1 files changed, 203 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/CMS_add1_signer.3 b/src/lib/libcrypto/man/CMS_add1_signer.3
new file mode 100644
index 0000000000..065e15c7be
--- /dev/null
+++ b/src/lib/libcrypto/man/CMS_add1_signer.3
@@ -0,0 +1,203 @@
+.\" $OpenBSD: CMS_add1_signer.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
+.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 10 2019 $
+.Dt CMS_ADD1_SIGNER 3
+.Os
+.Sh NAME
+.Nm CMS_add1_signer ,
+.Nm CMS_SignerInfo_sign
+.Nd add a signer to a CMS_ContentInfo signed data structure
+.Sh SYNOPSIS
+.In openssl/cms.h
+.Ft CMS_SignerInfo *
+.Fo CMS_add1_signer
+.Fa "CMS_ContentInfo *cms"
+.Fa "X509 *signcert"
+.Fa "EVP_PKEY *pkey"
+.Fa "const EVP_MD *md"
+.Fa "unsigned int flags"
+.Fc
+.Ft int
+.Fo CMS_SignerInfo_sign
+.Fa "CMS_SignerInfo *si"
+.Fc
+.Sh DESCRIPTION
+.Fn CMS_add1_signer
+adds a signer with certificate
+.Fa signcert
+and private key
+.Fa pkey
+using message digest
+.Fa md
+to the
+.Vt CMS_ContentInfo
+SignedData structure
+.Fa cms .
+.Pp
+The
+.Vt CMS_ContentInfo
+structure should be obtained from an initial call to
+.Xr CMS_sign 3
+with the flag
+.Dv CMS_PARTIAL
+set or in the case or re-signing a valid
+.Vt CMS_ContentInfo
+SignedData structure.
+.Pp
+If the
+.Fa md
+parameter is
+.Dv NULL ,
+then the default digest for the public key algorithm will be used.
+.Pp
+Unless the
+.Dv CMS_REUSE_DIGEST
+flag is set, the returned
+.Vt CMS_ContentInfo
+structure is not complete and must be finalized either by streaming
+(if applicable) or a call to
+.Xr CMS_final 3 .
+.Pp
+The
+.Fn CMS_SignerInfo_sign
+function will explicitly sign a
+.Vt CMS_SignerInfo
+structure.
+Its main use is when the
+.Dv CMS_REUSE_DIGEST
+and
+.Dv CMS_PARTIAL
+flags are both set.
+.Pp
+The main purpose of
+.Fn CMS_add1_signer
+is to provide finer control over a CMS signed data structure where the
+simpler
+.Xr CMS_sign 3
+function defaults are not appropriate, for example if multiple signers
+or non default digest algorithms are needed.
+New attributes can also be added using the returned
+.Vt CMS_SignerInfo
+structure and the CMS attribute utility functions or the CMS signed
+receipt request functions.
+.Pp
+Any of the following flags (OR'ed together) can be passed in the
+.Fa flags
+parameter:
+.Bl -tag -width Ds
+.It Dv CMS_REUSE_DIGEST
+Attempt to copy the content digest value from the
+.Vt CMS_ContentInfo
+structure to add a signer to an existing structure.
+An error occurs if a matching digest value cannot be found to copy.
+The returned
+.Vt CMS_ContentInfo
+structure will be valid and finalized when this flag is set.
+.It Dv CMS_PARTIAL
+If this flag is set in addition to
+.Dv CMS_REUSE_DIGEST ,
+then the
+.Vt CMS_SignerInfo
+structure will not be finalized so additional attributes can be added.
+In this case an explicit call to
+.Fn CMS_SignerInfo_sign
+is needed to finalize it.
+.It Dv CMS_NOCERTS
+Do not include the signer's certificate in the
+.Vt CMS_ContentInfo
+structure.
+The signer's certificate must still be supplied in the
+.Fa signcert
+parameter though.
+This can reduce the size of the signature if the signer's certificate can
+be obtained by other means, for example from a previously signed message.
+.Pp
+The SignedData structure includes several CMS signedAttributes including
+the signing time, the CMS content type and the supported list of ciphers
+in an SMIMECapabilities attribute.
+.It Dv CMS_NOATTR
+Use no signedAttributes.
+.It Dv CMS_NOSMIMECAP
+Omit just the SMIMECapabilities.
+.It Dv CMS_USE_KEYID
+Use the subject key identifier value to identify signing certificates.
+An error occurs if the signing certificate does not have a subject key
+identifier extension.
+By default, issuer name and serial number are used instead.
+.El
+.Pp
+If present, the SMIMECapabilities attribute indicates support for the
+following algorithms in preference order: 256 bit AES, Gost R3411-94,
+Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
+RC2, DES and 40 bit RC2.
+If any of these algorithms is not available then it will not be
+included: for example the GOST algorithms will not be included if
+the GOST ENGINE is not loaded.
+.Pp
+.Fn CMS_add1_signer
+returns an internal pointer to the
+.Vt CMS_SignerInfo
+structure just added.
+This can be used to set additional attributes before it is finalized.
+.Sh RETURN VALUES
+.Fn CMS_add1_signer
+returns an internal pointer to the
+.Vt CMS_SignerInfo
+structure just added or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr CMS_final 3 ,
+.Xr CMS_sign 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn CMS_add1_signer
+was added to OpenSSL 0.9.8.

diff --git a/src/lib/libcrypto/man/CMS_add1_signer.3 b/src/lib/libcrypto/man/CMS_add1_signer.3 new file mode 100644 index 0000000000..065e15c7be --- /dev/null +++ b/src/lib/libcrypto/man/CMS_add1_signer.3
@@ -0,0 +1,203 @@
	1	.\" $OpenBSD: CMS_add1_signer.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
	5	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\"
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\"
	14	.\" 2. Redistributions in binary form must reproduce the above copyright
	15	.\" notice, this list of conditions and the following disclaimer in
	16	.\" the documentation and/or other materials provided with the
	17	.\" distribution.
	18	.\"
	19	.\" 3. All advertising materials mentioning features or use of this
	20	.\" software must display the following acknowledgment:
	21	.\" "This product includes software developed by the OpenSSL Project
	22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	.\"
	24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	.\" endorse or promote products derived from this software without
	26	.\" prior written permission. For written permission, please contact
	27	.\" openssl-core@openssl.org.
	28	.\"
	29	.\" 5. Products derived from this software may not be called "OpenSSL"
	30	.\" nor may "OpenSSL" appear in their names without prior written
	31	.\" permission of the OpenSSL Project.
	32	.\"
	33	.\" 6. Redistributions of any form whatsoever must retain the following
	34	.\" acknowledgment:
	35	.\" "This product includes software developed by the OpenSSL Project
	36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	.\"
	38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	50	.\"
	51	.Dd $Mdocdate: August 10 2019 $
	52	.Dt CMS_ADD1_SIGNER 3
	53	.Os
	54	.Sh NAME
	55	.Nm CMS_add1_signer ,
	56	.Nm CMS_SignerInfo_sign
	57	.Nd add a signer to a CMS_ContentInfo signed data structure
	58	.Sh SYNOPSIS
	59	.In openssl/cms.h
	60	.Ft CMS_SignerInfo *
	61	.Fo CMS_add1_signer
	62	.Fa "CMS_ContentInfo *cms"
	63	.Fa "X509 *signcert"
	64	.Fa "EVP_PKEY *pkey"
	65	.Fa "const EVP_MD *md"
	66	.Fa "unsigned int flags"
	67	.Fc
	68	.Ft int
	69	.Fo CMS_SignerInfo_sign
	70	.Fa "CMS_SignerInfo *si"
	71	.Fc
	72	.Sh DESCRIPTION
	73	.Fn CMS_add1_signer
	74	adds a signer with certificate
	75	.Fa signcert
	76	and private key
	77	.Fa pkey
	78	using message digest
	79	.Fa md
	80	to the
	81	.Vt CMS_ContentInfo
	82	SignedData structure
	83	.Fa cms .
	84	.Pp
	85	The
	86	.Vt CMS_ContentInfo
	87	structure should be obtained from an initial call to
	88	.Xr CMS_sign 3
	89	with the flag
	90	.Dv CMS_PARTIAL
	91	set or in the case or re-signing a valid
	92	.Vt CMS_ContentInfo
	93	SignedData structure.
	94	.Pp
	95	If the
	96	.Fa md
	97	parameter is
	98	.Dv NULL ,
	99	then the default digest for the public key algorithm will be used.
	100	.Pp
	101	Unless the
	102	.Dv CMS_REUSE_DIGEST
	103	flag is set, the returned
	104	.Vt CMS_ContentInfo
	105	structure is not complete and must be finalized either by streaming
	106	(if applicable) or a call to
	107	.Xr CMS_final 3 .
	108	.Pp
	109	The
	110	.Fn CMS_SignerInfo_sign
	111	function will explicitly sign a
	112	.Vt CMS_SignerInfo
	113	structure.
	114	Its main use is when the
	115	.Dv CMS_REUSE_DIGEST
	116	and
	117	.Dv CMS_PARTIAL
	118	flags are both set.
	119	.Pp
	120	The main purpose of
	121	.Fn CMS_add1_signer
	122	is to provide finer control over a CMS signed data structure where the
	123	simpler
	124	.Xr CMS_sign 3
	125	function defaults are not appropriate, for example if multiple signers
	126	or non default digest algorithms are needed.
	127	New attributes can also be added using the returned
	128	.Vt CMS_SignerInfo
	129	structure and the CMS attribute utility functions or the CMS signed
	130	receipt request functions.
	131	.Pp
	132	Any of the following flags (OR'ed together) can be passed in the
	133	.Fa flags
	134	parameter:
	135	.Bl -tag -width Ds
	136	.It Dv CMS_REUSE_DIGEST
	137	Attempt to copy the content digest value from the
	138	.Vt CMS_ContentInfo
	139	structure to add a signer to an existing structure.
	140	An error occurs if a matching digest value cannot be found to copy.
	141	The returned
	142	.Vt CMS_ContentInfo
	143	structure will be valid and finalized when this flag is set.
	144	.It Dv CMS_PARTIAL
	145	If this flag is set in addition to
	146	.Dv CMS_REUSE_DIGEST ,
	147	then the
	148	.Vt CMS_SignerInfo
	149	structure will not be finalized so additional attributes can be added.
	150	In this case an explicit call to
	151	.Fn CMS_SignerInfo_sign
	152	is needed to finalize it.
	153	.It Dv CMS_NOCERTS
	154	Do not include the signer's certificate in the
	155	.Vt CMS_ContentInfo
	156	structure.
	157	The signer's certificate must still be supplied in the
	158	.Fa signcert
	159	parameter though.
	160	This can reduce the size of the signature if the signer's certificate can
	161	be obtained by other means, for example from a previously signed message.
	162	.Pp
	163	The SignedData structure includes several CMS signedAttributes including
	164	the signing time, the CMS content type and the supported list of ciphers
	165	in an SMIMECapabilities attribute.
	166	.It Dv CMS_NOATTR
	167	Use no signedAttributes.
	168	.It Dv CMS_NOSMIMECAP
	169	Omit just the SMIMECapabilities.
	170	.It Dv CMS_USE_KEYID
	171	Use the subject key identifier value to identify signing certificates.
	172	An error occurs if the signing certificate does not have a subject key
	173	identifier extension.
	174	By default, issuer name and serial number are used instead.
	175	.El
	176	.Pp
	177	If present, the SMIMECapabilities attribute indicates support for the
	178	following algorithms in preference order: 256 bit AES, Gost R3411-94,
	179	Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
	180	RC2, DES and 40 bit RC2.
	181	If any of these algorithms is not available then it will not be
	182	included: for example the GOST algorithms will not be included if
	183	the GOST ENGINE is not loaded.
	184	.Pp
	185	.Fn CMS_add1_signer
	186	returns an internal pointer to the
	187	.Vt CMS_SignerInfo
	188	structure just added.
	189	This can be used to set additional attributes before it is finalized.
	190	.Sh RETURN VALUES
	191	.Fn CMS_add1_signer
	192	returns an internal pointer to the
	193	.Vt CMS_SignerInfo
	194	structure just added or
	195	.Dv NULL
	196	if an error occurs.
	197	.Sh SEE ALSO
	198	.Xr CMS_final 3 ,
	199	.Xr CMS_sign 3 ,
	200	.Xr ERR_get_error 3
	201	.Sh HISTORY
	202	.Fn CMS_add1_signer
	203	was added to OpenSSL 0.9.8.