xref: /freebsd/crypto/openssl/doc/man3/PKCS7_verify.pod (revision 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)
1=pod
2
3=head1 NAME
4
5PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
6
7=head1 SYNOPSIS
8
9 #include <openssl/pkcs7.h>
10
11 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
12                  BIO *indata, BIO *out, int flags);
13
14 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
15
16=head1 DESCRIPTION
17
18PKCS7_verify() is very similar to L<CMS_verify(3)>.
19It verifies a PKCS#7 signedData structure given in I<p7>.
20The optional I<certs> parameter refers to a set of certificates
21in which to search for signer's certificates.
22I<p7> may contain extra untrusted CA certificates that may be used for
23chain building as well as CRLs that may be used for certificate validation.
24I<store> may be NULL or point to
25the trusted certificate store to use for chain verification.
26I<indata> refers to the signed data if the content is detached from I<p7>.
27Otherwise I<indata> should be NULL, and then the signed data must be in I<p7>.
28The content is written to the BIO I<out> unless it is NULL.
29I<flags> is an optional set of flags, which can be used to modify the operation.
30
31PKCS7_get0_signers() retrieves the signer's certificates from I<p7>, it does
32B<not> check their validity or whether any signatures are valid. The I<certs>
33and I<flags> parameters have the same meanings as in PKCS7_verify().
34
35=head1 VERIFY PROCESS
36
37Normally the verify process proceeds as follows.
38
39Initially some sanity checks are performed on I<p7>. The type of I<p7> must
40be SignedData. There must be at least one signature on the data and if
41the content is detached I<indata> cannot be NULL.  If the content is
42not detached and I<indata> is not NULL then the structure has both
43embedded and external content. To treat this as an error, use the flag
44B<PKCS7_NO_DUAL_CONTENT>.
45The default behavior allows this, for compatibility with older
46versions of OpenSSL.
47
48An attempt is made to locate all the signer's certificates, first looking in
49the I<certs> parameter (if it is not NULL). Then they are looked up in any
50certificates contained in the I<p7> structure unless B<PKCS7_NOINTERN> is set.
51If any signer's certificates cannot be located the operation fails.
52
53Each signer's certificate is chain verified using the B<smimesign> purpose and
54using the trusted certificate store I<store> if supplied.
55Any internal certificates in the message, which may have been added using
56L<PKCS7_add_certificate(3)>, are used as untrusted CAs unless B<PKCS7_NOCHAIN>
57is set.
58If CRL checking is enabled in I<store> and B<PKCS7_NOCRL> is not set,
59any internal CRLs, which may have been added using L<PKCS7_add_crl(3)>,
60are used in addition to attempting to look them up in I<store>.
61If I<store> is not NULL and any chain verify fails an error code is returned.
62
63Finally the signed content is read (and written to I<out> unless it is NULL)
64and the signature is checked.
65
66If all signatures verify correctly then the function is successful.
67
68Any of the following flags (ored together) can be passed in the I<flags>
69parameter to change the default verify behaviour.
70Only the flag B<PKCS7_NOINTERN> is meaningful to PKCS7_get0_signers().
71
72If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
73searched when locating the signer's certificates.
74This means that all the signer's certificates must be in the I<certs> parameter.
75
76If B<PKCS7_NOCRL> is set and CRL checking is enabled in I<store> then any
77CRLs in the message itself are ignored.
78
79If the B<PKCS7_TEXT> flag is set MIME headers for type C<text/plain> are deleted
80from the content. If the content is not of type C<text/plain> then an error is
81returned.
82
83If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
84
85If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
86not used as untrusted CAs. This means that the whole verify chain (apart from
87the signer's certificates) must be contained in the trusted store.
88
89If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
90
91=head1 NOTES
92
93One application of B<PKCS7_NOINTERN> is to only accept messages signed by
94a small number of certificates. The acceptable certificates would be passed
95in the I<certs> parameter. In this case if the signer's certificate is not one
96of the certificates supplied in I<certs> then the verify will fail because the
97signer cannot be found.
98
99Care should be taken when modifying the default verify behaviour, for example
100setting C<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
101and any signed message will be considered valid. This combination is however
102useful if one merely wishes to write the content to I<out> and its validity
103is not considered important.
104
105Chain verification should arguably be performed using the signing time rather
106than the current time. However, since the signing time is supplied by the
107signer it cannot be trusted without additional evidence (such as a trusted
108timestamp).
109
110=head1 RETURN VALUES
111
112PKCS7_verify() returns 1 for a successful verification and 0 if an error occurs.
113
114PKCS7_get0_signers() returns all signers or NULL if an error occurred.
115
116The error can be obtained from L<ERR_get_error(3)>.
117
118=head1 BUGS
119
120The trusted certificate store is not searched for the signer's certificates.
121This is primarily due to the inadequacies of the current B<X509_STORE>
122functionality.
123
124The lack of single pass processing means that the signed content must all
125be held in memory if it is not detached.
126
127=head1 SEE ALSO
128
129L<CMS_verify(3)>, L<PKCS7_add_certificate(3)>, L<PKCS7_add_crl(3)>,
130L<ERR_get_error(3)>, L<PKCS7_sign(3)>
131
132=head1 COPYRIGHT
133
134Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
135
136Licensed under the Apache License 2.0 (the "License").  You may not use
137this file except in compliance with the License.  You can obtain a copy
138in the file LICENSE in the source distribution or at
139L<https://www.openssl.org/source/license.html>.
140
141=cut
142