1 files changed, 165 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3
new file mode 100644
index 0000000000..47307fdaa1
--- /dev/null
+++ b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -0,0 +1,165 @@
+.\" $OpenBSD: CMS_add1_recipient_cert.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
+.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 10 2019 $
+.Dt CMS_ADD1_RECIPIENT_CERT 3
+.Os
+.Sh NAME
+.Nm CMS_add1_recipient_cert ,
+.Nm CMS_add0_recipient_key
+.Nd add recipients to a CMS enveloped data structure
+.Sh SYNOPSIS
+.In openssl/cms.h
+.Ft CMS_RecipientInfo *
+.Fo CMS_add1_recipient_cert
+.Fa "CMS_ContentInfo *cms"
+.Fa "X509 *recip"
+.Fa "unsigned int flags"
+.Fc
+.Ft CMS_RecipientInfo *
+.Fo CMS_add0_recipient_key
+.Fa "CMS_ContentInfo *cms"
+.Fa "int nid"
+.Fa "unsigned char *key"
+.Fa "size_t keylen"
+.Fa "unsigned char *id"
+.Fa "size_t idlen"
+.Fa "ASN1_GENERALIZEDTIME *date"
+.Fa "ASN1_OBJECT *otherTypeId"
+.Fa "ASN1_TYPE *otherType"
+.Fc
+.Sh DESCRIPTION
+.Fn CMS_add1_recipient_cert
+adds the recipient
+.Fa recip
+to the
+.Vt CMS_ContentInfo
+enveloped data structure
+.Fa cms
+as a KeyTransRecipientInfo structure.
+.Pp
+.Fn CMS_add0_recipient_key
+adds the symmetric key
+.Fa key
+of length
+.Fa keylen
+using the wrapping algorithm
+.Fa nid ,
+the identifier
+.Fa id
+of length
+.Fa idlen ,
+and the optional values
+.Fa date ,
+.Fa otherTypeId
+and
+.Fa otherType
+to the
+.Vt CMS_ContentInfo
+enveloped data structure
+.Fa cms
+as a KEKRecipientInfo structure.
+.Pp
+The
+.Vt CMS_ContentInfo
+structure should be obtained from an initial call to
+.Xr CMS_encrypt 3
+with the flag
+.Dv CMS_PARTIAL
+set.
+.Pp
+The main purpose of this function is to provide finer control over a CMS
+enveloped data structure where the simpler
+.Xr CMS_encrypt 3
+function defaults are not appropriate,
+for example if one or more KEKRecipientInfo structures need to be added.
+New attributes can also be added using the returned
+.Vt CMS_RecipientInfo
+structure and the CMS attribute utility functions.
+.Pp
+By default, recipient certificates are identified using issuer
+name and serial number.
+If the flag
+.Dv CMS_USE_KEYID
+is set, it will use the subject key identifier value instead.
+An error occurs if all recipient certificates do not have a subject key
+identifier extension.
+.Pp
+Currently only AES based key wrapping algorithms are supported for
+.Fa nid ,
+specifically
+.Dv NID_id_aes128_wrap ,
+.Dv NID_id_aes192_wrap ,
+and
+.Dv NID_id_aes256_wrap .
+If
+.Fa nid
+is set to
+.Dv NID_undef ,
+then an AES wrap algorithm will be used consistent with
+.Fa keylen .
+.Sh RETURN VALUES
+.Fn CMS_add1_recipient_cert
+and
+.Fn CMS_add0_recipient_key
+return an internal pointer to the
+.Vt CMS_RecipientInfo
+structure just added or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr CMS_decrypt 3 ,
+.Xr CMS_final 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn CMS_add1_recipient_cert
+and
+.Fn CMS_add0_recipient_key
+were added to OpenSSL 0.9.8.

diff --git a/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 new file mode 100644 index 0000000000..47307fdaa1 --- /dev/null +++ b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -0,0 +1,165 @@
	1	.\" $OpenBSD: CMS_add1_recipient_cert.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
	5	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\"
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\"
	14	.\" 2. Redistributions in binary form must reproduce the above copyright
	15	.\" notice, this list of conditions and the following disclaimer in
	16	.\" the documentation and/or other materials provided with the
	17	.\" distribution.
	18	.\"
	19	.\" 3. All advertising materials mentioning features or use of this
	20	.\" software must display the following acknowledgment:
	21	.\" "This product includes software developed by the OpenSSL Project
	22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	.\"
	24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	.\" endorse or promote products derived from this software without
	26	.\" prior written permission. For written permission, please contact
	27	.\" openssl-core@openssl.org.
	28	.\"
	29	.\" 5. Products derived from this software may not be called "OpenSSL"
	30	.\" nor may "OpenSSL" appear in their names without prior written
	31	.\" permission of the OpenSSL Project.
	32	.\"
	33	.\" 6. Redistributions of any form whatsoever must retain the following
	34	.\" acknowledgment:
	35	.\" "This product includes software developed by the OpenSSL Project
	36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	.\"
	38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	50	.\"
	51	.Dd $Mdocdate: August 10 2019 $
	52	.Dt CMS_ADD1_RECIPIENT_CERT 3
	53	.Os
	54	.Sh NAME
	55	.Nm CMS_add1_recipient_cert ,
	56	.Nm CMS_add0_recipient_key
	57	.Nd add recipients to a CMS enveloped data structure
	58	.Sh SYNOPSIS
	59	.In openssl/cms.h
	60	.Ft CMS_RecipientInfo *
	61	.Fo CMS_add1_recipient_cert
	62	.Fa "CMS_ContentInfo *cms"
	63	.Fa "X509 *recip"
	64	.Fa "unsigned int flags"
	65	.Fc
	66	.Ft CMS_RecipientInfo *
	67	.Fo CMS_add0_recipient_key
	68	.Fa "CMS_ContentInfo *cms"
	69	.Fa "int nid"
	70	.Fa "unsigned char *key"
	71	.Fa "size_t keylen"
	72	.Fa "unsigned char *id"
	73	.Fa "size_t idlen"
	74	.Fa "ASN1_GENERALIZEDTIME *date"
	75	.Fa "ASN1_OBJECT *otherTypeId"
	76	.Fa "ASN1_TYPE *otherType"
	77	.Fc
	78	.Sh DESCRIPTION
	79	.Fn CMS_add1_recipient_cert
	80	adds the recipient
	81	.Fa recip
	82	to the
	83	.Vt CMS_ContentInfo
	84	enveloped data structure
	85	.Fa cms
	86	as a KeyTransRecipientInfo structure.
	87	.Pp
	88	.Fn CMS_add0_recipient_key
	89	adds the symmetric key
	90	.Fa key
	91	of length
	92	.Fa keylen
	93	using the wrapping algorithm
	94	.Fa nid ,
	95	the identifier
	96	.Fa id
	97	of length
	98	.Fa idlen ,
	99	and the optional values
	100	.Fa date ,
	101	.Fa otherTypeId
	102	and
	103	.Fa otherType
	104	to the
	105	.Vt CMS_ContentInfo
	106	enveloped data structure
	107	.Fa cms
	108	as a KEKRecipientInfo structure.
	109	.Pp
	110	The
	111	.Vt CMS_ContentInfo
	112	structure should be obtained from an initial call to
	113	.Xr CMS_encrypt 3
	114	with the flag
	115	.Dv CMS_PARTIAL
	116	set.
	117	.Pp
	118	The main purpose of this function is to provide finer control over a CMS
	119	enveloped data structure where the simpler
	120	.Xr CMS_encrypt 3
	121	function defaults are not appropriate,
	122	for example if one or more KEKRecipientInfo structures need to be added.
	123	New attributes can also be added using the returned
	124	.Vt CMS_RecipientInfo
	125	structure and the CMS attribute utility functions.
	126	.Pp
	127	By default, recipient certificates are identified using issuer
	128	name and serial number.
	129	If the flag
	130	.Dv CMS_USE_KEYID
	131	is set, it will use the subject key identifier value instead.
	132	An error occurs if all recipient certificates do not have a subject key
	133	identifier extension.
	134	.Pp
	135	Currently only AES based key wrapping algorithms are supported for
	136	.Fa nid ,
	137	specifically
	138	.Dv NID_id_aes128_wrap ,
	139	.Dv NID_id_aes192_wrap ,
	140	and
	141	.Dv NID_id_aes256_wrap .
	142	If
	143	.Fa nid
	144	is set to
	145	.Dv NID_undef ,
	146	then an AES wrap algorithm will be used consistent with
	147	.Fa keylen .
	148	.Sh RETURN VALUES
	149	.Fn CMS_add1_recipient_cert
	150	and
	151	.Fn CMS_add0_recipient_key
	152	return an internal pointer to the
	153	.Vt CMS_RecipientInfo
	154	structure just added or
	155	.Dv NULL
	156	if an error occurs.
	157	.Sh SEE ALSO
	158	.Xr CMS_decrypt 3 ,
	159	.Xr CMS_final 3 ,
	160	.Xr ERR_get_error 3
	161	.Sh HISTORY
	162	.Fn CMS_add1_recipient_cert
	163	and
	164	.Fn CMS_add0_recipient_key
	165	were added to OpenSSL 0.9.8.