From 010da91741722964cdcf5787d97f6abffb58aabc Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Wed, 11 Nov 2015 18:36:48 +0000 Subject: Convert and enable CMS manuals. Already some time ago, bcook@ said these can be installed. --- src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod | 67 ----------- .../src/doc/crypto/CMS_add1_recipient_cert.pod | 63 ----------- src/lib/libssl/src/doc/crypto/CMS_compress.pod | 73 ------------ src/lib/libssl/src/doc/crypto/CMS_decrypt.pod | 79 ------------- src/lib/libssl/src/doc/crypto/CMS_encrypt.pod | 93 --------------- src/lib/libssl/src/doc/crypto/CMS_final.pod | 41 ------- .../src/doc/crypto/CMS_get0_RecipientInfos.pod | 111 ------------------ .../libssl/src/doc/crypto/CMS_get0_SignerInfos.pod | 76 ------------- src/lib/libssl/src/doc/crypto/CMS_get0_type.pod | 64 ----------- .../src/doc/crypto/CMS_get1_ReceiptRequest.pod | 70 ------------ src/lib/libssl/src/doc/crypto/CMS_sign.pod | 122 -------------------- .../libssl/src/doc/crypto/CMS_sign_add1_signer.pod | 103 ----------------- src/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod | 45 -------- src/lib/libssl/src/doc/crypto/CMS_uncompress.pod | 54 --------- src/lib/libssl/src/doc/crypto/CMS_verify.pod | 126 --------------------- .../libssl/src/doc/crypto/CMS_verify_receipt.pod | 47 -------- 16 files changed, 1234 deletions(-) delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_compress.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_decrypt.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_encrypt.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_final.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_get0_type.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_sign.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_uncompress.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_verify.pod delete mode 100644 src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod b/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod deleted file mode 100644 index b289237ec2..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod +++ /dev/null @@ -1,67 +0,0 @@ -=pod - -=head1 NAME - -CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, -CMS_get1_crls - CMS certificate and CRL utility functions - -=head1 SYNOPSIS - - #include - - int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); - int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); - STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); - - int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); - int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); - STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); - - -=head1 DESCRIPTION - -CMS_add0_cert() and CMS_add1_cert() add certificate B to B. -must be of type signed data or enveloped data. - -CMS_get1_certs() returns all certificates in B. - -CMS_add0_crl() and CMS_add1_crl() add CRL B to B. CMS_get1_crls() -returns any CRLs in B. - -=head1 NOTES - -The CMS_ContentInfo structure B must be of type signed data or enveloped -data or an error will be returned. - -For signed data certificates and CRLs are added to the B and -B fields of SignedData structure. For enveloped data they are added to -B. - -As the B<0> implies CMS_add0_cert() adds B internally to B and it -must not be freed up after the call as opposed to CMS_add1_cert() where B -must be freed up. - -The same certificate or CRL must not be added to the same cms structure more -than once. - -=head1 RETURN VALUES - -CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return -1 for success and 0 for failure. - -CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs -or NULL if there are none or an error occurs. The only error which will occur -in practice is if the B type is invalid. - -=head1 SEE ALSO - -L, -L, -L - -=head1 HISTORY - -CMS_add0_cert(), CMS_add1_cert(), CMS_get1_certs(), CMS_add0_crl() -and CMS_get1_crls() were all first added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod b/src/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod deleted file mode 100644 index 8a39391aa4..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod +++ /dev/null @@ -1,63 +0,0 @@ -=pod - -=head1 NAME - -CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS -enveloped data structure - -=head1 SYNOPSIS - - #include - - CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); - - CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType); - -=head1 DESCRIPTION - -CMS_add1_recipient_cert() adds recipient B to CMS_ContentInfo enveloped -data structure B as a KeyTransRecipientInfo structure. - -CMS_add0_recipient_key() adds symmetric key B of length B using -wrapping algorithm B, identifier B of length B and optional -values B, B and B to CMS_ContentInfo enveloped -data structure B as a KEKRecipientInfo structure. - -The CMS_ContentInfo structure should be obtained from an initial call to -CMS_encrypt() with the flag B set. - -=head1 NOTES - -The main purpose of this function is to provide finer control over a CMS -enveloped data structure where the simpler CMS_encrypt() function defaults are -not appropriate. For example if one or more KEKRecipientInfo structures -need to be added. New attributes can also be added using the returned -CMS_RecipientInfo structure and the CMS attribute utility functions. - -OpenSSL will by default identify recipient certificates using issuer name -and serial number. If B is set it will use the subject key -identifier value instead. An error occurs if all recipient certificates do not -have a subject key identifier extension. - -Currently only AES based key wrapping algorithms are supported for B, -specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. -If B is set to B then an AES wrap algorithm will be used -consistent with B. - -=head1 RETURN VALUES - -CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal -pointer to the CMS_RecipientInfo structure just added or NULL if an error -occurs. - -=head1 SEE ALSO - -L, L, -L, - -=head1 HISTORY - -CMS_add1_recipient_cert() and CMS_add0_recipient_key() were added to OpenSSL -0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_compress.pod b/src/lib/libssl/src/doc/crypto/CMS_compress.pod deleted file mode 100644 index 0a0715271d..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_compress.pod +++ /dev/null @@ -1,73 +0,0 @@ -=pod - -=head1 NAME - -CMS_compress - create a CMS CompressedData structure - -=head1 SYNOPSIS - - #include - - CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); - -=head1 DESCRIPTION - -CMS_compress() creates and returns a CMS CompressedData structure. B -is the compression algorithm to use or B to use the default -algorithm (zlib compression). B is the content to be compressed. -B is an optional set of flags. - -=head1 NOTES - -The only currently supported compression algorithm is zlib using the NID -NID_zlib_compression. - -If zlib support is not compiled into OpenSSL then CMS_compress() will return -an error. - -If the B flag is set MIME headers for type B are -prepended to the data. - -Normally the supplied content is translated into MIME canonical format (as -required by the S/MIME specifications) if B is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If B is set then -B is ignored. - -If the B flag is set a partial B structure is -returned suitable for streaming I/O: no data is read from the BIO B. - -The compressed data is included in the CMS_ContentInfo structure, unless -B is set in which case it is omitted. This is rarely used in -practice and is not supported by SMIME_write_CMS(). - -=head1 NOTES - -If the flag B is set the returned B structure is -B complete and outputting its contents via a function that does not -properly finalize the B structure will give unpredictable -results. - -Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), -PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization -can be performed by obtaining the streaming ASN1 B directly using -BIO_new_CMS(). - -Additional compression parameters such as the zlib compression level cannot -currently be set. - -=head1 RETURN VALUES - -CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -CMS_compress() was added to OpenSSL 0.9.8 -The B flag was first supported in OpenSSL 1.0.0. - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_decrypt.pod b/src/lib/libssl/src/doc/crypto/CMS_decrypt.pod deleted file mode 100644 index 3b44cec603..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_decrypt.pod +++ /dev/null @@ -1,79 +0,0 @@ -=pod - -=head1 NAME - -CMS_decrypt - decrypt content from a CMS envelopedData structure - -=head1 SYNOPSIS - - #include - - int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); - -=head1 DESCRIPTION - -CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData -structure. B is the private key of the recipient, B is the -recipient's certificate, B is a BIO to write the content to and -B is an optional set of flags. - -The B parameter is used in the rare case where the encrypted content -is detached. It will normally be set to NULL. - -=head1 NOTES - -OpenSSL_add_all_algorithms() (or equivalent) should be called before using this -function or errors about unknown algorithms will occur. - -Although the recipients certificate is not needed to decrypt the data it is -needed to locate the appropriate (of possible several) recipients in the CMS -structure. - -If B is set to NULL all possible recipients are tried. This case however -is problematic. To thwart the MMA attack (Bleichenbacher's attack on -PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or -not. If no recipient succeeds then a random symmetric key is used to decrypt -the content: this will typically output garbage and may (but is not guaranteed -to) ultimately return a padding error only. If CMS_decrypt() just returned an -error when all recipient encrypted keys failed to decrypt an attacker could -use this in a timing attack. If the special flag B is set -then the above behaviour is modified and an error B returned if no -recipient encrypted key can be decrypted B generating a random -content encryption key. Applications should use this flag with -B especially in automated gateways as it can leave them -open to attack. - -It is possible to determine the correct recipient key by other means (for -example looking them up in a database) and setting them in the CMS structure -in advance using the CMS utility functions such as CMS_set1_pkey(). In this -case both B and B should be set to NULL. - -To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() -and CMS_ReceipientInfo_decrypt() should be called before CMS_decrypt() and -B and B set to NULL. - -The following flags can be passed in the B parameter. - -If the B flag is set MIME headers for type B are deleted -from the content. If the content is not of type B then an error is -returned. - -=head1 RETURN VALUES - -CMS_decrypt() returns either 1 for success or 0 for failure. -The error can be obtained from ERR_get_error(3) - -=head1 BUGS - -The lack of single pass processing and the need to hold all data in memory as -mentioned in CMS_verify() also applies to CMS_decrypt(). - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -CMS_decrypt() was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod b/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod deleted file mode 100644 index f697e87e2b..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod +++ /dev/null @@ -1,93 +0,0 @@ -=pod - -=head1 NAME - -CMS_encrypt - create a CMS envelopedData structure - -=head1 SYNOPSIS - - #include - - CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); - -=head1 DESCRIPTION - -CMS_encrypt() creates and returns a CMS EnvelopedData structure. B -is a list of recipient certificates. B is the content to be encrypted. -B is the symmetric cipher to use. B is an optional set of flags. - -=head1 NOTES - -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. - -The algorithm passed in the B parameter must support ASN1 encoding of -its parameters. - -Many browsers implement a "sign and encrypt" option which is simply an S/MIME -envelopedData containing an S/MIME signed message. This can be readily produced -by storing the S/MIME signed message in a memory BIO and passing it to -CMS_encrypt(). - -The following flags can be passed in the B parameter. - -If the B flag is set MIME headers for type B are -prepended to the data. - -Normally the supplied content is translated into MIME canonical format (as -required by the S/MIME specifications) if B is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If B is set then -B is ignored. - -OpenSSL will by default identify recipient certificates using issuer name -and serial number. If B is set it will use the subject key -identifier value instead. An error occurs if all recipient certificates do not -have a subject key identifier extension. - -If the B flag is set a partial B structure is -returned suitable for streaming I/O: no data is read from the BIO B. - -If the B flag is set a partial B structure is -returned to which additional recipients and attributes can be added before -finalization. - -The data being encrypted is included in the CMS_ContentInfo structure, unless -B is set in which case it is omitted. This is rarely used in -practice and is not supported by SMIME_write_CMS(). - -=head1 NOTES - -If the flag B is set the returned B structure is -B complete and outputting its contents via a function that does not -properly finalize the B structure will give unpredictable -results. - -Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), -PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization -can be performed by obtaining the streaming ASN1 B directly using -BIO_new_CMS(). - -The recipients specified in B use a CMS KeyTransRecipientInfo info -structure. KEKRecipientInfo is also supported using the flag B -and CMS_add0_recipient_key(). - -The parameter B may be NULL if B is set and recipients -added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key(). - -=head1 RETURN VALUES - -CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -CMS_decrypt() was added to OpenSSL 0.9.8 -The B flag was first supported in OpenSSL 1.0.0. - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_final.pod b/src/lib/libssl/src/doc/crypto/CMS_final.pod deleted file mode 100644 index c5f1722aaf..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_final.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -CMS_final - finalise a CMS_ContentInfo structure - -=head1 SYNOPSIS - - #include - - int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); - -=head1 DESCRIPTION - -CMS_final() finalises the structure B. It's purpose is to perform any -operations necessary on B (digest computation for example) and set the -appropriate fields. The parameter B contains the content to be -processed. The B parameter contains a BIO to write content to after -processing: this is only used with detached data and will usually be set to -NULL. - -=head1 NOTES - -This function will normally be called when the B flag is used. It -should only be used when streaming is not performed because the streaming -I/O functions perform finalisation operations internally. - -=head1 RETURN VALUES - -CMS_final() returns 1 for success or 0 for failure. - -=head1 SEE ALSO - -L, L, -L - -=head1 HISTORY - -CMS_final() was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod b/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod deleted file mode 100644 index da3914c0c0..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod +++ /dev/null @@ -1,111 +0,0 @@ -=pod - -=head1 NAME - -CMS_get0_RecipientInfos, CMS_RecipientInfo_type, -CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, -CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, -CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, -CMS_RecipientInfo_decrypt, -CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines - -=head1 SYNOPSIS - - #include - - STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); - int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); - - int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); - int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); - int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); - - int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype); - int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen); - int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen); - - int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); - -=head1 DESCRIPTION - -The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo -structures associated with a CMS EnvelopedData structure. - -CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B. -It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, -CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER. - -CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient -identifier associated with a specific CMS_RecipientInfo structure B, which -must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in -B or B issuer name and serial number in B and B. - -CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B against the -CMS_RecipientInfo structure B, which must be of type CMS_RECIPINFO_TRANS. -It returns zero if the comparison is successful and non zero if not. - -CMS_RecipientInfo_set0_pkey() associates the private key B with -the CMS_RecipientInfo structure B, which must be of type -CMS_RECIPINFO_TRANS. - -CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the -CMS_RecipientInfo structure B which must be of type CMS_RECIPINFO_KEK. Any -of the remaining parameters can be NULL if the application is not interested in -the value of a field. Where a field is optional and absent NULL will be written -to the corresponding parameter. The keyEncryptionAlgorithm field is written to -B, the B field is written to B, the B field if -present is written to B, if the B field is present the components -B and B are written to parameters B and -B. - -CMS_RecipientInfo_kekri_id_cmp() compares the ID in the B and B -parameters against the B CMS_RecipientInfo structure B, -which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is -successful and non zero if not. - -CMS_RecipientInfo_set0_key() associates the symmetric key B of length -B with the CMS_RecipientInfo structure B, which must be of type -CMS_RECIPINFO_KEK. - -CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure -B in structure B. A key must have been associated with the structure -first. - -=head1 NOTES - -The main purpose of these functions is to enable an application to lookup -recipient keys using any appropriate technique when the simpler method -of CMS_decrypt() is not appropriate. - -In typical usage and application will retrieve all CMS_RecipientInfo structures -using CMS_get0_RecipientInfos() and check the type of each using -CMS_RecpientInfo_type(). Depending on the type the CMS_RecipientInfo structure -can be ignored or its key identifier data retrieved using an appropriate -function. Then if the corresponding secret or private key can be obtained by -any appropriate means it can then associated with the structure and -CMS_RecpientInfo_decrypt() called. If successful CMS_decrypt() can be called -with a NULL key to decrypt the enveloped content. - -=head1 RETURN VALUES - -CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if -an error occurs. - -CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), -CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and -CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. - -CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 -for a successful comparison and non zero otherwise. - -Any error can be obtained from L. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -These functions were first was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod b/src/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod deleted file mode 100644 index 557cda6c3e..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod +++ /dev/null @@ -1,76 +0,0 @@ -=pod - -=head1 NAME - -CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, -CMS_set1_signer_certs - CMS signedData signer functions. - -=head1 SYNOPSIS - - #include - - STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); - - int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); - int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); - void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); - -=head1 DESCRIPTION - -The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures -associated with a CMS signedData structure. - -CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier -associated with a specific CMS_SignerInfo structure B. Either the -keyidentifier will be set in B or B issuer name and serial number -in B and B. - -CMS_SignerInfo_cert_cmp() compares the certificate B against the signer -identifier B. It returns zero if the comparison is successful and non zero -if not. - -CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B to -B. - -=head1 NOTES - -The main purpose of these functions is to enable an application to lookup -signers certificates using any appropriate technique when the simpler method -of CMS_verify() is not appropriate. - -In typical usage and application will retrieve all CMS_SignerInfo structures -using CMS_get0_SignerInfo() and retrieve the identifier information using -CMS. It will then obtain the signer certificate by some unspecified means -(or return and error if it cannot be found) and set it using -CMS_SignerInfo_set1_signer_cert(). - -Once all signer certificates have been set CMS_verify() can be used. - -Although CMS_get0_SignerInfos() can return NULL is an error occur B if -there are no signers this is not a problem in practice because the only -error which can occur is if the B structure is not of type signedData -due to application error. - -=head1 RETURN VALUES - -CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there -are no signers or an error occurs. - -CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure. - -CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non -zero otherwise. - -CMS_SignerInfo_set1_signer_cert() does not return a value. - -Any error can be obtained from L - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -These functions were first was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_get0_type.pod b/src/lib/libssl/src/doc/crypto/CMS_get0_type.pod deleted file mode 100644 index bc2690ee1a..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_get0_type.pod +++ /dev/null @@ -1,64 +0,0 @@ -=pod - -=head1 NAME - -CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType - get and set CMS -content types - -=head1 SYNOPSIS - - #include - - const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); - int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); - const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); - -=head1 DESCRIPTION - -CMS_get0_type() returns the content type of a CMS_ContentInfo structure as -and ASN1_OBJECT pointer. An application can then decide how to process the -CMS_ContentInfo structure based on this value. - -CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo -structure. It should be called with CMS functions with the B -flag and B the structure is finalised, otherwise the results are -undefined. - -ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded -content type. - -=head1 NOTES - -As the B<0> implies CMS_get0_type() and CMS_get0_eContentType() return internal -pointers which should B be freed up. CMS_set1_eContentType() copies the -supplied OID and it B be freed up after use. - -The B values returned can be converted to an integer B value -using OBJ_obj2nid(). For the currently supported content types the following -values are returned: - - NID_pkcs7_data - NID_pkcs7_signed - NID_pkcs7_digest - NID_id_smime_ct_compressedData: - NID_pkcs7_encrypted - NID_pkcs7_enveloped - - -=head1 RETURN VALUES - -CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure. - -CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The -error can be obtained from ERR_get_error(3). - -=head1 SEE ALSO - -L - -=head1 HISTORY - -CMS_get0_type(), CMS_set1_eContentType() and CMS_get0_eContentType() were all -first added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod b/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod deleted file mode 100644 index a7babb1a6e..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod +++ /dev/null @@ -1,70 +0,0 @@ -=pod - -=head1 NAME - -CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, -CMS_ReceiptRequest_get0_values - CMS signed receipt request functions. - -=head1 SYNOPSIS - - #include - - CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo); - int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); - int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); - void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto); - -=head1 DESCRIPTION - -CMS_ReceiptRequest_create0() creates a signed receipt request structure. The -B field is set using B and B, or it is set -to 32 bytes of pseudo random data if B is NULL. If B is NULL -the allOrFirstTier option in B is used and set to the value of -the B parameter. If B is not NULL the B -option in B is used. The B parameter specifies the -B field value. - -The CMS_add1_ReceiptRequest() function adds a signed receipt request B -to SignerInfo structure B. - -int CMS_get1_ReceiptRequest() looks for a signed receipt request in B, if -any is found it is decoded and written to B. - -CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request. -The signedContentIdentifier is copied to B. If the B -option of B is used its value is copied to B -otherwise the B field is copied to B. The B -parameter is copied to B. - -=head1 NOTES - -For more details of the meaning of the fields see RFC2634. - -The contents of a signed receipt should only be considered meaningful if the -corresponding CMS_ContentInfo structure can be successfully verified using -CMS_verify(). - -=head1 RETURN VALUES - -CMS_ReceiptRequest_create0() returns a signed receipt request structure or -NULL if an error occurred. - -CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. - -CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and -decoded. It returns 0 if a signed receipt request is not present and -1 if -it is present but malformed. - -=head1 SEE ALSO - -L, L, -L, L -L - -=head1 HISTORY - -CMS_ReceiptRequest_create0(), CMS_add1_ReceiptRequest(), -CMS_get1_ReceiptRequest() and CMS_ReceiptRequest_get0_values() were added to -OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_sign.pod b/src/lib/libssl/src/doc/crypto/CMS_sign.pod deleted file mode 100644 index cc6d17faf6..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_sign.pod +++ /dev/null @@ -1,122 +0,0 @@ -=pod - -=head1 NAME - -CMS_sign - create a CMS SignedData structure - -=head1 SYNOPSIS - - #include - - CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); - -=head1 DESCRIPTION - -CMS_sign() creates and returns a CMS SignedData structure. B is -the certificate to sign with, B is the corresponding private key. -B is an optional additional set of certificates to include in the CMS -structure (for example any intermediate CAs in the chain). Any or all of -these parameters can be B, see B below. - -The data to be signed is read from BIO B. - -B is an optional set of flags. - -=head1 NOTES - -Any of the following flags (ored together) can be passed in the B -parameter. - -Many S/MIME clients expect the signed content to include valid MIME headers. If -the B flag is set MIME headers for type B are prepended -to the data. - -If B is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in -the B parameter though. This can reduce the size of the signature if -the signers certificate can be obtained by other means: for example a -previously signed message. - -The data being signed is included in the CMS_ContentInfo structure, unless -B is set in which case it is omitted. This is used for -CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed -messages for example. - -Normally the supplied content is translated into MIME canonical format (as -required by the S/MIME specifications) if B is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. - -The SignedData structure includes several CMS signedAttributes including the -signing time, the CMS content type and the supported list of ciphers in an -SMIMECapabilities attribute. If B is set then no signedAttributes -will be used. If B is set then just the SMIMECapabilities are -omitted. - -If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 -bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. -If any of these algorithms is not available then it will not be included: for -example the GOST algorithms will not be included if the GOST ENGINE is not -loaded. - -OpenSSL will by default identify signing certificates using issuer name -and serial number. If B is set it will use the subject key -identifier value instead. An error occurs if the signing certificate does not -have a subject key identifier extension. - -If the flags B is set then the returned B -structure is just initialized ready to perform the signing operation. The -signing is however B performed and the data to be signed is not read from -the B parameter. Signing is deferred until after the data has been -written. In this way data can be signed in a single pass. - -If the B flag is set a partial B structure is -output to which additional signers and capabilities can be added before -finalization. - -If the flag B is set the returned B structure is -B complete and outputting its contents via a function that does not -properly finalize the B structure will give unpredictable -results. - -Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), -PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization -can be performed by obtaining the streaming ASN1 B directly using -BIO_new_CMS(). - -If a signer is specified it will use the default digest for the signing -algorithm. This is B for both RSA and DSA keys. - -If B and B are NULL then a certificates only CMS structure is -output. - -The function CMS_sign() is a basic CMS signing function whose output will be -suitable for many purposes. For finer control of the output format the -B, B and B parameters can all be B and the -B flag set. Then one or more signers can be added using the -function CMS_sign_add1_signer(), non default digests can be used and custom -attributes added. B must then be called to finalize the -structure if streaming is not enabled. - -=head1 BUGS - -Some attributes such as counter signatures are not supported. - -=head1 RETURN VALUES - -CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -CMS_sign() was added to OpenSSL 0.9.8 - -The B flag is only supported for detached data in OpenSSL 0.9.8, -it is supported for embedded data in OpenSSL 1.0.0 and later. - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod b/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod deleted file mode 100644 index ed4d9a9234..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod +++ /dev/null @@ -1,103 +0,0 @@ -=pod - -=head1 NAME - -CMS_sign_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo -signed data structure. - -=head1 SYNOPSIS - - #include - - CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); - - int CMS_SignerInfo_sign(CMS_SignerInfo *si); - - -=head1 DESCRIPTION - -CMS_sign_add1_signer() adds a signer with certificate B and private -key B using message digest B to CMS_ContentInfo SignedData -structure B. - -The CMS_ContentInfo structure should be obtained from an initial call to -CMS_sign() with the flag B set or in the case or re-signing a -valid CMS_ContentInfo SignedData structure. - -If the B parameter is B then the default digest for the public -key algorithm will be used. - -Unless the B flag is set the returned CMS_ContentInfo -structure is not complete and must be finalized either by streaming (if -applicable) or a call to CMS_final(). - -The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo -structure, its main use is when B and B flags -are both set. - -=head1 NOTES - -The main purpose of CMS_sign_add1_signer() is to provide finer control -over a CMS signed data structure where the simpler CMS_sign() function defaults -are not appropriate. For example if multiple signers or non default digest -algorithms are needed. New attributes can also be added using the returned -CMS_SignerInfo structure and the CMS attribute utility functions or the -CMS signed receipt request functions. - -Any of the following flags (ored together) can be passed in the B -parameter. - -If B is set then an attempt is made to copy the content -digest value from the CMS_ContentInfo structure: to add a signer to an existing -structure. An error occurs if a matching digest value cannot be found to copy. -The returned CMS_ContentInfo structure will be valid and finalized when this -flag is set. - -If B is set in addition to B then the -CMS_SignerInfo structure will not be finalized so additional attributes -can be added. In this case an explicit call to CMS_SignerInfo_sign() is -needed to finalize it. - -If B is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in -the B parameter though. This can reduce the size of the signature if -the signers certificate can be obtained by other means: for example a -previously signed message. - -The SignedData structure includes several CMS signedAttributes including the -signing time, the CMS content type and the supported list of ciphers in an -SMIMECapabilities attribute. If B is set then no signedAttributes -will be used. If B is set then just the SMIMECapabilities are -omitted. - -OpenSSL will by default identify signing certificates using issuer name -and serial number. If B is set it will use the subject key -identifier value instead. An error occurs if the signing certificate does not -have a subject key identifier extension. - -If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 -bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. -If any of these algorithms is not available then it will not be included: for -example the GOST algorithms will not be included if the GOST ENGINE is not -loaded. - -CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo -structure just added, this can be used to set additional attributes -before it is finalized. - -=head1 RETURN VALUES - -CMS_sign1_add_signers() returns an internal pointer to the CMS_SignerInfo -structure just added or NULL if an error occurs. - -=head1 SEE ALSO - -L, L, -L, - -=head1 HISTORY - -CMS_sign_add1_signer() was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod b/src/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod deleted file mode 100644 index f603ab66f0..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod +++ /dev/null @@ -1,45 +0,0 @@ -=pod - -=head1 NAME - -CMS_sign_receipt - create a CMS signed receipt - -=head1 SYNOPSIS - - #include - - CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags); - -=head1 DESCRIPTION - -CMS_sign_receipt() creates and returns a CMS signed receipt structure. B is -the B structure containing the signed receipt request. -B is the certificate to sign with, B is the corresponding -private key. B is an optional additional set of certificates to include -in the CMS structure (for example any intermediate CAs in the chain). - -B is an optional set of flags. - -=head1 NOTES - -This functions behaves in a similar way to CMS_sign() except the flag values -B, B, B, B and B -are not supported since they do not make sense in the context of signed -receipts. - -=head1 RETURN VALUES - -CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if -an error occurred. The error can be obtained from ERR_get_error(3). - -=head1 SEE ALSO - -L, -L, -L - -=head1 HISTORY - -CMS_sign_receipt() was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_uncompress.pod b/src/lib/libssl/src/doc/crypto/CMS_uncompress.pod deleted file mode 100644 index fcbfec128a..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_uncompress.pod +++ /dev/null @@ -1,54 +0,0 @@ -=pod - -=head1 NAME - -CMS_uncompress - uncompress a CMS CompressedData structure - -=head1 SYNOPSIS - - #include - - int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); - -=head1 DESCRIPTION - -CMS_uncompress() extracts and uncompresses the content from a CMS -CompressedData structure B. B is a BIO to write the content to and -B is an optional set of flags. - -The B parameter is used in the rare case where the compressed content -is detached. It will normally be set to NULL. - -=head1 NOTES - -The only currently supported compression algorithm is zlib: if the structure -indicates the use of any other algorithm an error is returned. - -If zlib support is not compiled into OpenSSL then CMS_uncompress() will always -return an error. - -The following flags can be passed in the B parameter. - -If the B flag is set MIME headers for type B are deleted -from the content. If the content is not of type B then an error is -returned. - -=head1 RETURN VALUES - -CMS_uncompress() returns either 1 for success or 0 for failure. The error can -be obtained from ERR_get_error(3) - -=head1 BUGS - -The lack of single pass processing and the need to hold all data in memory as -mentioned in CMS_verify() also applies to CMS_decompress(). - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -CMS_uncompress() was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_verify.pod b/src/lib/libssl/src/doc/crypto/CMS_verify.pod deleted file mode 100644 index 69425008aa..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_verify.pod +++ /dev/null @@ -1,126 +0,0 @@ -=pod - -=head1 NAME - -CMS_verify, CMS_get0_signers - verify a CMS SignedData structure - -=head1 SYNOPSIS - - #include - - int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, unsigned int flags); - - STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); - -=head1 DESCRIPTION - -CMS_verify() verifies a CMS SignedData structure. B is the CMS_ContentInfo -structure to verify. B is a set of certificates in which to search for -the signing certificate(s). B is a trusted certificate store used for -chain verification. B is the detached content if the content is not -present in B. The content is written to B if it is not NULL. - -B is an optional set of flags, which can be used to modify the verify -operation. - -CMS_get0_signers() retrieves the signing certificate(s) from B, it must -be called after a successful CMS_verify() operation. - -=head1 VERIFY PROCESS - -Normally the verify process proceeds as follows. - -Initially some sanity checks are performed on B. The type of B must -be SignedData. There must be at least one signature on the data and if -the content is detached B cannot be B. - -An attempt is made to locate all the signing certificate(s), first looking in -the B parameter (if it is not NULL) and then looking in any -certificates contained in the B structure itself. If any signing -certificate cannot be located the operation fails. - -Each signing certificate is chain verified using the B purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If CRL checking is enabled in B any internal -CRLs are used in addition to attempting to look them up in B. If any -chain verify fails an error code is returned. - -Finally the signed content is read (and written to B is it is not NULL) -and the signature's checked. - -If all signature's verify correctly then the function is successful. - -Any of the following flags (ored together) can be passed in the B -parameter to change the default verify behaviour. - -If B is set the certificates in the message itself are not -searched when locating the signing certificate(s). This means that all the -signing certificates must be in the B parameter. - -If B is set and CRL checking is enabled in B then any -CRLs in the message itself are ignored. - -If the B flag is set MIME headers for type B are deleted -from the content. If the content is not of type B then an error is -returned. - -If B is set the signing certificates are not -verified. - -If B is set the signed attributes signature is not -verified. - -If B is set then the content digest is not checked. - -=head1 NOTES - -One application of B is to only accept messages signed by -a small number of certificates. The acceptable certificates would be passed -in the B parameter. In this case if the signer is not one of the -certificates supplied in B then the verify will fail because the -signer cannot be found. - -In some cases the standard techniques for looking up and validating -certificates are not appropriate: for example an application may wish to -lookup certificates in a database or perform customised verification. This -can be achieved by setting and verifying the signers certificates manually -using the signed data utility functions. - -Care should be taken when modifying the default verify behaviour, for example -setting B will totally disable all content verification -and any modified content will be considered valid. This combination is however -useful if one merely wishes to write the content to B and its validity -is not considered important. - -Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the -signer it cannot be trusted without additional evidence (such as a trusted -timestamp). - -=head1 RETURN VALUES - -CMS_verify() returns 1 for a successful verification and zero if an error -occurred. - -CMS_get0_signers() returns all signers or NULL if an error occurred. - -The error can be obtained from L - -=head1 BUGS - -The trusted certificate store is not searched for the signing certificate, -this is primarily due to the inadequacies of the current B -functionality. - -The lack of single pass processing means that the signed content must all -be held in memory if it is not detached. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -CMS_verify() was added to OpenSSL 0.9.8 - -=cut diff --git a/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod b/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod deleted file mode 100644 index 2beadda129..0000000000 --- a/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod +++ /dev/null @@ -1,47 +0,0 @@ -=pod - -=head1 NAME - -CMS_verify_receipt - verify a CMS signed receipt - -=head1 SYNOPSIS - - #include - - int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags); - -=head1 DESCRIPTION - -CMS_verify_receipt() verifies a CMS signed receipt. B is the signed -receipt to verify. B is the original SignedData structure containing the -receipt request. B is a set of certificates in which to search for the -signing certificate. B is a trusted certificate store (used for chain -verification). - -B is an optional set of flags, which can be used to modify the verify -operation. - -=head1 NOTES - -This functions behaves in a similar way to CMS_verify() except the flag values -B, B, B and B are not -supported since they do not make sense in the context of signed receipts. - -=head1 RETURN VALUES - -CMS_verify_receipt() returns 1 for a successful verification and zero if an -error occurred. - -The error can be obtained from L - -=head1 SEE ALSO - -L, -L, -L, - -=head1 HISTORY - -CMS_verify_receipt() was added to OpenSSL 0.9.8 - -=cut -- cgit v1.2.3-55-g6feb