diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/openssl-smime.pod.in | 3 | ||||
| -rw-r--r-- | doc/man3/PKCS7_encrypt.pod | 25 | ||||
| -rw-r--r-- | doc/man3/PKCS7_sign.pod | 25 | ||||
| -rw-r--r-- | doc/man3/SMIME_read_PKCS7.pod | 18 | ||||
| -rw-r--r-- | doc/man3/X509_dup.pod | 15 |
5 files changed, 66 insertions, 20 deletions
diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in index b15be731c0..9f42c0c1fe 100644 --- a/doc/man1/openssl-smime.pod.in +++ b/doc/man1/openssl-smime.pod.in @@ -50,6 +50,7 @@ B<openssl> B<smime> {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_v_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} +{- $OpenSSL::safe::opt_config_synopsis -} I<recipcert> ... =for openssl ifdef engine @@ -292,6 +293,8 @@ Any verification errors cause the command to exit. {- $OpenSSL::safe::opt_provider_item -} +{- $OpenSSL::safe::opt_config_item -} + =item I<recipcert> ... One or more certificates of message recipients, used when encrypting diff --git a/doc/man3/PKCS7_encrypt.pod b/doc/man3/PKCS7_encrypt.pod index b2d07e8e15..36d638c8c6 100644 --- a/doc/man3/PKCS7_encrypt.pod +++ b/doc/man3/PKCS7_encrypt.pod @@ -2,20 +2,26 @@ =head1 NAME -PKCS7_encrypt - create a PKCS#7 envelopedData structure +PKCS7_encrypt_with_libctx, PKCS7_encrypt +- create a PKCS#7 envelopedData structure =head1 SYNOPSIS #include <openssl/pkcs7.h> + PKCS7 *PKCS7_encrypt_with_libctx(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, int flags, + OPENSSL_CTX *libctx, const char *propq); PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); =head1 DESCRIPTION -PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs> -is a list of recipient certificates. B<in> is the content to be encrypted. -B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. +PKCS7_encrypt_with_libctx() creates and returns a PKCS#7 envelopedData structure. +I<certs> is a list of recipient certificates. I<in> is the content to be +encrypted. I<cipher> is the symmetric cipher to use. I<flags> is an optional set +of flags. The library context I<libctx> and the property query I<propq> are used +when retrieving algorithms from providers. Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain RSA public keys, though @@ -60,10 +66,13 @@ PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 B<BIO> directly using BIO_new_PKCS7(). +PKCS7_encrypt() is similar to PKCS7_encrypt_with_libctx() but uses default +values of NULL for the library context I<libctx> and the property query I<propq>. + =head1 RETURN VALUES -PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. -The error can be obtained from ERR_get_error(3). +PKCS7_encrypt_with_libctx() and PKCS7_encrypt() return either a PKCS7 structure +or NULL if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -71,11 +80,13 @@ L<ERR_get_error(3)>, L<PKCS7_decrypt(3)> =head1 HISTORY +The function PKCS7_encrypt_with_libctx() was added in OpenSSL 3.0. + The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod index f53e7b4c17..c5d6fd73c3 100644 --- a/doc/man3/PKCS7_sign.pod +++ b/doc/man3/PKCS7_sign.pod @@ -2,21 +2,27 @@ =head1 NAME -PKCS7_sign - create a PKCS#7 signedData structure +PKCS7_sign_with_libctx, PKCS7_sign +- create a PKCS#7 signedData structure =head1 SYNOPSIS #include <openssl/pkcs7.h> + PKCS7 *PKCS7_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, int flags, + OPENSSL_CTX *libctx, const char *propq); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); =head1 DESCRIPTION -PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is -the certificate to sign with, B<pkey> is the corresponding private key. -B<certs> is an optional additional set of certificates to include in the PKCS#7 -structure (for example any intermediate CAs in the chain). +PKCS7_sign_with_libctx() creates and returns a PKCS#7 signedData structure. +I<igncert> is the certificate to sign with, Ipkey> is the corresponding +private key. I<certs> is an optional additional set of certificates to include +in the PKCS#7 structure (for example any intermediate CAs in the chain). The +library context I<libctx> and property query I<propq> are used when +retrieving algorithms from providers. The data to be signed is read from BIO B<data>. @@ -88,14 +94,17 @@ PKCS#7 structure is output. In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must B<NOT> be NULL. +PKCS7_sign() is similar to PKCS7_sign_with_libctx() but uses default values of +NULL for the library context I<libctx> and the property query I<propq>. + =head1 BUGS Some advanced attributes such as counter signatures are not supported. =head1 RETURN VALUES -PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). +PKCS7_sign_with_libctx() and PKCS7_sign() return either a valid PKCS7 structure +or NULL if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -103,6 +112,8 @@ L<ERR_get_error(3)>, L<PKCS7_verify(3)> =head1 HISTORY +The function PKCS7_sign_with_libctx() was added in OpenSSL 3.0. + The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>, and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0. diff --git a/doc/man3/SMIME_read_PKCS7.pod b/doc/man3/SMIME_read_PKCS7.pod index 4b03f641e3..791c49ff75 100644 --- a/doc/man3/SMIME_read_PKCS7.pod +++ b/doc/man3/SMIME_read_PKCS7.pod @@ -2,12 +2,13 @@ =head1 NAME -SMIME_read_PKCS7 - parse S/MIME message +SMIME_read_PKCS7_ex, SMIME_read_PKCS7 - parse S/MIME message =head1 SYNOPSIS #include <openssl/pkcs7.h> + PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); =head1 DESCRIPTION @@ -23,6 +24,11 @@ B<*bcont> is set to B<NULL>. The parsed PKCS#7 structure is returned or B<NULL> if an error occurred. +SMIME_read_PKCS7_ex() is similar to SMIME_read_PKCS7() but can optionally supply +a previously created I<p7> PKCS#7 object. If I<p7> is NULL then it is identical +to SMIME_read_PKCS7(). +To create a I<p7> object use L<PKCS7_new_with_libctx(3)>. + =head1 NOTES If B<*bcont> is not B<NULL> then the message is clear text @@ -56,8 +62,8 @@ streaming single pass option should be available. =head1 RETURN VALUES -SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL> -if an error occurred. The error can be obtained from ERR_get_error(3). +SMIME_read_PKCS7_ex() and SMIME_read_PKCS7() return a valid B<PKCS7> structure +or B<NULL> if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -66,9 +72,13 @@ L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>, L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)> L<PKCS7_decrypt(3)> +=head1 HISTORY + +The function SMIME_read_PKCS7_ex() was added in OpenSSL 3.0. + =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 18ba40cee6..76b77c1195 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -29,6 +29,7 @@ CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, +CMS_ContentInfo_new_with_libctx, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, @@ -201,6 +202,7 @@ PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, +PKCS7_new_with_libctx, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, @@ -335,6 +337,10 @@ to generate the function bodies. B<I<TYPE>_new>() allocates an empty object of the indicated type. The object returned must be released by calling B<I<TYPE>_free>(). +B<I<TYPE>_new_with_libctx>() is similiar to B<I<TYPE>_new>() but also passes the +library context I<libctx> and the property query I<propq> to use when retrieving +algorithms from providers. + B<I<TYPE>_dup>() copies an existing object, leaving it untouched. B<I<TYPE>_free>() releases the object and all pointers and sub-objects @@ -348,11 +354,16 @@ user-defined, then pass in any I<pctx> down to any nested calls. =head1 RETURN VALUES -B<I<TYPE>_new>() and B<I<TYPE>_dup>() return a pointer to the object or NULL on -failure. +B<I<TYPE>_new>(), B<I<TYPE>_new_ex>() and B<I<TYPE>_dup>() return a pointer to +the object or NULL on failure. B<I<TYPE>_print_ctx>() returns 1 on success or zero on failure. +=head1 HISTORY + +The functions PKCS7_new_with_libctx() and CMS_ContentInfo_new_with_libctx() were +added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |