1 files changed, 179 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3
new file mode 100644
index 0000000000..09c36a4d5d
--- /dev/null
+++ b/src/lib/libcrypto/man/PKCS7_add_attribute.3
@@ -0,0 +1,179 @@
+.\" $OpenBSD: PKCS7_add_attribute.3,v 1.1 2020/06/04 10:24:27 schwarze Exp $
+.\"
+.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: June 4 2020 $
+.Dt PKCS7_ADD_ATTRIBUTE 3
+.Os
+.Sh NAME
+.Nm PKCS7_add_attribute ,
+.Nm PKCS7_get_attribute ,
+.Nm PKCS7_add_signed_attribute ,
+.Nm PKCS7_get_signed_attribute
+.Nd attributes of SignerInfo objects
+.Sh SYNOPSIS
+.In openssl/pkcs7.h
+.Ft int
+.Fo PKCS7_add_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fa "int attrtype"
+.Fa "void *value"
+.Fc
+.Ft ASN1_TYPE *
+.Fo PKCS7_get_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fc
+.Ft int
+.Fo PKCS7_add_signed_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fa "int attrtype"
+.Fa "void *value"
+.Fc
+.Ft ASN1_TYPE *
+.Fo PKCS7_get_signed_attribute
+.Fa "PKCS7_SIGNER_INFO *si"
+.Fa "int nid"
+.Fc
+.Sh DESCRIPTION
+.Fn PKCS7_add_attribute
+appends a new attribute of type
+.Fa nid
+to the
+.Fa unauthenticatedAttributes
+list of
+.Fa si ,
+and it adds a new ASN.1 ANY object of type
+.Fa attrtype
+with the given
+.Fa value
+to the new attribute.
+Ownership of the
+.Fa value
+is transferred into the new attribute object, so the calling code
+must not
+.Xr free 3
+the
+.Fa value .
+If the list already contains an unauthenticated attribute of type
+.Fa nid
+before the call, the new attribute replaces the old one
+instead of being appended to the end of the list.
+.Pp
+.Fn PKCS7_get_attribute
+retrieves the first ASN.1 ANY member of the attribute of type
+.Fa nid
+from the
+.Fa unauthenticatedAttributes
+list of
+.Fa si .
+.Pp
+The behaviour of
+.Fn PKCS7_add_signed_attribute
+and
+.Fn PKCS7_get_signed_attribute
+is identical except that they operate on the list of
+.Fa authenticatedAttributes .
+.Pp
+The normal way to use
+.Fn PKCS7_add_signed_attribute
+is to first create a
+.Vt SignedInfo
+object with
+.Xr PKCS7_sign 3
+using the
+.Dv PKCS7_PARTIAL
+or
+.Dv PKCS7_STREAM
+flag, retrieve the
+.Vt PKCS7_SIGNER_INFO
+object with the undocumented function
+.Fn PKCS7_get_signer_info
+or add an additional one with
+.Xr PKCS7_sign_add_signer 3 ,
+call
+.Fn PKCS7_add_signed_attribute
+for each desired additional attribute, then do the signing with
+.Xr PKCS7_final 3
+or with another finalizing function.
+.Pp
+For particular types of attributes, undocumented wrapper functions
+.Fn PKCS7_add_attrib_content_type ,
+.Fn PKCS7_add1_attrib_digest ,
+.Fn PKCS7_add0_attrib_signing_time ,
+and
+.Fn PKCS7_add_attrib_smimecap
+exist.
+.Sh RETURN VALUES
+.Fn PKCS7_add_attribute
+and
+.Fn PKCS7_add_signed_attribute
+return 1 on success or 0 on failure.
+The most common reason for failure is lack of memory.
+.Pp
+.Fn PKCS7_get_attribute
+and
+.Fn PKCS7_get_signed_attribute
+return an internal pointer to an ASN.1 ANY object or
+.Dv NULL
+on failure.
+They fail if
+.Fa nid
+is invalid, if the respective list in
+.Fa si
+contains no attribute of the requested type, or if an invalid element
+is found in the list before finding the attribute of the requested type.
+.Sh SEE ALSO
+.Xr ASN1_TYPE_new 3 ,
+.Xr PKCS7_final 3 ,
+.Xr PKCS7_new 3 ,
+.Xr PKCS7_sign 3 ,
+.Xr PKCS7_sign_add_signer 3 ,
+.Xr STACK_OF 3 ,
+.Xr X509_ATTRIBUTE_new 3
+.Sh STANDARDS
+RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5,
+section 9.2: SignerInfo type
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.1
+and have been available since
+.Ox 2.6 .
+.Sh BUGS
+Adding an attribute with an invalid
+.Fa nid
+ought to fail, but it actually succeeds
+setting the type of the new attribute to
+.Dv NULL .
+Subsequent attempts to retrieve attributes
+may cause the program to crash due to
+.Dv NULL
+pointer access.
+.Pp
+A function to remove individual attributes from these lists
+does not appear to exist.
+A program desiring to do that might have to manually iterate the fields
+.Fa auth_attr
+and
+.Fa unauth_attr
+of
+.Fa si ,
+which are both of type
+.Vt STACK_OF(X509_ATTRIBUTE) ,
+using the facilities described in
+.Xr STACK_OF 3
+and
+.Xr OPENSSL_sk_new 3 .

diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3 new file mode 100644 index 0000000000..09c36a4d5d --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_add_attribute.3
@@ -0,0 +1,179 @@
	1	.\" $OpenBSD: PKCS7_add_attribute.3,v 1.1 2020/06/04 10:24:27 schwarze Exp $
	2	.\"
	3	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: June 4 2020 $
	18	.Dt PKCS7_ADD_ATTRIBUTE 3
	19	.Os
	20	.Sh NAME
	21	.Nm PKCS7_add_attribute ,
	22	.Nm PKCS7_get_attribute ,
	23	.Nm PKCS7_add_signed_attribute ,
	24	.Nm PKCS7_get_signed_attribute
	25	.Nd attributes of SignerInfo objects
	26	.Sh SYNOPSIS
	27	.In openssl/pkcs7.h
	28	.Ft int
	29	.Fo PKCS7_add_attribute
	30	.Fa "PKCS7_SIGNER_INFO *si"
	31	.Fa "int nid"
	32	.Fa "int attrtype"
	33	.Fa "void *value"
	34	.Fc
	35	.Ft ASN1_TYPE *
	36	.Fo PKCS7_get_attribute
	37	.Fa "PKCS7_SIGNER_INFO *si"
	38	.Fa "int nid"
	39	.Fc
	40	.Ft int
	41	.Fo PKCS7_add_signed_attribute
	42	.Fa "PKCS7_SIGNER_INFO *si"
	43	.Fa "int nid"
	44	.Fa "int attrtype"
	45	.Fa "void *value"
	46	.Fc
	47	.Ft ASN1_TYPE *
	48	.Fo PKCS7_get_signed_attribute
	49	.Fa "PKCS7_SIGNER_INFO *si"
	50	.Fa "int nid"
	51	.Fc
	52	.Sh DESCRIPTION
	53	.Fn PKCS7_add_attribute
	54	appends a new attribute of type
	55	.Fa nid
	56	to the
	57	.Fa unauthenticatedAttributes
	58	list of
	59	.Fa si ,
	60	and it adds a new ASN.1 ANY object of type
	61	.Fa attrtype
	62	with the given
	63	.Fa value
	64	to the new attribute.
	65	Ownership of the
	66	.Fa value
	67	is transferred into the new attribute object, so the calling code
	68	must not
	69	.Xr free 3
	70	the
	71	.Fa value .
	72	If the list already contains an unauthenticated attribute of type
	73	.Fa nid
	74	before the call, the new attribute replaces the old one
	75	instead of being appended to the end of the list.
	76	.Pp
	77	.Fn PKCS7_get_attribute
	78	retrieves the first ASN.1 ANY member of the attribute of type
	79	.Fa nid
	80	from the
	81	.Fa unauthenticatedAttributes
	82	list of
	83	.Fa si .
	84	.Pp
	85	The behaviour of
	86	.Fn PKCS7_add_signed_attribute
	87	and
	88	.Fn PKCS7_get_signed_attribute
	89	is identical except that they operate on the list of
	90	.Fa authenticatedAttributes .
	91	.Pp
	92	The normal way to use
	93	.Fn PKCS7_add_signed_attribute
	94	is to first create a
	95	.Vt SignedInfo
	96	object with
	97	.Xr PKCS7_sign 3
	98	using the
	99	.Dv PKCS7_PARTIAL
	100	or
	101	.Dv PKCS7_STREAM
	102	flag, retrieve the
	103	.Vt PKCS7_SIGNER_INFO
	104	object with the undocumented function
	105	.Fn PKCS7_get_signer_info
	106	or add an additional one with
	107	.Xr PKCS7_sign_add_signer 3 ,
	108	call
	109	.Fn PKCS7_add_signed_attribute
	110	for each desired additional attribute, then do the signing with
	111	.Xr PKCS7_final 3
	112	or with another finalizing function.
	113	.Pp
	114	For particular types of attributes, undocumented wrapper functions
	115	.Fn PKCS7_add_attrib_content_type ,
	116	.Fn PKCS7_add1_attrib_digest ,
	117	.Fn PKCS7_add0_attrib_signing_time ,
	118	and
	119	.Fn PKCS7_add_attrib_smimecap
	120	exist.
	121	.Sh RETURN VALUES
	122	.Fn PKCS7_add_attribute
	123	and
	124	.Fn PKCS7_add_signed_attribute
	125	return 1 on success or 0 on failure.
	126	The most common reason for failure is lack of memory.
	127	.Pp
	128	.Fn PKCS7_get_attribute
	129	and
	130	.Fn PKCS7_get_signed_attribute
	131	return an internal pointer to an ASN.1 ANY object or
	132	.Dv NULL
	133	on failure.
	134	They fail if
	135	.Fa nid
	136	is invalid, if the respective list in
	137	.Fa si
	138	contains no attribute of the requested type, or if an invalid element
	139	is found in the list before finding the attribute of the requested type.
	140	.Sh SEE ALSO
	141	.Xr ASN1_TYPE_new 3 ,
	142	.Xr PKCS7_final 3 ,
	143	.Xr PKCS7_new 3 ,
	144	.Xr PKCS7_sign 3 ,
	145	.Xr PKCS7_sign_add_signer 3 ,
	146	.Xr STACK_OF 3 ,
	147	.Xr X509_ATTRIBUTE_new 3
	148	.Sh STANDARDS
	149	RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5,
	150	section 9.2: SignerInfo type
	151	.Sh HISTORY
	152	These functions first appeared in OpenSSL 0.9.1
	153	and have been available since
	154	.Ox 2.6 .
	155	.Sh BUGS
	156	Adding an attribute with an invalid
	157	.Fa nid
	158	ought to fail, but it actually succeeds
	159	setting the type of the new attribute to
	160	.Dv NULL .
	161	Subsequent attempts to retrieve attributes
	162	may cause the program to crash due to
	163	.Dv NULL
	164	pointer access.
	165	.Pp
	166	A function to remove individual attributes from these lists
	167	does not appear to exist.
	168	A program desiring to do that might have to manually iterate the fields
	169	.Fa auth_attr
	170	and
	171	.Fa unauth_attr
	172	of
	173	.Fa si ,
	174	which are both of type
	175	.Vt STACK_OF(X509_ATTRIBUTE) ,
	176	using the facilities described in
	177	.Xr STACK_OF 3
	178	and
	179	.Xr OPENSSL_sk_new 3 .