Re-convert and re-import the CMS manual pages from OpenSSL 1.1.1

(which are still under a free license) with pod2mdoc(1) now that
jsing@ has begun work to provide these APIs.
Some formatting was improved and some typos were fixed, but apart
from that, little was changed, so there is still much to polish.

1 files changed, 165 insertions, 0 deletions

diff --git a/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3
new file mode 100644
index 0000000000..47307fdaa1
--- /dev/null
+++ b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -0,0 +1,165 @@
+.\" $OpenBSD: CMS_add1_recipient_cert.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
+.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 10 2019 $
+.Dt CMS_ADD1_RECIPIENT_CERT 3
+.Os
+.Sh NAME
+.Nm CMS_add1_recipient_cert ,
+.Nm CMS_add0_recipient_key
+.Nd add recipients to a CMS enveloped data structure
+.Sh SYNOPSIS
+.In openssl/cms.h
+.Ft CMS_RecipientInfo *
+.Fo CMS_add1_recipient_cert
+.Fa "CMS_ContentInfo *cms"
+.Fa "X509 *recip"
+.Fa "unsigned int flags"
+.Fc
+.Ft CMS_RecipientInfo *
+.Fo CMS_add0_recipient_key
+.Fa "CMS_ContentInfo *cms"
+.Fa "int nid"
+.Fa "unsigned char *key"
+.Fa "size_t keylen"
+.Fa "unsigned char *id"
+.Fa "size_t idlen"
+.Fa "ASN1_GENERALIZEDTIME *date"
+.Fa "ASN1_OBJECT *otherTypeId"
+.Fa "ASN1_TYPE *otherType"
+.Fc
+.Sh DESCRIPTION
+.Fn CMS_add1_recipient_cert
+adds the recipient
+.Fa recip
+to the
+.Vt CMS_ContentInfo
+enveloped data structure
+.Fa cms
+as a KeyTransRecipientInfo structure.
+.Pp
+.Fn CMS_add0_recipient_key
+adds the symmetric key
+.Fa key
+of length
+.Fa keylen
+using the wrapping algorithm
+.Fa nid ,
+the identifier
+.Fa id
+of length
+.Fa idlen ,
+and the optional values
+.Fa date ,
+.Fa otherTypeId
+and
+.Fa otherType
+to the
+.Vt CMS_ContentInfo
+enveloped data structure
+.Fa cms
+as a KEKRecipientInfo structure.
+.Pp
+The
+.Vt CMS_ContentInfo
+structure should be obtained from an initial call to
+.Xr CMS_encrypt 3
+with the flag
+.Dv CMS_PARTIAL
+set.
+.Pp
+The main purpose of this function is to provide finer control over a CMS
+enveloped data structure where the simpler
+.Xr CMS_encrypt 3
+function defaults are not appropriate,
+for example if one or more KEKRecipientInfo structures need to be added.
+New attributes can also be added using the returned
+.Vt CMS_RecipientInfo
+structure and the CMS attribute utility functions.
+.Pp
+By default, recipient certificates are identified using issuer
+name and serial number.
+If the flag
+.Dv CMS_USE_KEYID
+is set, it will use the subject key identifier value instead.
+An error occurs if all recipient certificates do not have a subject key
+identifier extension.
+.Pp
+Currently only AES based key wrapping algorithms are supported for
+.Fa nid ,
+specifically
+.Dv NID_id_aes128_wrap ,
+.Dv NID_id_aes192_wrap ,
+and
+.Dv NID_id_aes256_wrap .
+If
+.Fa nid
+is set to
+.Dv NID_undef ,
+then an AES wrap algorithm will be used consistent with
+.Fa keylen .
+.Sh RETURN VALUES
+.Fn CMS_add1_recipient_cert
+and
+.Fn CMS_add0_recipient_key
+return an internal pointer to the
+.Vt CMS_RecipientInfo
+structure just added or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr CMS_decrypt 3 ,
+.Xr CMS_final 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn CMS_add1_recipient_cert
+and
+.Fn CMS_add0_recipient_key
+were added to OpenSSL 0.9.8.