1*c4c55c71Sschwarze.\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $ 25c826b48Sschwarze.\" 35c826b48Sschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 45c826b48Sschwarze.\" 55c826b48Sschwarze.\" Permission to use, copy, modify, and distribute this software for any 65c826b48Sschwarze.\" purpose with or without fee is hereby granted, provided that the above 75c826b48Sschwarze.\" copyright notice and this permission notice appear in all copies. 85c826b48Sschwarze.\" 95c826b48Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 105c826b48Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 115c826b48Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 125c826b48Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 135c826b48Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 145c826b48Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 155c826b48Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 165c826b48Sschwarze.\" 17*c4c55c71Sschwarze.Dd $Mdocdate: June 6 2019 $ 185c826b48Sschwarze.Dt ESS_SIGNING_CERT_NEW 3 195c826b48Sschwarze.Os 205c826b48Sschwarze.Sh NAME 215c826b48Sschwarze.Nm ESS_SIGNING_CERT_new , 225c826b48Sschwarze.Nm ESS_SIGNING_CERT_free , 235c826b48Sschwarze.Nm ESS_CERT_ID_new , 245c826b48Sschwarze.Nm ESS_CERT_ID_free , 255c826b48Sschwarze.Nm ESS_ISSUER_SERIAL_new , 265c826b48Sschwarze.Nm ESS_ISSUER_SERIAL_free 275c826b48Sschwarze.Nd signing certificates for S/MIME 285c826b48Sschwarze.Sh SYNOPSIS 295c826b48Sschwarze.In openssl/ts.h 305c826b48Sschwarze.Ft ESS_SIGNING_CERT * 315c826b48Sschwarze.Fn ESS_SIGNING_CERT_new void 325c826b48Sschwarze.Ft void 335c826b48Sschwarze.Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert" 345c826b48Sschwarze.Ft ESS_CERT_ID * 355c826b48Sschwarze.Fn ESS_CERT_ID_new void 365c826b48Sschwarze.Ft void 375c826b48Sschwarze.Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id" 385c826b48Sschwarze.Ft ESS_ISSUER_SERIAL * 395c826b48Sschwarze.Fn ESS_ISSUER_SERIAL_new void 405c826b48Sschwarze.Ft void 415c826b48Sschwarze.Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial" 425c826b48Sschwarze.Sh DESCRIPTION 435c826b48SschwarzeThe signing certificate may be included in the signedAttributes 4456bc162bSschwarzefield of a 4556bc162bSschwarze.Vt SignerInfo 4656bc162bSschwarzestructure to mitigate simple substitution and re-issue attacks. 475c826b48Sschwarze.Pp 485c826b48Sschwarze.Fn ESS_SIGNING_CERT_new 495c826b48Sschwarzeallocates and initializes an empty 505c826b48Sschwarze.Vt ESS_SIGNING_CERT 5156bc162bSschwarzeobject, representing an ASN.1 5256bc162bSschwarze.Vt SigningCertificate 5356bc162bSschwarzestructure defined in RFC 2634 section 5.4. 545c826b48SschwarzeIt can hold the certificate used for signing the data, 555c826b48Sschwarzeadditional authorization certificates that can be used during 565c826b48Sschwarzevalidation, and policies applying to the certificate. 575c826b48Sschwarze.Fn ESS_SIGNING_CERT_free 585c826b48Sschwarzefrees 595c826b48Sschwarze.Fa signing_cert . 605c826b48Sschwarze.Pp 615c826b48Sschwarze.Fn ESS_CERT_ID_new 625c826b48Sschwarzeallocates and initializes an empty 635c826b48Sschwarze.Vt ESS_CERT_ID 6456bc162bSschwarzeobject, representing an ASN.1 6556bc162bSschwarze.Vt ESSCertID 6656bc162bSschwarzestructure defined in RFC 2634 section 5.4.1. 675c826b48SschwarzeSuch objects can be used inside 685c826b48Sschwarze.Vt ESS_SIGNING_CERT 69f83c3796Sjmcobjects, and each one can hold a SHA1 hash of one certificate. 705c826b48Sschwarze.Fn ESS_CERT_ID_free 715c826b48Sschwarzefrees 725c826b48Sschwarze.Fa cert_id . 735c826b48Sschwarze.Pp 745c826b48Sschwarze.Fn ESS_ISSUER_SERIAL_new 755c826b48Sschwarzeallocates and initializes an empty 765c826b48Sschwarze.Vt ESS_ISSUER_SERIAL 7756bc162bSschwarzeobject, representing an ASN.1 7856bc162bSschwarze.Vt IssuerSerial 7956bc162bSschwarzestructure defined in RFC 2634 section 5.4.1. 805c826b48SschwarzeIt can hold an issuer name and a serial number and can be included in an 815c826b48Sschwarze.Vt ESS_CERT_ID 825c826b48Sschwarzeobject, which is useful for additional authorization certificates, 835c826b48Sschwarzebut redundant for the signing certificate itself. 845c826b48Sschwarze.Fn ESS_ISSUER_SERIAL_free 855c826b48Sschwarzefrees 865c826b48Sschwarze.Fa issuer_serial . 875c826b48Sschwarze.Sh RETURN VALUES 885c826b48Sschwarze.Fn ESS_SIGNING_CERT_new , 895c826b48Sschwarze.Fn ESS_CERT_ID_new , 905c826b48Sschwarzeand 915c826b48Sschwarze.Fn ESS_ISSUER_SERIAL_new 925c826b48Sschwarzereturn the new 935c826b48Sschwarze.Vt ESS_SIGNING_CERT , 945c826b48Sschwarze.Vt ESS_CERT_ID , 955c826b48Sschwarzeor 965c826b48Sschwarze.Vt ESS_ISSUER_SERIAL 975c826b48Sschwarzeobject, respectively, or 985c826b48Sschwarze.Dv NULL 995c826b48Sschwarzeif an error occurred. 100*c4c55c71Sschwarze.Sh SEE ALSO 101*c4c55c71Sschwarze.Xr d2i_ESS_SIGNING_CERT 3 1025c826b48Sschwarze.Sh STANDARDS 1035c826b48SschwarzeRFC 2634: Enhanced Security Services for S/MIME, 1045c826b48Sschwarzesection 5: Signing Certificate Attribute 1055c826b48Sschwarze.Pp 1065c826b48SschwarzeNote that RFC 2634 has been updated by RFC 5035: 1075c826b48SschwarzeEnhanced Security Services (ESS) Update: 1085c826b48SschwarzeAdding CertID Algorithm Agility. 1095c826b48SschwarzeBut the current implementation only supports the 1105c826b48SschwarzeSigning Certificate Attribute Definition Version 1 1115c826b48Sschwarzeaccording to RFC 2634, not the 1125c826b48SschwarzeSigning Certificate Attribute Definition Version 2 1135c826b48Sschwarzeaccording to RFC 5035. 11456929f71Sschwarze.Sh HISTORY 11556929f71SschwarzeThese functions first appeared in OpenSSL 1.0.0 11656929f71Sschwarzeand have been available since 11756929f71Sschwarze.Ox 4.9 . 118