xref: /freebsd/crypto/openssl/doc/man3/CMS_verify.pod (revision f6a3b357e9be4c6423c85eff9a847163a0d307c8)
1=pod
2
3=head1 NAME
4
5CMS_verify, CMS_get0_signers - verify a CMS SignedData structure
6
7=head1 SYNOPSIS
8
9 #include <openssl/cms.h>
10
11 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
12                BIO *indata, BIO *out, unsigned int flags);
13
14 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
15
16=head1 DESCRIPTION
17
18CMS_verify() verifies a CMS SignedData structure. B<cms> is the CMS_ContentInfo
19structure to verify. B<certs> is a set of certificates in which to search for
20the signing certificate(s). B<store> is a trusted certificate store used for
21chain verification. B<indata> is the detached content if the content is not
22present in B<cms>. The content is written to B<out> if it is not NULL.
23
24B<flags> is an optional set of flags, which can be used to modify the verify
25operation.
26
27CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it must
28be called after a successful CMS_verify() operation.
29
30=head1 VERIFY PROCESS
31
32Normally the verify process proceeds as follows.
33
34Initially some sanity checks are performed on B<cms>. The type of B<cms> must
35be SignedData. There must be at least one signature on the data and if
36the content is detached B<indata> cannot be B<NULL>.
37
38An attempt is made to locate all the signing certificate(s), first looking in
39the B<certs> parameter (if it is not NULL) and then looking in any
40certificates contained in the B<cms> structure itself. If any signing
41certificate cannot be located the operation fails.
42
43Each signing certificate is chain verified using the B<smimesign> purpose and
44the supplied trusted certificate store. Any internal certificates in the message
45are used as untrusted CAs. If CRL checking is enabled in B<store> any internal
46CRLs are used in addition to attempting to look them up in B<store>. If any
47chain verify fails an error code is returned.
48
49Finally the signed content is read (and written to B<out> if it is not NULL)
50and the signature's checked.
51
52If all signature's verify correctly then the function is successful.
53
54Any of the following flags (ored together) can be passed in the B<flags>
55parameter to change the default verify behaviour.
56
57If B<CMS_NOINTERN> is set the certificates in the message itself are not
58searched when locating the signing certificate(s). This means that all the
59signing certificates must be in the B<certs> parameter.
60
61If B<CMS_NOCRL> is set and CRL checking is enabled in B<store> then any
62CRLs in the message itself are ignored.
63
64If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
65from the content. If the content is not of type B<text/plain> then an error is
66returned.
67
68If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
69verified.
70
71If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
72verified.
73
74If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
75
76=head1 NOTES
77
78One application of B<CMS_NOINTERN> is to only accept messages signed by
79a small number of certificates. The acceptable certificates would be passed
80in the B<certs> parameter. In this case if the signer is not one of the
81certificates supplied in B<certs> then the verify will fail because the
82signer cannot be found.
83
84In some cases the standard techniques for looking up and validating
85certificates are not appropriate: for example an application may wish to
86lookup certificates in a database or perform customised verification. This
87can be achieved by setting and verifying the signers certificates manually
88using the signed data utility functions.
89
90Care should be taken when modifying the default verify behaviour, for example
91setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
92and any modified content will be considered valid. This combination is however
93useful if one merely wishes to write the content to B<out> and its validity
94is not considered important.
95
96Chain verification should arguably be performed using the signing time rather
97than the current time. However since the signing time is supplied by the
98signer it cannot be trusted without additional evidence (such as a trusted
99timestamp).
100
101=head1 RETURN VALUES
102
103CMS_verify() returns 1 for a successful verification and zero if an error
104occurred.
105
106CMS_get0_signers() returns all signers or NULL if an error occurred.
107
108The error can be obtained from L<ERR_get_error(3)>
109
110=head1 BUGS
111
112The trusted certificate store is not searched for the signing certificate,
113this is primarily due to the inadequacies of the current B<X509_STORE>
114functionality.
115
116The lack of single pass processing means that the signed content must all
117be held in memory if it is not detached.
118
119=head1 SEE ALSO
120
121L<ERR_get_error(3)>, L<CMS_sign(3)>
122
123=head1 COPYRIGHT
124
125Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
126
127Licensed under the OpenSSL license (the "License").  You may not use
128this file except in compliance with the License.  You can obtain a copy
129in the file LICENSE in the source distribution or at
130L<https://www.openssl.org/source/license.html>.
131
132=cut
133