new manual page PKCS7_add_attribute(3);

tweaks and OK tb@
author: schwarze <> 2020-06-04 10:24:27 +0000
committer: schwarze <> 2020-06-04 10:24:27 +0000
commit: ccbb438ec06397c1b8d88c61577810aab63bda79 (patch)
tree: b146fcdf956ef48b5e41ef198b1023403338e489 /src
parent: 19f9a4a6a75ddb174cd77d6e0749b6fe9979e7c0 (diff)
download: openbsd-ccbb438ec06397c1b8d88c61577810aab63bda79.tar.gz
openbsd-ccbb438ec06397c1b8d88c61577810aab63bda79.tar.bz2
openbsd-ccbb438ec06397c1b8d88c61577810aab63bda79.zip
7 files changed, 201 insertions, 12 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 05b992e132..7effea8379 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.165 2020/06/03 13:41:27 schwarze Exp $
+# $OpenBSD: Makefile,v 1.166 2020/06/04 10:24:27 schwarze Exp $
 .include <bsd.own.mk>
@@ -214,6 +214,7 @@ MAN=	\
        PKCS12_parse.3 \
        PKCS12_SAFEBAG_new.3 \
        PKCS5_PBKDF2_HMAC.3 \
+        PKCS7_add_attribute.3 \
        PKCS7_dataFinal.3 \
        PKCS7_dataInit.3 \
        PKCS7_decrypt.3 \
diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3
new file mode 100644
index 0000000000..09c36a4d5d
--- /dev/null
+++ b/src/lib/libcrypto/man/PKCS7_add_attribute.3
@@ -0,0 +1,179 @@
+.\" $OpenBSD: PKCS7_add_attribute.3,v 1.1 2020/06/04 10:24:27 schwarze Exp $
+.\"
+.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: June 4 2020 $
+.Dt PKCS7_ADD_ATTRIBUTE 3
+.Os
+.Sh NAME
+.Nm PKCS7_add_attribute ,
+.Nm PKCS7_get_attribute ,
+.Nm PKCS7_add_signed_attribute ,
+.Nm PKCS7_get_signed_attribute
+.Nd attributes of SignerInfo objects
+.Sh SYNOPSIS
+.In openssl/pkcs7.h
+.Ft int
+.Fo PKCS7_add_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fa "int attrtype"
+.Fa "void *value"
+.Fc
+.Ft ASN1_TYPE *
+.Fo PKCS7_get_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fc
+.Ft int
+.Fo PKCS7_add_signed_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fa "int attrtype"
+.Fa "void *value"
+.Fc
+.Ft ASN1_TYPE *
+.Fo PKCS7_get_signed_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fc
+.Sh DESCRIPTION
+.Fn PKCS7_add_attribute
+appends a new attribute of type
+.Fa nid
+to the
+.Fa unauthenticatedAttributes
+list of
+.Fa si ,
+and it adds a new ASN.1 ANY object of type
+.Fa attrtype
+with the given
+.Fa value
+to the new attribute.
+Ownership of the
+.Fa value
+is transferred into the new attribute object, so the calling code
+must not
+.Xr free 3
+the
+.Fa value .
+If the list already contains an unauthenticated attribute of type
+.Fa nid
+before the call, the new attribute replaces the old one
+instead of being appended to the end of the list.
+.Pp
+.Fn PKCS7_get_attribute
+retrieves the first ASN.1 ANY member of the attribute of type
+.Fa nid
+from the
+.Fa unauthenticatedAttributes
+list of
+.Fa si .
+.Pp
+The behaviour of
+.Fn PKCS7_add_signed_attribute
+and
+.Fn PKCS7_get_signed_attribute
+is identical except that they operate on the list of
+.Fa authenticatedAttributes .
+.Pp
+The normal way to use
+.Fn PKCS7_add_signed_attribute
+is to first create a
+.Vt SignedInfo
+object with
+.Xr PKCS7_sign 3
+using the
+.Dv PKCS7_PARTIAL
+or
+.Dv PKCS7_STREAM
+flag, retrieve the
+.Vt PKCS7_SIGNER_INFO
+object with the undocumented function
+.Fn PKCS7_get_signer_info
+or add an additional one with
+.Xr PKCS7_sign_add_signer 3 ,
+call
+.Fn PKCS7_add_signed_attribute
+for each desired additional attribute, then do the signing with
+.Xr PKCS7_final 3
+or with another finalizing function.
+.Pp
+For particular types of attributes, undocumented wrapper functions
+.Fn PKCS7_add_attrib_content_type ,
+.Fn PKCS7_add1_attrib_digest ,
+.Fn PKCS7_add0_attrib_signing_time ,
+and
+.Fn PKCS7_add_attrib_smimecap
+exist.
+.Sh RETURN VALUES
+.Fn PKCS7_add_attribute
+and
+.Fn PKCS7_add_signed_attribute
+return 1 on success or 0 on failure.
+The most common reason for failure is lack of memory.
+.Pp
+.Fn PKCS7_get_attribute
+and
+.Fn PKCS7_get_signed_attribute
+return an internal pointer to an ASN.1 ANY object or
+.Dv NULL
+on failure.
+They fail if
+.Fa nid
+is invalid, if the respective list in
+.Fa si
+contains no attribute of the requested type, or if an invalid element
+is found in the list before finding the attribute of the requested type.
+.Sh SEE ALSO
+.Xr ASN1_TYPE_new 3 ,
+.Xr PKCS7_final 3 ,
+.Xr PKCS7_new 3 ,
+.Xr PKCS7_sign 3 ,
+.Xr PKCS7_sign_add_signer 3 ,
+.Xr STACK_OF 3 ,
+.Xr X509_ATTRIBUTE_new 3
+.Sh STANDARDS
+RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5,
+section 9.2: SignerInfo type
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.1
+and have been available since
+.Ox 2.6 .
+.Sh BUGS
+Adding an attribute with an invalid
+.Fa nid
+ought to fail, but it actually succeeds
+setting the type of the new attribute to
+.Dv NULL .
+Subsequent attempts to retrieve attributes
+may cause the program to crash due to
+.Dv NULL
+pointer access.
+.Pp
+A function to remove individual attributes from these lists
+does not appear to exist.
+A program desiring to do that might have to manually iterate the fields
+.Fa auth_attr
+and
+.Fa unauth_attr
+of
+.Fa si ,
+which are both of type
+.Vt STACK_OF(X509_ATTRIBUTE) ,
+using the facilities described in
+.Xr STACK_OF 3
+and
+.Xr OPENSSL_sk_new 3 .
diff --git a/src/lib/libcrypto/man/PKCS7_final.3 b/src/lib/libcrypto/man/PKCS7_final.3
index 593483bb6d..7c9e51521a 100644
--- a/src/lib/libcrypto/man/PKCS7_final.3
+++ b/src/lib/libcrypto/man/PKCS7_final.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS7_final.3,v 1.1 2020/06/03 13:41:27 schwarze Exp $
+.\" $OpenBSD: PKCS7_final.3,v 1.2 2020/06/04 10:24:27 schwarze Exp $
 .\"
 .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 3 2020 $
+.Dd $Mdocdate: June 4 2020 $
 .Dt PKCS7_FINAL 3
 .Os
 .Sh NAME
@@ -186,6 +186,7 @@ Signers lacking private keys do not cause failure but are silently skipped.
 .Xr BIO_new 3 ,
 .Xr i2d_PKCS7_bio_stream 3 ,
 .Xr PEM_write_bio_PKCS7_stream 3 ,
+.Xr PKCS7_add_attribute 3 ,
 .Xr PKCS7_dataFinal 3 ,
 .Xr PKCS7_dataInit 3 ,
 .Xr PKCS7_encrypt 3 ,
diff --git a/src/lib/libcrypto/man/PKCS7_new.3 b/src/lib/libcrypto/man/PKCS7_new.3
index 4abe3698e6..c5eebe96d5 100644
--- a/src/lib/libcrypto/man/PKCS7_new.3
+++ b/src/lib/libcrypto/man/PKCS7_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS7_new.3,v 1.10 2020/05/27 12:00:44 schwarze Exp $
+.\" $OpenBSD: PKCS7_new.3,v 1.11 2020/06/04 10:24:27 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 27 2020 $
+.Dd $Mdocdate: June 4 2020 $
 .Dt PKCS7_NEW 3
 .Os
 .Sh NAME
@@ -246,6 +246,7 @@ frees
 .Xr i2d_PKCS7_bio_stream 3 ,
 .Xr PEM_read_PKCS7 3 ,
 .Xr PEM_write_bio_PKCS7_stream 3 ,
+.Xr PKCS7_add_attribute 3 ,
 .Xr PKCS7_dataFinal 3 ,
 .Xr PKCS7_dataInit 3 ,
 .Xr PKCS7_decrypt 3 ,
diff --git a/src/lib/libcrypto/man/PKCS7_sign.3 b/src/lib/libcrypto/man/PKCS7_sign.3
index d5f4c89c61..c9b13680c3 100644
--- a/src/lib/libcrypto/man/PKCS7_sign.3
+++ b/src/lib/libcrypto/man/PKCS7_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS7_sign.3,v 1.11 2020/06/03 13:41:27 schwarze Exp $
+.\" $OpenBSD: PKCS7_sign.3,v 1.12 2020/06/04 10:24:27 schwarze Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 3 2020 $
+.Dd $Mdocdate: June 4 2020 $
 .Dt PKCS7_SIGN 3
 .Os
 .Sh NAME
@@ -196,7 +196,9 @@ if the
 .Dv PKCS7_PARTIAL
 flag is set.
 One or more signers can be added using the function
-.Xr PKCS7_sign_add_signer 3 .
+.Xr PKCS7_sign_add_signer 3
+and attributes can be added using the functions described in
+.Xr PKCS7_add_attribute 3 .
 .Xr PKCS7_final 3
 must also be called to finalize the structure if streaming is not
 enabled.
@@ -228,6 +230,7 @@ if an error occurred.
 The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
+.Xr PKCS7_add_attribute 3 ,
 .Xr PKCS7_encrypt 3 ,
 .Xr PKCS7_final 3 ,
 .Xr PKCS7_new 3 ,
diff --git a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3
index f8024d9b5c..28d327fefc 100644
--- a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3
+++ b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.11 2020/06/03 13:41:27 schwarze Exp $
+.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.12 2020/06/04 10:24:27 schwarze Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 3 2020 $
+.Dd $Mdocdate: June 4 2020 $
 .Dt PKCS7_SIGN_ADD_SIGNER 3
 .Os
 .Sh NAME
@@ -162,6 +162,8 @@ If any of these algorithms is disabled, then it will not be included.
 returns an internal pointer to the
 .Vt PKCS7_SIGNER_INFO
 structure just added, which can be used to set additional attributes
+with the functions described in
+.Xr PKCS7_add_attribute 3
 before it is finalized.
 .Sh RETURN VALUES
 .Fn PKCS7_sign_add_signer
@@ -174,6 +176,7 @@ In some cases of failure, the reason can be determined with
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr EVP_DigestInit 3 ,
+.Xr PKCS7_add_attribute 3 ,
 .Xr PKCS7_final 3 ,
 .Xr PKCS7_new 3 ,
 .Xr PKCS7_sign 3
diff --git a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3
index b5c78ee8d4..66779d637b 100644
--- a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3
+++ b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_ATTRIBUTE_new.3,v 1.7 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.8 2020/06/04 10:24:27 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: June 4 2020 $
 .Dt X509_ATTRIBUTE_NEW 3
 .Os
 .Sh NAME
@@ -65,6 +65,7 @@ if an error occurs.
 .Sh SEE ALSO
 .Xr d2i_X509_ATTRIBUTE 3 ,
 .Xr PKCS12_SAFEBAG_new 3 ,
+.Xr PKCS7_add_attribute 3 ,
 .Xr PKCS8_PRIV_KEY_INFO_new 3 ,
 .Xr X509_EXTENSION_new 3 ,
 .Xr X509_new 3 ,
author	schwarze <>	2020-06-04 10:24:27 +0000
committer	schwarze <>	2020-06-04 10:24:27 +0000
commit	ccbb438ec06397c1b8d88c61577810aab63bda79 (patch)
tree	b146fcdf956ef48b5e41ef198b1023403338e489 /src
parent	19f9a4a6a75ddb174cd77d6e0749b6fe9979e7c0 (diff)
download	openbsd-ccbb438ec06397c1b8d88c61577810aab63bda79.tar.gz openbsd-ccbb438ec06397c1b8d88c61577810aab63bda79.tar.bz2 openbsd-ccbb438ec06397c1b8d88c61577810aab63bda79.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 05b992e132..7effea8379 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.165 2020/06/03 13:41:27 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.166 2020/06/04 10:24:27 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -214,6 +214,7 @@ MAN= \
214	PKCS12_parse.3 \	214	PKCS12_parse.3 \
215	PKCS12_SAFEBAG_new.3 \	215	PKCS12_SAFEBAG_new.3 \
216	PKCS5_PBKDF2_HMAC.3 \	216	PKCS5_PBKDF2_HMAC.3 \
		217	PKCS7_add_attribute.3 \
217	PKCS7_dataFinal.3 \	218	PKCS7_dataFinal.3 \
218	PKCS7_dataInit.3 \	219	PKCS7_dataInit.3 \
219	PKCS7_decrypt.3 \	220	PKCS7_decrypt.3 \


diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3 new file mode 100644 index 0000000000..09c36a4d5d --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_add_attribute.3
@@ -0,0 +1,179 @@
		1	.\" $OpenBSD: PKCS7_add_attribute.3,v 1.1 2020/06/04 10:24:27 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: June 4 2020 $
		18	.Dt PKCS7_ADD_ATTRIBUTE 3
		19	.Os
		20	.Sh NAME
		21	.Nm PKCS7_add_attribute ,
		22	.Nm PKCS7_get_attribute ,
		23	.Nm PKCS7_add_signed_attribute ,
		24	.Nm PKCS7_get_signed_attribute
		25	.Nd attributes of SignerInfo objects
		26	.Sh SYNOPSIS
		27	.In openssl/pkcs7.h
		28	.Ft int
		29	.Fo PKCS7_add_attribute
		30	.Fa "PKCS7_SIGNER_INFO *si"
		31	.Fa "int nid"
		32	.Fa "int attrtype"
		33	.Fa "void *value"
		34	.Fc
		35	.Ft ASN1_TYPE *
		36	.Fo PKCS7_get_attribute
		37	.Fa "PKCS7_SIGNER_INFO *si"
		38	.Fa "int nid"
		39	.Fc
		40	.Ft int
		41	.Fo PKCS7_add_signed_attribute
		42	.Fa "PKCS7_SIGNER_INFO *si"
		43	.Fa "int nid"
		44	.Fa "int attrtype"
		45	.Fa "void *value"
		46	.Fc
		47	.Ft ASN1_TYPE *
		48	.Fo PKCS7_get_signed_attribute
		49	.Fa "PKCS7_SIGNER_INFO *si"
		50	.Fa "int nid"
		51	.Fc
		52	.Sh DESCRIPTION
		53	.Fn PKCS7_add_attribute
		54	appends a new attribute of type
		55	.Fa nid
		56	to the
		57	.Fa unauthenticatedAttributes
		58	list of
		59	.Fa si ,
		60	and it adds a new ASN.1 ANY object of type
		61	.Fa attrtype
		62	with the given
		63	.Fa value
		64	to the new attribute.
		65	Ownership of the
		66	.Fa value
		67	is transferred into the new attribute object, so the calling code
		68	must not
		69	.Xr free 3
		70	the
		71	.Fa value .
		72	If the list already contains an unauthenticated attribute of type
		73	.Fa nid
		74	before the call, the new attribute replaces the old one
		75	instead of being appended to the end of the list.
		76	.Pp
		77	.Fn PKCS7_get_attribute
		78	retrieves the first ASN.1 ANY member of the attribute of type
		79	.Fa nid
		80	from the
		81	.Fa unauthenticatedAttributes
		82	list of
		83	.Fa si .
		84	.Pp
		85	The behaviour of
		86	.Fn PKCS7_add_signed_attribute
		87	and
		88	.Fn PKCS7_get_signed_attribute
		89	is identical except that they operate on the list of
		90	.Fa authenticatedAttributes .
		91	.Pp
		92	The normal way to use
		93	.Fn PKCS7_add_signed_attribute
		94	is to first create a
		95	.Vt SignedInfo
		96	object with
		97	.Xr PKCS7_sign 3
		98	using the
		99	.Dv PKCS7_PARTIAL
		100	or
		101	.Dv PKCS7_STREAM
		102	flag, retrieve the
		103	.Vt PKCS7_SIGNER_INFO
		104	object with the undocumented function
		105	.Fn PKCS7_get_signer_info
		106	or add an additional one with
		107	.Xr PKCS7_sign_add_signer 3 ,
		108	call
		109	.Fn PKCS7_add_signed_attribute
		110	for each desired additional attribute, then do the signing with
		111	.Xr PKCS7_final 3
		112	or with another finalizing function.
		113	.Pp
		114	For particular types of attributes, undocumented wrapper functions
		115	.Fn PKCS7_add_attrib_content_type ,
		116	.Fn PKCS7_add1_attrib_digest ,
		117	.Fn PKCS7_add0_attrib_signing_time ,
		118	and
		119	.Fn PKCS7_add_attrib_smimecap
		120	exist.
		121	.Sh RETURN VALUES
		122	.Fn PKCS7_add_attribute
		123	and
		124	.Fn PKCS7_add_signed_attribute
		125	return 1 on success or 0 on failure.
		126	The most common reason for failure is lack of memory.
		127	.Pp
		128	.Fn PKCS7_get_attribute
		129	and
		130	.Fn PKCS7_get_signed_attribute
		131	return an internal pointer to an ASN.1 ANY object or
		132	.Dv NULL
		133	on failure.
		134	They fail if
		135	.Fa nid
		136	is invalid, if the respective list in
		137	.Fa si
		138	contains no attribute of the requested type, or if an invalid element
		139	is found in the list before finding the attribute of the requested type.
		140	.Sh SEE ALSO
		141	.Xr ASN1_TYPE_new 3 ,
		142	.Xr PKCS7_final 3 ,
		143	.Xr PKCS7_new 3 ,
		144	.Xr PKCS7_sign 3 ,
		145	.Xr PKCS7_sign_add_signer 3 ,
		146	.Xr STACK_OF 3 ,
		147	.Xr X509_ATTRIBUTE_new 3
		148	.Sh STANDARDS
		149	RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5,
		150	section 9.2: SignerInfo type
		151	.Sh HISTORY
		152	These functions first appeared in OpenSSL 0.9.1
		153	and have been available since
		154	.Ox 2.6 .
		155	.Sh BUGS
		156	Adding an attribute with an invalid
		157	.Fa nid
		158	ought to fail, but it actually succeeds
		159	setting the type of the new attribute to
		160	.Dv NULL .
		161	Subsequent attempts to retrieve attributes
		162	may cause the program to crash due to
		163	.Dv NULL
		164	pointer access.
		165	.Pp
		166	A function to remove individual attributes from these lists
		167	does not appear to exist.
		168	A program desiring to do that might have to manually iterate the fields
		169	.Fa auth_attr
		170	and
		171	.Fa unauth_attr
		172	of
		173	.Fa si ,
		174	which are both of type
		175	.Vt STACK_OF(X509_ATTRIBUTE) ,
		176	using the facilities described in
		177	.Xr STACK_OF 3
		178	and
		179	.Xr OPENSSL_sk_new 3 .


diff --git a/src/lib/libcrypto/man/PKCS7_final.3 b/src/lib/libcrypto/man/PKCS7_final.3 index 593483bb6d..7c9e51521a 100644 --- a/src/lib/libcrypto/man/PKCS7_final.3 +++ b/src/lib/libcrypto/man/PKCS7_final.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: PKCS7_final.3,v 1.1 2020/06/03 13:41:27 schwarze Exp $	1	.\" $OpenBSD: PKCS7_final.3,v 1.2 2020/06/04 10:24:27 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: June 3 2020 $	17	.Dd $Mdocdate: June 4 2020 $
18	.Dt PKCS7_FINAL 3	18	.Dt PKCS7_FINAL 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -186,6 +186,7 @@ Signers lacking private keys do not cause failure but are silently skipped.
186	.Xr BIO_new 3 ,	186	.Xr BIO_new 3 ,
187	.Xr i2d_PKCS7_bio_stream 3 ,	187	.Xr i2d_PKCS7_bio_stream 3 ,
188	.Xr PEM_write_bio_PKCS7_stream 3 ,	188	.Xr PEM_write_bio_PKCS7_stream 3 ,
		189	.Xr PKCS7_add_attribute 3 ,
189	.Xr PKCS7_dataFinal 3 ,	190	.Xr PKCS7_dataFinal 3 ,
190	.Xr PKCS7_dataInit 3 ,	191	.Xr PKCS7_dataInit 3 ,
191	.Xr PKCS7_encrypt 3 ,	192	.Xr PKCS7_encrypt 3 ,


diff --git a/src/lib/libcrypto/man/PKCS7_new.3 b/src/lib/libcrypto/man/PKCS7_new.3 index 4abe3698e6..c5eebe96d5 100644 --- a/src/lib/libcrypto/man/PKCS7_new.3 +++ b/src/lib/libcrypto/man/PKCS7_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: PKCS7_new.3,v 1.10 2020/05/27 12:00:44 schwarze Exp $	1	.\" $OpenBSD: PKCS7_new.3,v 1.11 2020/06/04 10:24:27 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: May 27 2020 $	17	.Dd $Mdocdate: June 4 2020 $
18	.Dt PKCS7_NEW 3	18	.Dt PKCS7_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -246,6 +246,7 @@ frees
246	.Xr i2d_PKCS7_bio_stream 3 ,	246	.Xr i2d_PKCS7_bio_stream 3 ,
247	.Xr PEM_read_PKCS7 3 ,	247	.Xr PEM_read_PKCS7 3 ,
248	.Xr PEM_write_bio_PKCS7_stream 3 ,	248	.Xr PEM_write_bio_PKCS7_stream 3 ,
		249	.Xr PKCS7_add_attribute 3 ,
249	.Xr PKCS7_dataFinal 3 ,	250	.Xr PKCS7_dataFinal 3 ,
250	.Xr PKCS7_dataInit 3 ,	251	.Xr PKCS7_dataInit 3 ,
251	.Xr PKCS7_decrypt 3 ,	252	.Xr PKCS7_decrypt 3 ,


diff --git a/src/lib/libcrypto/man/PKCS7_sign.3 b/src/lib/libcrypto/man/PKCS7_sign.3 index d5f4c89c61..c9b13680c3 100644 --- a/src/lib/libcrypto/man/PKCS7_sign.3 +++ b/src/lib/libcrypto/man/PKCS7_sign.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: PKCS7_sign.3,v 1.11 2020/06/03 13:41:27 schwarze Exp $	1	.\" $OpenBSD: PKCS7_sign.3,v 1.12 2020/06/04 10:24:27 schwarze Exp $
2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100	2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: June 3 2020 $	52	.Dd $Mdocdate: June 4 2020 $
53	.Dt PKCS7_SIGN 3	53	.Dt PKCS7_SIGN 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -196,7 +196,9 @@ if the
196	.Dv PKCS7_PARTIAL	196	.Dv PKCS7_PARTIAL
197	flag is set.	197	flag is set.
198	One or more signers can be added using the function	198	One or more signers can be added using the function
199	.Xr PKCS7_sign_add_signer 3 .	199	.Xr PKCS7_sign_add_signer 3
		200	and attributes can be added using the functions described in
		201	.Xr PKCS7_add_attribute 3 .
200	.Xr PKCS7_final 3	202	.Xr PKCS7_final 3
201	must also be called to finalize the structure if streaming is not	203	must also be called to finalize the structure if streaming is not
202	enabled.	204	enabled.
@@ -228,6 +230,7 @@ if an error occurred.
228	The error can be obtained from	230	The error can be obtained from
229	.Xr ERR_get_error 3 .	231	.Xr ERR_get_error 3 .
230	.Sh SEE ALSO	232	.Sh SEE ALSO
		233	.Xr PKCS7_add_attribute 3 ,
231	.Xr PKCS7_encrypt 3 ,	234	.Xr PKCS7_encrypt 3 ,
232	.Xr PKCS7_final 3 ,	235	.Xr PKCS7_final 3 ,
233	.Xr PKCS7_new 3 ,	236	.Xr PKCS7_new 3 ,


diff --git a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 index f8024d9b5c..28d327fefc 100644 --- a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.11 2020/06/03 13:41:27 schwarze Exp $	1	.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.12 2020/06/04 10:24:27 schwarze Exp $
2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100	2	.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: June 3 2020 $	52	.Dd $Mdocdate: June 4 2020 $
53	.Dt PKCS7_SIGN_ADD_SIGNER 3	53	.Dt PKCS7_SIGN_ADD_SIGNER 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -162,6 +162,8 @@ If any of these algorithms is disabled, then it will not be included.
162	returns an internal pointer to the	162	returns an internal pointer to the
163	.Vt PKCS7_SIGNER_INFO	163	.Vt PKCS7_SIGNER_INFO
164	structure just added, which can be used to set additional attributes	164	structure just added, which can be used to set additional attributes
		165	with the functions described in
		166	.Xr PKCS7_add_attribute 3
165	before it is finalized.	167	before it is finalized.
166	.Sh RETURN VALUES	168	.Sh RETURN VALUES
167	.Fn PKCS7_sign_add_signer	169	.Fn PKCS7_sign_add_signer
@@ -174,6 +176,7 @@ In some cases of failure, the reason can be determined with
174	.Xr ERR_get_error 3 .	176	.Xr ERR_get_error 3 .
175	.Sh SEE ALSO	177	.Sh SEE ALSO
176	.Xr EVP_DigestInit 3 ,	178	.Xr EVP_DigestInit 3 ,
		179	.Xr PKCS7_add_attribute 3 ,
177	.Xr PKCS7_final 3 ,	180	.Xr PKCS7_final 3 ,
178	.Xr PKCS7_new 3 ,	181	.Xr PKCS7_new 3 ,
179	.Xr PKCS7_sign 3	182	.Xr PKCS7_sign 3


diff --git a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 index b5c78ee8d4..66779d637b 100644 --- a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 +++ b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.7 2019/06/06 01:06:59 schwarze Exp $	1	.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.8 2020/06/04 10:24:27 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: June 6 2019 $	17	.Dd $Mdocdate: June 4 2020 $
18	.Dt X509_ATTRIBUTE_NEW 3	18	.Dt X509_ATTRIBUTE_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -65,6 +65,7 @@ if an error occurs.
65	.Sh SEE ALSO	65	.Sh SEE ALSO
66	.Xr d2i_X509_ATTRIBUTE 3 ,	66	.Xr d2i_X509_ATTRIBUTE 3 ,
67	.Xr PKCS12_SAFEBAG_new 3 ,	67	.Xr PKCS12_SAFEBAG_new 3 ,
		68	.Xr PKCS7_add_attribute 3 ,
68	.Xr PKCS8_PRIV_KEY_INFO_new 3 ,	69	.Xr PKCS8_PRIV_KEY_INFO_new 3 ,
69	.Xr X509_EXTENSION_new 3 ,	70	.Xr X509_EXTENSION_new 3 ,
70	.Xr X509_new 3 ,	71	.Xr X509_new 3 ,