1 files changed, 0 insertions, 365 deletions
diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3
deleted file mode 100644
index 4a1c350f98..0000000000
--- a/src/lib/libcrypto/man/PKCS7_add_attribute.3
+++ /dev/null
@@ -1,365 +0,0 @@
-.\" $OpenBSD: PKCS7_add_attribute.3,v 1.3 2020/06/10 11:39:12 schwarze Exp $
-.\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 10 2020 $
-.Dt PKCS7_ADD_ATTRIBUTE 3
-.Os
-.Sh NAME
-.Nm PKCS7_add_attribute ,
-.Nm PKCS7_set_attributes ,
-.Nm PKCS7_get_attribute ,
-.Nm PKCS7_add_signed_attribute ,
-.Nm PKCS7_set_signed_attributes ,
-.Nm PKCS7_get_signed_attribute ,
-.Nm PKCS7_add_attrib_content_type ,
-.Nm PKCS7_add1_attrib_digest ,
-.Nm PKCS7_add0_attrib_signing_time ,
-.Nm PKCS7_add_attrib_smimecap
-.Nd attributes of SignerInfo objects
-.Sh SYNOPSIS
-.In openssl/pkcs7.h
-.Ft int
-.Fo PKCS7_add_attribute
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "int nid"
-.Fa "int attrtype"
-.Fa "void *value"
-.Fc
-.Ft int
-.Fo PKCS7_set_attributes
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "STACK_OF(X509_ATTRIBUTE) *sk"
-.Fc
-.Ft ASN1_TYPE *
-.Fo PKCS7_get_attribute
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo PKCS7_add_signed_attribute
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "int nid"
-.Fa "int attrtype"
-.Fa "void *value"
-.Fc
-.Ft int
-.Fo PKCS7_set_signed_attributes
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "STACK_OF(X509_ATTRIBUTE) *sk"
-.Fc
-.Ft ASN1_TYPE *
-.Fo PKCS7_get_signed_attribute
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo PKCS7_add_attrib_content_type
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "ASN1_OBJECT *coid"
-.Fc
-.Ft int
-.Fo PKCS7_add1_attrib_digest
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "const unsigned char *md"
-.Fa "int mdlen"
-.Fc
-.Ft int
-.Fo PKCS7_add0_attrib_signing_time
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "ASN1_TIME *t"
-.Fc
-.Ft int
-.Fo PKCS7_add_attrib_smimecap
-.Fa "PKCS7_SIGNER_INFO *si"
-.Fa "STACK_OF(X509_ALGOR) *cap"
-.Fc
-.Sh DESCRIPTION
-.Fn PKCS7_add_attribute
-appends a new attribute of type
-.Fa nid
-to the
-.Fa unauthenticatedAttributes
-list of
-.Fa si ,
-and it adds a new ASN.1 ANY object of type
-.Fa attrtype
-with the given
-.Fa value
-to the new attribute.
-Ownership of the
-.Fa value
-is transferred into the new attribute object, so the calling code
-must not
-.Xr free 3
-the
-.Fa value .
-If the list already contains an unauthenticated attribute of type
-.Fa nid
-before the call, the new attribute replaces the old one
-instead of being appended to the end of the list.
-.Pp
-.Fn PKCS7_set_attributes
-frees the
-.Fa unauthenticatedAttributes
-list of
-.Fa si
-and all the attributes contained in it and replaces it with a deep copy of
-.Fa sk .
-.Pp
-.Fn PKCS7_get_attribute
-retrieves the first ASN.1 ANY member of the attribute of type
-.Fa nid
-from the
-.Fa unauthenticatedAttributes
-list of
-.Fa si .
-.Pp
-The behaviour of
-.Fn PKCS7_add_signed_attribute ,
-.Fn PKCS7_set_signed_attributes ,
-and
-.Fn PKCS7_get_signed_attribute
-is identical except that they operate on the list of
-.Fa authenticatedAttributes .
-.Pp
-The normal way to use
-.Fn PKCS7_add_signed_attribute
-is to first create a
-.Vt SignedInfo
-object with
-.Xr PKCS7_sign 3
-using the
-.Dv PKCS7_PARTIAL
-or
-.Dv PKCS7_STREAM
-flag, retrieve the
-.Vt PKCS7_SIGNER_INFO
-object with
-.Xr PKCS7_get_signer_info 3
-or add an additional one with
-.Xr PKCS7_sign_add_signer 3 ,
-call
-.Fn PKCS7_add_signed_attribute
-for each desired additional attribute, then do the signing with
-.Xr PKCS7_final 3
-or with another finalizing function.
-.Pp
-The four remaining functions are wrappers around
-.Fn PKCS7_add_signed_attribute .
-.Pp
-.Fn PKCS7_add_attrib_content_type
-sets the
-.Dv NID_pkcs9_contentType
-attribute to
-.Fa coid ,
-which specifies the content type of the
-.Vt ContentInfo
-value to be signed.
-This attribute is mandatory and automatically added by
-.Xr PKCS7_sign 3
-and
-.Xr PKCS7_sign_add_signer 3
-unless the
-.Dv PKCS7_NOATTR
-flag is present.
-Objects suitable as
-.Fa coid
-arguments can for example be obtained with
-.Xr OBJ_nid2obj 3 .
-If
-.Fa coid
-is
-.Dv NULL ,
-the content type defaults to
-.Dv NID_pkcs7_data .
-.Pp
-.Fn PKCS7_add1_attrib_digest
-sets or replaces the
-.Dv NID_pkcs9_messageDigest
-attribute, which is the message digest of the contents octets
-of the DER-encoding of the content field of the
-.Vt ContentInfo
-value being signed, to a copy of
-.Fa md ,
-which is assumed to be
-.Fa mdlen
-bytes long.
-If
-.Fa mdlen
-is -1, then
-.Fn strlen md
-is used instead of
-.Fa mdlen .
-This attribute is mandatory and automatically added by
-.Xr PKCS7_dataFinal 3
-and
-.Xr PKCS7_final 3 .
-.Pp
-.Fn PKCS7_add0_attrib_signing_time
-sets or replaces the optional
-.Dv NID_pkcs9_signingTime
-attribute to
-.Fa t ,
-specifying the time at which the signer performed the signing process.
-Ownership of
-.Fa t
-is transferred into the new attribute object, so the calling code
-must not
-.Xr free 3
-.Fa t .
-If
-.Fa t
-is
-.Dv NULL ,
-a new
-.Vt ASN1_TIME
-structure is allocated.
-This attribute is automatically added by
-.Xr PKCS7_dataFinal 3
-and
-.Xr PKCS7_final 3 .
-.Pp
-.Fn PKCS7_add_attrib_smimecap
-sets or replaces the optional
-.Dv NID_SMIMECapabilities
-attribute, indicating algorithms the sender is prepared to handle.
-The
-.Fa cap
-pointer is not stored in the new attribute object and can be passed to
-.Fn sk_X509_ALGOR_pop_free
-after the call.
-This attribute is automatically added by
-.Xr PKCS7_sign 3
-and
-.Xr PKCS7_sign_add_signer 3
-unless the
-.Dv PKCS7_NOATTR
-or
-.Dv PKCS7_NOSMIMECAP
-flag is present.
-.Sh RETURN VALUES
-.Fn PKCS7_add_attribute ,
-.Fn PKCS7_set_attributes ,
-.Fn PKCS7_add_signed_attribute ,
-.Fn PKCS7_set_signed_attributes ,
-.Fn PKCS7_add_attrib_content_type ,
-.Fn PKCS7_add1_attrib_digest ,
-.Fn PKCS7_add0_attrib_signing_time ,
-and
-.Fn PKCS7_add_attrib_smimecap
-return 1 on success or 0 on failure.
-The most common reason for failure is lack of memory.
-.Fn PKCS7_add_attribute
-and
-.Fn PKCS7_add_signed_attribute
-also fail if
-.Fa nid
-is invalid, and
-.Fn PKCS7_add_attrib_content_type
-if
-.Fa si
-already contains an authenticated attribute of type
-.Dv NID_pkcs9_contentType .
-.Pp
-.Fn PKCS7_get_attribute
-and
-.Fn PKCS7_get_signed_attribute
-return an internal pointer to an ASN.1 ANY object or
-.Dv NULL
-on failure.
-They fail if
-.Fa nid
-is invalid, if the respective list in
-.Fa si
-contains no attribute of the requested type, or if an invalid element
-is found in the list before finding the attribute of the requested type.
-.Sh SEE ALSO
-.Xr ASN1_TIME_new 3 ,
-.Xr ASN1_TYPE_new 3 ,
-.Xr OBJ_nid2obj 3 ,
-.Xr PKCS7_final 3 ,
-.Xr PKCS7_get_signer_info 3 ,
-.Xr PKCS7_new 3 ,
-.Xr PKCS7_sign 3 ,
-.Xr PKCS7_sign_add_signer 3 ,
-.Xr STACK_OF 3 ,
-.Xr X509_ALGOR_new 3 ,
-.Xr X509_ATTRIBUTE_new 3
-.Sh STANDARDS
-RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5,
-section 9.2: SignerInfo type
-.Pp
-RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0,
-section 5.3: Attribute types for use in PKCS #7 data
-and section 5.6: Attributes defined in S/MIME
-.Pp
-RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
-Version 4.0 Message Specification,
-section 2.5.2: SMIMECapabilities Attribute
-.Sh HISTORY
-.Fn PKCS7_add_attribute ,
-.Fn PKCS7_set_attributes ,
-.Fn PKCS7_get_attribute ,
-.Fn PKCS7_add_signed_attribute ,
-.Fn PKCS7_set_signed_attributes ,
-and
-.Fn PKCS7_get_signed_attribute
-first appeared in OpenSSL 0.9.1 and have been available since
-.Ox 2.6 .
-.Pp
-.Fn PKCS7_add_attrib_smimecap
-first appeared in OpenSSL 0.9.5 and has been available since
-.Ox 2.7 .
-.Pp
-.Fn PKCS7_add_attrib_content_type ,
-.Fn PKCS7_add1_attrib_digest ,
-and
-.Fn PKCS7_add0_attrib_signing_time
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .
-.Sh CAVEATS
-.Fn PKCS7_set_signed_attributes
-does not validate that
-.Fa sk
-contains the PKCS #9 content type and message digest attributes
-required by RFC 2315.
-It succeeds even when
-.Fa sk
-is empty, leaving
-.Fa si
-in a state that violates the standard.
-.Pp
-.Fn PKCS7_add0_attrib_signing_time
-does not validate
-.Fa t
-in any way.
-In particular, it may set the signing time to the future
-or to the remote past.
-.Sh BUGS
-A function to remove individual attributes from these lists
-does not appear to exist.
-A program desiring to do that might have to manually iterate the fields
-.Fa auth_attr
-and
-.Fa unauth_attr
-of
-.Fa si ,
-which are both of type
-.Vt STACK_OF(X509_ATTRIBUTE) ,
-using the facilities described in
-.Xr STACK_OF 3
-and
-.Xr OPENSSL_sk_new 3 .

diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3 deleted file mode 100644 index 4a1c350f98..0000000000 --- a/src/lib/libcrypto/man/PKCS7_add_attribute.3 +++ /dev/null
@@ -1,365 +0,0 @@
1	.\" $OpenBSD: PKCS7_add_attribute.3,v 1.3 2020/06/10 11:39:12 schwarze Exp $
2	.\"
3	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: June 10 2020 $
18	.Dt PKCS7_ADD_ATTRIBUTE 3
19	.Os
20	.Sh NAME
21	.Nm PKCS7_add_attribute ,
22	.Nm PKCS7_set_attributes ,
23	.Nm PKCS7_get_attribute ,
24	.Nm PKCS7_add_signed_attribute ,
25	.Nm PKCS7_set_signed_attributes ,
26	.Nm PKCS7_get_signed_attribute ,
27	.Nm PKCS7_add_attrib_content_type ,
28	.Nm PKCS7_add1_attrib_digest ,
29	.Nm PKCS7_add0_attrib_signing_time ,
30	.Nm PKCS7_add_attrib_smimecap
31	.Nd attributes of SignerInfo objects
32	.Sh SYNOPSIS
33	.In openssl/pkcs7.h
34	.Ft int
35	.Fo PKCS7_add_attribute
36	.Fa "PKCS7_SIGNER_INFO *si"
37	.Fa "int nid"
38	.Fa "int attrtype"
39	.Fa "void *value"
40	.Fc
41	.Ft int
42	.Fo PKCS7_set_attributes
43	.Fa "PKCS7_SIGNER_INFO *si"
44	.Fa "STACK_OF(X509_ATTRIBUTE) *sk"
45	.Fc
46	.Ft ASN1_TYPE *
47	.Fo PKCS7_get_attribute
48	.Fa "PKCS7_SIGNER_INFO *si"
49	.Fa "int nid"
50	.Fc
51	.Ft int
52	.Fo PKCS7_add_signed_attribute
53	.Fa "PKCS7_SIGNER_INFO *si"
54	.Fa "int nid"
55	.Fa "int attrtype"
56	.Fa "void *value"
57	.Fc
58	.Ft int
59	.Fo PKCS7_set_signed_attributes
60	.Fa "PKCS7_SIGNER_INFO *si"
61	.Fa "STACK_OF(X509_ATTRIBUTE) *sk"
62	.Fc
63	.Ft ASN1_TYPE *
64	.Fo PKCS7_get_signed_attribute
65	.Fa "PKCS7_SIGNER_INFO *si"
66	.Fa "int nid"
67	.Fc
68	.Ft int
69	.Fo PKCS7_add_attrib_content_type
70	.Fa "PKCS7_SIGNER_INFO *si"
71	.Fa "ASN1_OBJECT *coid"
72	.Fc
73	.Ft int
74	.Fo PKCS7_add1_attrib_digest
75	.Fa "PKCS7_SIGNER_INFO *si"
76	.Fa "const unsigned char *md"
77	.Fa "int mdlen"
78	.Fc
79	.Ft int
80	.Fo PKCS7_add0_attrib_signing_time
81	.Fa "PKCS7_SIGNER_INFO *si"
82	.Fa "ASN1_TIME *t"
83	.Fc
84	.Ft int
85	.Fo PKCS7_add_attrib_smimecap
86	.Fa "PKCS7_SIGNER_INFO *si"
87	.Fa "STACK_OF(X509_ALGOR) *cap"
88	.Fc
89	.Sh DESCRIPTION
90	.Fn PKCS7_add_attribute
91	appends a new attribute of type
92	.Fa nid
93	to the
94	.Fa unauthenticatedAttributes
95	list of
96	.Fa si ,
97	and it adds a new ASN.1 ANY object of type
98	.Fa attrtype
99	with the given
100	.Fa value
101	to the new attribute.
102	Ownership of the
103	.Fa value
104	is transferred into the new attribute object, so the calling code
105	must not
106	.Xr free 3
107	the
108	.Fa value .
109	If the list already contains an unauthenticated attribute of type
110	.Fa nid
111	before the call, the new attribute replaces the old one
112	instead of being appended to the end of the list.
113	.Pp
114	.Fn PKCS7_set_attributes
115	frees the
116	.Fa unauthenticatedAttributes
117	list of
118	.Fa si
119	and all the attributes contained in it and replaces it with a deep copy of
120	.Fa sk .
121	.Pp
122	.Fn PKCS7_get_attribute
123	retrieves the first ASN.1 ANY member of the attribute of type
124	.Fa nid
125	from the
126	.Fa unauthenticatedAttributes
127	list of
128	.Fa si .
129	.Pp
130	The behaviour of
131	.Fn PKCS7_add_signed_attribute ,
132	.Fn PKCS7_set_signed_attributes ,
133	and
134	.Fn PKCS7_get_signed_attribute
135	is identical except that they operate on the list of
136	.Fa authenticatedAttributes .
137	.Pp
138	The normal way to use
139	.Fn PKCS7_add_signed_attribute
140	is to first create a
141	.Vt SignedInfo
142	object with
143	.Xr PKCS7_sign 3
144	using the
145	.Dv PKCS7_PARTIAL
146	or
147	.Dv PKCS7_STREAM
148	flag, retrieve the
149	.Vt PKCS7_SIGNER_INFO
150	object with
151	.Xr PKCS7_get_signer_info 3
152	or add an additional one with
153	.Xr PKCS7_sign_add_signer 3 ,
154	call
155	.Fn PKCS7_add_signed_attribute
156	for each desired additional attribute, then do the signing with
157	.Xr PKCS7_final 3
158	or with another finalizing function.
159	.Pp
160	The four remaining functions are wrappers around
161	.Fn PKCS7_add_signed_attribute .
162	.Pp
163	.Fn PKCS7_add_attrib_content_type
164	sets the
165	.Dv NID_pkcs9_contentType
166	attribute to
167	.Fa coid ,
168	which specifies the content type of the
169	.Vt ContentInfo
170	value to be signed.
171	This attribute is mandatory and automatically added by
172	.Xr PKCS7_sign 3
173	and
174	.Xr PKCS7_sign_add_signer 3
175	unless the
176	.Dv PKCS7_NOATTR
177	flag is present.
178	Objects suitable as
179	.Fa coid
180	arguments can for example be obtained with
181	.Xr OBJ_nid2obj 3 .
182	If
183	.Fa coid
184	is
185	.Dv NULL ,
186	the content type defaults to
187	.Dv NID_pkcs7_data .
188	.Pp
189	.Fn PKCS7_add1_attrib_digest
190	sets or replaces the
191	.Dv NID_pkcs9_messageDigest
192	attribute, which is the message digest of the contents octets
193	of the DER-encoding of the content field of the
194	.Vt ContentInfo
195	value being signed, to a copy of
196	.Fa md ,
197	which is assumed to be
198	.Fa mdlen
199	bytes long.
200	If
201	.Fa mdlen
202	is -1, then
203	.Fn strlen md
204	is used instead of
205	.Fa mdlen .
206	This attribute is mandatory and automatically added by
207	.Xr PKCS7_dataFinal 3
208	and
209	.Xr PKCS7_final 3 .
210	.Pp
211	.Fn PKCS7_add0_attrib_signing_time
212	sets or replaces the optional
213	.Dv NID_pkcs9_signingTime
214	attribute to
215	.Fa t ,
216	specifying the time at which the signer performed the signing process.
217	Ownership of
218	.Fa t
219	is transferred into the new attribute object, so the calling code
220	must not
221	.Xr free 3
222	.Fa t .
223	If
224	.Fa t
225	is
226	.Dv NULL ,
227	a new
228	.Vt ASN1_TIME
229	structure is allocated.
230	This attribute is automatically added by
231	.Xr PKCS7_dataFinal 3
232	and
233	.Xr PKCS7_final 3 .
234	.Pp
235	.Fn PKCS7_add_attrib_smimecap
236	sets or replaces the optional
237	.Dv NID_SMIMECapabilities
238	attribute, indicating algorithms the sender is prepared to handle.
239	The
240	.Fa cap
241	pointer is not stored in the new attribute object and can be passed to
242	.Fn sk_X509_ALGOR_pop_free
243	after the call.
244	This attribute is automatically added by
245	.Xr PKCS7_sign 3
246	and
247	.Xr PKCS7_sign_add_signer 3
248	unless the
249	.Dv PKCS7_NOATTR
250	or
251	.Dv PKCS7_NOSMIMECAP
252	flag is present.
253	.Sh RETURN VALUES
254	.Fn PKCS7_add_attribute ,
255	.Fn PKCS7_set_attributes ,
256	.Fn PKCS7_add_signed_attribute ,
257	.Fn PKCS7_set_signed_attributes ,
258	.Fn PKCS7_add_attrib_content_type ,
259	.Fn PKCS7_add1_attrib_digest ,
260	.Fn PKCS7_add0_attrib_signing_time ,
261	and
262	.Fn PKCS7_add_attrib_smimecap
263	return 1 on success or 0 on failure.
264	The most common reason for failure is lack of memory.
265	.Fn PKCS7_add_attribute
266	and
267	.Fn PKCS7_add_signed_attribute
268	also fail if
269	.Fa nid
270	is invalid, and
271	.Fn PKCS7_add_attrib_content_type
272	if
273	.Fa si
274	already contains an authenticated attribute of type
275	.Dv NID_pkcs9_contentType .
276	.Pp
277	.Fn PKCS7_get_attribute
278	and
279	.Fn PKCS7_get_signed_attribute
280	return an internal pointer to an ASN.1 ANY object or
281	.Dv NULL
282	on failure.
283	They fail if
284	.Fa nid
285	is invalid, if the respective list in
286	.Fa si
287	contains no attribute of the requested type, or if an invalid element
288	is found in the list before finding the attribute of the requested type.
289	.Sh SEE ALSO
290	.Xr ASN1_TIME_new 3 ,
291	.Xr ASN1_TYPE_new 3 ,
292	.Xr OBJ_nid2obj 3 ,
293	.Xr PKCS7_final 3 ,
294	.Xr PKCS7_get_signer_info 3 ,
295	.Xr PKCS7_new 3 ,
296	.Xr PKCS7_sign 3 ,
297	.Xr PKCS7_sign_add_signer 3 ,
298	.Xr STACK_OF 3 ,
299	.Xr X509_ALGOR_new 3 ,
300	.Xr X509_ATTRIBUTE_new 3
301	.Sh STANDARDS
302	RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5,
303	section 9.2: SignerInfo type
304	.Pp
305	RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0,
306	section 5.3: Attribute types for use in PKCS #7 data
307	and section 5.6: Attributes defined in S/MIME
308	.Pp
309	RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
310	Version 4.0 Message Specification,
311	section 2.5.2: SMIMECapabilities Attribute
312	.Sh HISTORY
313	.Fn PKCS7_add_attribute ,
314	.Fn PKCS7_set_attributes ,
315	.Fn PKCS7_get_attribute ,
316	.Fn PKCS7_add_signed_attribute ,
317	.Fn PKCS7_set_signed_attributes ,
318	and
319	.Fn PKCS7_get_signed_attribute
320	first appeared in OpenSSL 0.9.1 and have been available since
321	.Ox 2.6 .
322	.Pp
323	.Fn PKCS7_add_attrib_smimecap
324	first appeared in OpenSSL 0.9.5 and has been available since
325	.Ox 2.7 .
326	.Pp
327	.Fn PKCS7_add_attrib_content_type ,
328	.Fn PKCS7_add1_attrib_digest ,
329	and
330	.Fn PKCS7_add0_attrib_signing_time
331	first appeared in OpenSSL 1.0.0 and have been available since
332	.Ox 4.9 .
333	.Sh CAVEATS
334	.Fn PKCS7_set_signed_attributes
335	does not validate that
336	.Fa sk
337	contains the PKCS #9 content type and message digest attributes
338	required by RFC 2315.
339	It succeeds even when
340	.Fa sk
341	is empty, leaving
342	.Fa si
343	in a state that violates the standard.
344	.Pp
345	.Fn PKCS7_add0_attrib_signing_time
346	does not validate
347	.Fa t
348	in any way.
349	In particular, it may set the signing time to the future
350	or to the remote past.
351	.Sh BUGS
352	A function to remove individual attributes from these lists
353	does not appear to exist.
354	A program desiring to do that might have to manually iterate the fields
355	.Fa auth_attr
356	and
357	.Fa unauth_attr
358	of
359	.Fa si ,
360	which are both of type
361	.Vt STACK_OF(X509_ATTRIBUTE) ,
362	using the facilities described in
363	.Xr STACK_OF 3
364	and
365	.Xr OPENSSL_sk_new 3 .