xref: /freebsd/crypto/openssl/doc/man3/CMS_verify.pod (revision 02e9120893770924227138ba49df1edb3896112a)
1=pod
2
3=head1 NAME
4
5CMS_verify, CMS_get0_signers - verify a CMS SignedData structure
6
7=head1 SYNOPSIS
8
9 #include <openssl/cms.h>
10
11 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
12                BIO *indata, BIO *out, unsigned int flags);
13
14 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
15
16=head1 DESCRIPTION
17
18CMS_verify() is very similar to L<PKCS7_verify(3)>. It verifies a
19B<CMS SignedData> structure contained in a structure of type B<CMS_ContentInfo>.
20I<cms> points to the B<CMS_ContentInfo> structure to verify.
21The optional I<certs> parameter refers to a set of certificates
22in which to search for signing certificates.
23I<cms> may contain extra untrusted CA certificates that may be used for
24chain building as well as CRLs that may be used for certificate validation.
25I<store> may be NULL or point to
26the trusted certificate store to use for chain verification.
27I<indata> refers to the signed data if the content is detached from I<cms>.
28Otherwise I<indata> should be NULL and the signed data must be in I<cms>.
29The content is written to the BIO I<out> unless it is NULL.
30I<flags> is an optional set of flags, which can be used to modify the operation.
31
32CMS_get0_signers() retrieves the signing certificate(s) from I<cms>, it may only
33be called after a successful CMS_verify() operation.
34
35=head1 VERIFY PROCESS
36
37Normally the verify process proceeds as follows.
38
39Initially some sanity checks are performed on I<cms>. The type of I<cms> must
40be SignedData. There must be at least one signature on the data and if
41the content is detached I<indata> cannot be NULL.
42
43An attempt is made to locate all the signing certificate(s), first looking in
44the I<certs> parameter (if it is not NULL) and then looking in any
45certificates contained in the I<cms> structure unless B<CMS_NOINTERN> is set.
46If any signing certificate cannot be located the operation fails.
47
48Each signing certificate is chain verified using the I<smimesign> purpose and
49using the trusted certificate store I<store> if supplied.
50Any internal certificates in the message, which may have been added using
51L<CMS_add1_cert(3)>, are used as untrusted CAs.
52If CRL checking is enabled in I<store> and B<CMS_NOCRL> is not set,
53any internal CRLs, which may have been added using L<CMS_add1_crl(3)>,
54are used in addition to attempting to look them up in I<store>.
55If I<store> is not NULL and any chain verify fails an error code is returned.
56
57Finally the signed content is read (and written to I<out> unless it is NULL)
58and the signature is checked.
59
60If all signatures verify correctly then the function is successful.
61
62Any of the following flags (ored together) can be passed in the I<flags>
63parameter to change the default verify behaviour.
64
65If B<CMS_NOINTERN> is set the certificates in the message itself are not
66searched when locating the signing certificate(s).
67This means that all the signing certificates must be in the I<certs> parameter.
68
69If B<CMS_NOCRL> is set and CRL checking is enabled in I<store> then any
70CRLs in the message itself are ignored.
71
72If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
73from the content. If the content is not of type B<text/plain> then an error is
74returned.
75
76If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
77chain verified, unless B<CMS_CADES> flag is also set.
78
79If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
80verified, unless CMS_CADES flag is also set.
81
82If B<CMS_CADES> is set, each signer certificate is checked against the
83ESS signingCertificate or ESS signingCertificateV2 extension
84that is required in the signed attributes of the signature.
85
86If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
87
88=head1 NOTES
89
90One application of B<CMS_NOINTERN> is to only accept messages signed by
91a small number of certificates. The acceptable certificates would be passed
92in the I<certs> parameter. In this case if the signer certificate is not one
93of the certificates supplied in I<certs> then the verify will fail because the
94signer cannot be found.
95
96In some cases the standard techniques for looking up and validating
97certificates are not appropriate: for example an application may wish to
98lookup certificates in a database or perform customised verification. This
99can be achieved by setting and verifying the signer certificates manually
100using the signed data utility functions.
101
102Care should be taken when modifying the default verify behaviour, for example
103setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
104and any modified content will be considered valid. This combination is however
105useful if one merely wishes to write the content to I<out> and its validity
106is not considered important.
107
108Chain verification should arguably be performed using the signing time rather
109than the current time. However, since the signing time is supplied by the
110signer it cannot be trusted without additional evidence (such as a trusted
111timestamp).
112
113=head1 RETURN VALUES
114
115CMS_verify() returns 1 for a successful verification and 0 if an error occurred.
116
117CMS_get0_signers() returns all signers or NULL if an error occurred.
118
119The error can be obtained from L<ERR_get_error(3)>
120
121=head1 BUGS
122
123The trusted certificate store is not searched for the signing certificate.
124This is primarily due to the inadequacies of the current B<X509_STORE>
125functionality.
126
127The lack of single pass processing means that the signed content must all
128be held in memory if it is not detached.
129
130=head1 SEE ALSO
131
132L<PKCS7_verify(3)>, L<CMS_add1_cert(3)>, L<CMS_add1_crl(3)>,
133L<OSSL_ESS_check_signing_certs(3)>,
134L<ERR_get_error(3)>, L<CMS_sign(3)>
135
136=head1 COPYRIGHT
137
138Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
139
140Licensed under the Apache License 2.0 (the "License").  You may not use
141this file except in compliance with the License.  You can obtain a copy
142in the file LICENSE in the source distribution or at
143L<https://www.openssl.org/source/license.html>.
144
145=cut
146