1 files changed, 0 insertions, 127 deletions
diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3
deleted file mode 100644
index 3a34f10783..0000000000
--- a/src/lib/libcrypto/man/CMS_decrypt.3
+++ /dev/null
@@ -1,127 +0,0 @@
-.Dd $Mdocdate: November 11 2015 $
-.Dt CMS_DECRYPT 3
-.Os
-.Sh NAME
-.Nm CMS_decrypt
-.Nd decrypt content from a CMS envelopedData structure
-.Sh SYNOPSIS
-.In openssl/cms.h
-.Ft int
-.Fo CMS_decrypt
-.Fa "CMS_ContentInfo *cms"
-.Fa "EVP_PKEY *pkey"
-.Fa "X509 *cert"
-.Fa "BIO *dcont"
-.Fa "BIO *out"
-.Fa "unsigned int flags"
-.Fc
-.Sh DESCRIPTION
-.Fn CMS_decrypt
-extracts and decrypts the content from a CMS EnvelopedData structure.
-.Fa pkey
-is the private key of the recipient,
-.Fa cert
-is the recipient's certificate,
-.Fa out
-is a
-.Vt BIO
-to write the content to and
-.Fa flags
-is an optional set of flags.
-.Pp
-The
-.Fa dcont
-parameter is used in the rare case where the encrypted content is
-detached.
-It will normally be set to
-.Dv NULL .
-.Sh NOTES
-.Xr OpenSSL_add_all_algorithms 3
-(or equivalent) should be called before using this function or errors
-about unknown algorithms will occur.
-.Pp
-Although the recipients certificate is not needed to decrypt the data it
-is needed to locate the appropriate (of possible several) recipients in
-the CMS structure.
-.Pp
-If
-.Fa cert
-is set to
-.Dv NULL ,
-all possible recipients are tried.
-This case however is problematic.
-To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
-padding) all recipients are tried whether they succeed or not.
-If no recipient succeeds then a random symmetric key is used to decrypt
-the content: this will typically output garbage and may (but is not
-guaranteed to) ultimately return a padding error only.
-If
-.Fn CMS_decrypt
-just returned an error when all recipient encrypted keys failed to
-decrypt an attacker could use this in a timing attack.
-If the special flag
-.Dv CMS_DEBUG_DECRYPT
-is set then the above behaviour is modified and an error
-.Em is
-returned if no recipient encrypted key can be decrypted
-.Em without
-generating a random content encryption key.
-Applications should use this flag with
-.Sy extreme caution
-especially in automated gateways as it can leave them open to attack.
-.Pp
-It is possible to determine the correct recipient key by other means
-(for example looking them up in a database) and setting them in the CMS
-structure in advance using the CMS utility functions such as
-.Xr CMS_set1_pkey 3 .
-In this case both
-.Fa cert
-and
-.Fa pkey
-should be set to
-.Dv NULL .
-.Pp
-To process KEKRecipientInfo types
-.Xr CMS_set1_key 3
-or
-.Xr CMS_RecipientInfo_set0_key 3
-and
-.Xr CMS_ReceipientInfo_decrypt 3
-should be called before
-.Fn CMS_decrypt
-and
-.Fa cert
-and
-.Fa pkey
-set to
-.Dv NULL .
-.Pp
-The following flags can be passed in the
-.Fa flags
-parameter:
-.Pp
-If the
-.Dv CMS_TEXT
-flag is set MIME headers for type
-.Sy text/plain
-are deleted from the content.
-If the content is not of type
-.Sy text/plain
-then an error is returned.
-.Sh RETURN VALUES
-.Fn CMS_decrypt
-returns either 1 for success or 0 for failure.
-The error can be obtained from
-.Xr ERR_get_error 3 .
-.Sh BUGS
-The lack of single pass processing and the need to hold all data in
-memory as mentioned in
-.Xr CMS_verify 3
-also applies to
-.Fn CMS_decrypt .
-.Sh SEE ALSO
-.Xr CMS_encrypt 3 ,
-.Xr ERR_get_error 3
-.Sh HISTORY
-.Fn CMS_decrypt
-was added to OpenSSL 0.9.8.

diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3 deleted file mode 100644 index 3a34f10783..0000000000 --- a/src/lib/libcrypto/man/CMS_decrypt.3 +++ /dev/null
@@ -1,127 +0,0 @@
1	.Dd $Mdocdate: November 11 2015 $
2	.Dt CMS_DECRYPT 3
3	.Os
4	.Sh NAME
5	.Nm CMS_decrypt
6	.Nd decrypt content from a CMS envelopedData structure
7	.Sh SYNOPSIS
8	.In openssl/cms.h
9	.Ft int
10	.Fo CMS_decrypt
11	.Fa "CMS_ContentInfo *cms"
12	.Fa "EVP_PKEY *pkey"
13	.Fa "X509 *cert"
14	.Fa "BIO *dcont"
15	.Fa "BIO *out"
16	.Fa "unsigned int flags"
17	.Fc
18	.Sh DESCRIPTION
19	.Fn CMS_decrypt
20	extracts and decrypts the content from a CMS EnvelopedData structure.
21	.Fa pkey
22	is the private key of the recipient,
23	.Fa cert
24	is the recipient's certificate,
25	.Fa out
26	is a
27	.Vt BIO
28	to write the content to and
29	.Fa flags
30	is an optional set of flags.
31	.Pp
32	The
33	.Fa dcont
34	parameter is used in the rare case where the encrypted content is
35	detached.
36	It will normally be set to
37	.Dv NULL .
38	.Sh NOTES
39	.Xr OpenSSL_add_all_algorithms 3
40	(or equivalent) should be called before using this function or errors
41	about unknown algorithms will occur.
42	.Pp
43	Although the recipients certificate is not needed to decrypt the data it
44	is needed to locate the appropriate (of possible several) recipients in
45	the CMS structure.
46	.Pp
47	If
48	.Fa cert
49	is set to
50	.Dv NULL ,
51	all possible recipients are tried.
52	This case however is problematic.
53	To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
54	padding) all recipients are tried whether they succeed or not.
55	If no recipient succeeds then a random symmetric key is used to decrypt
56	the content: this will typically output garbage and may (but is not
57	guaranteed to) ultimately return a padding error only.
58	If
59	.Fn CMS_decrypt
60	just returned an error when all recipient encrypted keys failed to
61	decrypt an attacker could use this in a timing attack.
62	If the special flag
63	.Dv CMS_DEBUG_DECRYPT
64	is set then the above behaviour is modified and an error
65	.Em is
66	returned if no recipient encrypted key can be decrypted
67	.Em without
68	generating a random content encryption key.
69	Applications should use this flag with
70	.Sy extreme caution
71	especially in automated gateways as it can leave them open to attack.
72	.Pp
73	It is possible to determine the correct recipient key by other means
74	(for example looking them up in a database) and setting them in the CMS
75	structure in advance using the CMS utility functions such as
76	.Xr CMS_set1_pkey 3 .
77	In this case both
78	.Fa cert
79	and
80	.Fa pkey
81	should be set to
82	.Dv NULL .
83	.Pp
84	To process KEKRecipientInfo types
85	.Xr CMS_set1_key 3
86	or
87	.Xr CMS_RecipientInfo_set0_key 3
88	and
89	.Xr CMS_ReceipientInfo_decrypt 3
90	should be called before
91	.Fn CMS_decrypt
92	and
93	.Fa cert
94	and
95	.Fa pkey
96	set to
97	.Dv NULL .
98	.Pp
99	The following flags can be passed in the
100	.Fa flags
101	parameter:
102	.Pp
103	If the
104	.Dv CMS_TEXT
105	flag is set MIME headers for type
106	.Sy text/plain
107	are deleted from the content.
108	If the content is not of type
109	.Sy text/plain
110	then an error is returned.
111	.Sh RETURN VALUES
112	.Fn CMS_decrypt
113	returns either 1 for success or 0 for failure.
114	The error can be obtained from
115	.Xr ERR_get_error 3 .
116	.Sh BUGS
117	The lack of single pass processing and the need to hold all data in
118	memory as mentioned in
119	.Xr CMS_verify 3
120	also applies to
121	.Fn CMS_decrypt .
122	.Sh SEE ALSO
123	.Xr CMS_encrypt 3 ,
124	.Xr ERR_get_error 3
125	.Sh HISTORY
126	.Fn CMS_decrypt
127	was added to OpenSSL 0.9.8.