1 files changed, 107 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3
new file mode 100644
index 0000000000..d942a03e34
--- /dev/null
+++ b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3
@@ -0,0 +1,107 @@
+.\"     $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.1 2016/12/14 02:03:50 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 14 2016 $
+.Dt ESS_SIGNING_CERT_NEW 3
+.Os
+.Sh NAME
+.Nm ESS_SIGNING_CERT_new ,
+.Nm ESS_SIGNING_CERT_free ,
+.Nm ESS_CERT_ID_new ,
+.Nm ESS_CERT_ID_free ,
+.Nm ESS_ISSUER_SERIAL_new ,
+.Nm ESS_ISSUER_SERIAL_free
+.Nd signing certificates for S/MIME
+.Sh SYNOPSIS
+.In openssl/ts.h
+.Ft ESS_SIGNING_CERT *
+.Fn ESS_SIGNING_CERT_new void
+.Ft void
+.Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert"
+.Ft ESS_CERT_ID *
+.Fn ESS_CERT_ID_new void
+.Ft void
+.Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id"
+.Ft ESS_ISSUER_SERIAL *
+.Fn ESS_ISSUER_SERIAL_new void
+.Ft void
+.Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial"
+.Sh DESCRIPTION
+The signing certificate may be included in the signedAttributes
+field of a SignerInfo structure to mitigate simple substitution and
+re-issue attacks.
+.Pp
+.Fn ESS_SIGNING_CERT_new
+allocates and initializes an empty
+.Vt ESS_SIGNING_CERT
+object, representing an ASN.1 SigningCertificate structure
+defined in RFC 2634 section 5.4.
+It can hold the certificate used for signing the data,
+additional authorization certificates that can be used during
+validation, and policies applying to the certificate.
+.Fn ESS_SIGNING_CERT_free
+frees
+.Fa signing_cert .
+.Pp
+.Fn ESS_CERT_ID_new
+allocates and initializes an empty
+.Vt ESS_CERT_ID
+object, representing an ASN.1 ESSCertID structure
+defined in RFC 2634 section 5.4.1.
+Such objects can be used inside
+.Vt ESS_SIGNING_CERT
+objects, and each one can hold an SHA1 hash of one certificate.
+.Fn ESS_CERT_ID_free
+frees
+.Fa cert_id .
+.Pp
+.Fn ESS_ISSUER_SERIAL_new
+allocates and initializes an empty
+.Vt ESS_ISSUER_SERIAL
+object, representing an ASN.1 IssuerSerial structure
+defined in RFC 2634 section 5.4.1.
+It can hold an issuer name and a serial number and can be included in an
+.Vt ESS_CERT_ID
+object, which is useful for additional authorization certificates,
+but redundant for the signing certificate itself.
+.Fn ESS_ISSUER_SERIAL_free
+frees
+.Fa issuer_serial .
+.Sh RETURN VALUES
+.Fn ESS_SIGNING_CERT_new ,
+.Fn ESS_CERT_ID_new ,
+and
+.Fn ESS_ISSUER_SERIAL_new
+return the new
+.Vt ESS_SIGNING_CERT ,
+.Vt ESS_CERT_ID ,
+or
+.Vt ESS_ISSUER_SERIAL
+object, respectively, or
+.Dv NULL
+if an error occurred.
+.Sh STANDARDS
+RFC 2634: Enhanced Security Services for S/MIME,
+section 5: Signing Certificate Attribute
+.Pp
+Note that RFC 2634 has been updated by RFC 5035:
+Enhanced Security Services (ESS) Update:
+Adding CertID Algorithm Agility.
+But the current implementation only supports the
+Signing Certificate Attribute Definition Version 1
+according to RFC 2634, not the
+Signing Certificate Attribute Definition Version 2
+according to RFC 5035.

diff --git a/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 new file mode 100644 index 0000000000..d942a03e34 --- /dev/null +++ b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3
@@ -0,0 +1,107 @@
	1	.\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.1 2016/12/14 02:03:50 schwarze Exp $
	2	.\"
	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: December 14 2016 $
	18	.Dt ESS_SIGNING_CERT_NEW 3
	19	.Os
	20	.Sh NAME
	21	.Nm ESS_SIGNING_CERT_new ,
	22	.Nm ESS_SIGNING_CERT_free ,
	23	.Nm ESS_CERT_ID_new ,
	24	.Nm ESS_CERT_ID_free ,
	25	.Nm ESS_ISSUER_SERIAL_new ,
	26	.Nm ESS_ISSUER_SERIAL_free
	27	.Nd signing certificates for S/MIME
	28	.Sh SYNOPSIS
	29	.In openssl/ts.h
	30	.Ft ESS_SIGNING_CERT *
	31	.Fn ESS_SIGNING_CERT_new void
	32	.Ft void
	33	.Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert"
	34	.Ft ESS_CERT_ID *
	35	.Fn ESS_CERT_ID_new void
	36	.Ft void
	37	.Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id"
	38	.Ft ESS_ISSUER_SERIAL *
	39	.Fn ESS_ISSUER_SERIAL_new void
	40	.Ft void
	41	.Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial"
	42	.Sh DESCRIPTION
	43	The signing certificate may be included in the signedAttributes
	44	field of a SignerInfo structure to mitigate simple substitution and
	45	re-issue attacks.
	46	.Pp
	47	.Fn ESS_SIGNING_CERT_new
	48	allocates and initializes an empty
	49	.Vt ESS_SIGNING_CERT
	50	object, representing an ASN.1 SigningCertificate structure
	51	defined in RFC 2634 section 5.4.
	52	It can hold the certificate used for signing the data,
	53	additional authorization certificates that can be used during
	54	validation, and policies applying to the certificate.
	55	.Fn ESS_SIGNING_CERT_free
	56	frees
	57	.Fa signing_cert .
	58	.Pp
	59	.Fn ESS_CERT_ID_new
	60	allocates and initializes an empty
	61	.Vt ESS_CERT_ID
	62	object, representing an ASN.1 ESSCertID structure
	63	defined in RFC 2634 section 5.4.1.
	64	Such objects can be used inside
	65	.Vt ESS_SIGNING_CERT
	66	objects, and each one can hold an SHA1 hash of one certificate.
	67	.Fn ESS_CERT_ID_free
	68	frees
	69	.Fa cert_id .
	70	.Pp
	71	.Fn ESS_ISSUER_SERIAL_new
	72	allocates and initializes an empty
	73	.Vt ESS_ISSUER_SERIAL
	74	object, representing an ASN.1 IssuerSerial structure
	75	defined in RFC 2634 section 5.4.1.
	76	It can hold an issuer name and a serial number and can be included in an
	77	.Vt ESS_CERT_ID
	78	object, which is useful for additional authorization certificates,
	79	but redundant for the signing certificate itself.
	80	.Fn ESS_ISSUER_SERIAL_free
	81	frees
	82	.Fa issuer_serial .
	83	.Sh RETURN VALUES
	84	.Fn ESS_SIGNING_CERT_new ,
	85	.Fn ESS_CERT_ID_new ,
	86	and
	87	.Fn ESS_ISSUER_SERIAL_new
	88	return the new
	89	.Vt ESS_SIGNING_CERT ,
	90	.Vt ESS_CERT_ID ,
	91	or
	92	.Vt ESS_ISSUER_SERIAL
	93	object, respectively, or
	94	.Dv NULL
	95	if an error occurred.
	96	.Sh STANDARDS
	97	RFC 2634: Enhanced Security Services for S/MIME,
	98	section 5: Signing Certificate Attribute
	99	.Pp
	100	Note that RFC 2634 has been updated by RFC 5035:
	101	Enhanced Security Services (ESS) Update:
	102	Adding CertID Algorithm Agility.
	103	But the current implementation only supports the
	104	Signing Certificate Attribute Definition Version 1
	105	according to RFC 2634, not the
	106	Signing Certificate Attribute Definition Version 2
	107	according to RFC 5035.