cms .
79	structure to verify.
80	.Fa certs	79	.Fa certs
81	is a set of certificates in which to search for the signing	80	is a set of certificates in which to search for the signing
82	certificate(s).	81	certificate(s).
@@ -90,10 +89,6 @@ The content is written to
90	if it is not	89	if it is not
91	.Dv NULL .	90	.Dv NULL .
92	.Pp	91	.Pp
93	.Fa flags
94	is an optional set of flags, which can be used to modify the verify
95	operation.
96	.Pp
97	.Fn CMS_get0_signers	92	.Fn CMS_get0_signers
98	retrieves the signing certificate(s) from	93	retrieves the signing certificate(s) from
99	.Fa cms .	94	.Fa cms .
@@ -105,11 +100,8 @@ Normally the verify process proceeds as follows.
105	.Pp	100	.Pp
106	Initially some sanity checks are performed on	101	Initially some sanity checks are performed on
107	.Fa cms .	102	.Fa cms .
108	The type of	103	There must be at least one signature on the data.
109	.Fa cms	104	If the content is detached,
110	must be SignedData.
111	There must be at least one signature on the data and if the content is
112	detached;
113	.Fa indata	105	.Fa indata
114	cannot be	106	cannot be
115	.Dv NULL .	107	.Dv NULL .
@@ -126,7 +118,8 @@ If any signing certificate cannot be located, the operation fails.
126	.Pp	118	.Pp
127	Each signing certificate is chain verified using the	119	Each signing certificate is chain verified using the
128	.Sy smimesign	120	.Sy smimesign
129	purpose and the supplied trusted certificate store.	121	purpose and the supplied trusted certificate
		122	.Fa store .
130	Any internal certificates in the message are used as untrusted CAs.	123	Any internal certificates in the message are used as untrusted CAs.
131	If CRL checking is enabled in	124	If CRL checking is enabled in
132	.Fa store ,	125	.Fa store ,
@@ -142,9 +135,9 @@ and the signature is checked.
142	.Pp	135	.Pp
143	If all signatures verify correctly, then the function is successful.	136	If all signatures verify correctly, then the function is successful.
144	.Pp	137	.Pp
145	Any of the following flags (OR'ed together) can be passed in the	138	Any of the following
146	.Fa flags	139	.Fa flags
147	parameter to change the default verify behaviour:	140	(OR'ed together) can be passed to change the default verify behaviour:
148	.Bl -tag -width Ds	141	.Bl -tag -width Ds
149	.It Dv CMS_NOINTERN	142	.It Dv CMS_NOINTERN
150	Do not use the certificates in the message itself when	143	Do not use the certificates in the message itself when
@@ -156,7 +149,7 @@ parameter.
156	If CRL checking is enabled in	149	If CRL checking is enabled in
157	.Fa store ,	150	.Fa store ,
158	then any CRLs in the message itself are ignored.	151	then any CRLs in the message itself are ignored.
159	It Dv CMS_TEXT	152	.It Dv CMS_TEXT
160	MIME headers for type text/plain are deleted from the content.	153	MIME headers for type text/plain are deleted from the content.
161	If the content is not of type text/plain, an error is returned.	154	If the content is not of type text/plain, an error is returned.
162	.It Dv CMS_NO_SIGNER_CERT_VERIFY	155	.It Dv CMS_NO_SIGNER_CERT_VERIFY
@@ -199,7 +192,7 @@ However since the signing time is supplied by the signer it cannot be
199	trusted without additional evidence (such as a trusted timestamp).	192	trusted without additional evidence (such as a trusted timestamp).
200	.Sh RETURN VALUES	193	.Sh RETURN VALUES
201	.Fn CMS_verify	194	.Fn CMS_verify
202	returns 1 for a successful verification or zero if an error occurred.	195	returns 1 for a successful verification or 0 if an error occurred.
203	.Pp	196	.Pp
204	.Fn CMS_get0_signers	197	.Fn CMS_get0_signers
205	returns all signers or	198	returns all signers or
@@ -210,6 +203,9 @@ The error can be obtained from
210	.Xr ERR_get_error 3 .	203	.Xr ERR_get_error 3 .
211	.Sh SEE ALSO	204	.Sh SEE ALSO
212	.Xr CMS_sign 3	205	.Xr CMS_sign 3
		206	.Sh STANDARDS
		207	RFC 5652: Cryptographic Message Syntax (CMS),
		208	section 5.1: SignedData Type
213	.Sh HISTORY	209	.Sh HISTORY
214	These functions first appeared in OpenSSL 0.9.8h	210	These functions first appeared in OpenSSL 0.9.8h
215	and have been available since	211	and have been available since


diff --git a/src/lib/libcrypto/man/CMS_verify_receipt.3 b/src/lib/libcrypto/man/CMS_verify_receipt.3 index 7e74faa3e2..8f9a86f128 100644 --- a/src/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/src/lib/libcrypto/man/CMS_verify_receipt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_verify_receipt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $	1	.\" $OpenBSD: CMS_verify_receipt.3,v 1.5 2019/08/18 12:06:51 schwarze Exp $
2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: August 11 2019 $	51	.Dd $Mdocdate: August 18 2019 $
52	.Dt CMS_VERIFY_RECEIPT 3	52	.Dt CMS_VERIFY_RECEIPT 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -70,19 +70,19 @@ verifies a CMS signed receipt.
70	.Fa rcms	70	.Fa rcms
71	is the signed receipt to verify.	71	is the signed receipt to verify.
72	.Fa ocms	72	.Fa ocms
73	is the original SignedData structure containing the receipt request.	73	is the original
		74	.Vt SignedData
		75	structure containing the receipt request.
74	.Fa certs	76	.Fa certs
75	is a set of certificates in which to search for the signing certificate.	77	is a set of certificates in which to search for the signing certificate.
76	.Fa store	78	.Fa store
77	is a trusted certificate store (used for chain verification).	79	is a trusted certificate store (used for chain verification).
78	.Pp	80	.Pp
79	.Fa flags
80	is an optional set of flags, which can be used to modify the verify
81	operation.
82	.Pp
83	This functions behaves in a similar way to	81	This functions behaves in a similar way to
84	.Xr CMS_verify 3	82	.Xr CMS_verify 3
85	except the flag values	83	except that the
		84	.Fa flags
		85	values
86	.Dv CMS_DETACHED ,	86	.Dv CMS_DETACHED ,
87	.Dv CMS_BINARY ,	87	.Dv CMS_BINARY ,
88	.Dv CMS_TEXT ,	88	.Dv CMS_TEXT ,
@@ -92,13 +92,15 @@ are not supported since they do not make sense in the context of signed
92	receipts.	92	receipts.
93	.Sh RETURN VALUES	93	.Sh RETURN VALUES
94	.Fn CMS_verify_receipt	94	.Fn CMS_verify_receipt
95	returns 1 for a successful verification or zero if an error occurred.	95	returns 1 for a successful verification or 0 if an error occurred.
96	.Pp	96	.Pp
97	The error can be obtained from	97	The error can be obtained from
98	.Xr ERR_get_error 3 .	98	.Xr ERR_get_error 3 .
99	.Sh SEE ALSO	99	.Sh SEE ALSO
100	.Xr CMS_sign_receipt 3 ,	100	.Xr CMS_sign_receipt 3 ,
101	.Xr CMS_verify 3	101	.Xr CMS_verify 3
		102	.Sh STANDARDS
		103	RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax
102	.Sh HISTORY	104	.Sh HISTORY
103	.Fn CMS_verify_receipt	105	.Fn CMS_verify_receipt
104	first appeared in OpenSSL 0.9.8h	106	first appeared in OpenSSL 0.9.8h