1 files changed, 169 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3
new file mode 100644
index 0000000000..de37b357a1
--- /dev/null
+++ b/src/lib/libcrypto/man/CMS_decrypt.3
@@ -0,0 +1,169 @@
+.\" $OpenBSD: CMS_decrypt.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
+.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2008, 2014 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 10 2019 $
+.Dt CMS_DECRYPT 3
+.Os
+.Sh NAME
+.Nm CMS_decrypt
+.Nd decrypt content from a CMS envelopedData structure
+.Sh SYNOPSIS
+.In openssl/cms.h
+.Ft int
+.Fo CMS_decrypt
+.Fa "CMS_ContentInfo *cms"
+.Fa "EVP_PKEY *pkey"
+.Fa "X509 *cert"
+.Fa "BIO *dcont"
+.Fa "BIO *out"
+.Fa "unsigned int flags"
+.Fc
+.Sh DESCRIPTION
+.Fn CMS_decrypt
+extracts and decrypts the content from a CMS EnvelopedData structure.
+.Fa pkey
+is the private key of the recipient,
+.Fa cert
+is the recipient's certificate,
+.Fa out
+is a
+.Vt BIO
+to write the content to and
+.Fa flags
+is an optional set of flags.
+.Pp
+The
+.Fa dcont
+parameter is used in the rare case where the encrypted content is
+detached.
+It will normally be set to
+.Dv NULL .
+.Pp
+Although the recipients certificate is not needed to decrypt the data it
+is needed to locate the appropriate (of possible several) recipients in
+the CMS structure.
+.Pp
+If
+.Fa cert
+is set to
+.Dv NULL ,
+all possible recipients are tried.
+This case however is problematic.
+To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
+padding) all recipients are tried whether they succeed or not.
+If no recipient succeeds then a random symmetric key is used to decrypt
+the content: this will typically output garbage and may (but is not
+guaranteed to) ultimately return a padding error only.
+If
+.Fn CMS_decrypt
+just returned an error when all recipient encrypted keys failed to
+decrypt an attacker could use this in a timing attack.
+If the special flag
+.Dv CMS_DEBUG_DECRYPT
+is set, then the above behaviour is modified and an error
+.Em is
+returned if no recipient encrypted key can be decrypted
+.Em without
+generating a random content encryption key.
+Applications should use this flag with extreme caution
+especially in automated gateways as it can leave them open to attack.
+.Pp
+It is possible to determine the correct recipient key by other means
+(for example looking them up in a database) and setting them in the CMS
+structure in advance using the CMS utility functions such as
+.Xr CMS_set1_pkey 3 .
+In this case both
+.Fa cert
+and
+.Fa pkey
+should be set to
+.Dv NULL .
+.Pp
+To process KEKRecipientInfo types,
+.Xr CMS_set1_key 3
+or
+.Xr CMS_RecipientInfo_set0_key 3
+and
+.Xr CMS_RecipientInfo_decrypt 3
+should be called before
+.Fn CMS_decrypt
+and
+.Fa cert
+and
+.Fa pkey
+set to
+.Dv NULL .
+.Pp
+The following flags can be passed in the
+.Fa flags
+parameter:
+.Pp
+If the
+.Dv CMS_TEXT
+flag is set, MIME headers for type text/plain
+are deleted from the content.
+If the content is not of type text/plain,
+then an error is returned.
+.Sh RETURN VALUES
+.Fn CMS_decrypt
+returns either 1 for success or 0 for failure.
+The error can be obtained from
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr CMS_encrypt 3
+.Sh HISTORY
+.Fn CMS_decrypt
+was added to OpenSSL 0.9.8.
+.Sh BUGS
+The lack of single pass processing and the need to hold all data in
+memory as mentioned in
+.Xr CMS_verify 3
+also applies to
+.Fn CMS_decrypt .

diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3 new file mode 100644 index 0000000000..de37b357a1 --- /dev/null +++ b/src/lib/libcrypto/man/CMS_decrypt.3
@@ -0,0 +1,169 @@
	1	.\" $OpenBSD: CMS_decrypt.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
	5	.\" Copyright (c) 2008, 2014 The OpenSSL Project. All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\"
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\"
	14	.\" 2. Redistributions in binary form must reproduce the above copyright
	15	.\" notice, this list of conditions and the following disclaimer in
	16	.\" the documentation and/or other materials provided with the
	17	.\" distribution.
	18	.\"
	19	.\" 3. All advertising materials mentioning features or use of this
	20	.\" software must display the following acknowledgment:
	21	.\" "This product includes software developed by the OpenSSL Project
	22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	.\"
	24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	.\" endorse or promote products derived from this software without
	26	.\" prior written permission. For written permission, please contact
	27	.\" openssl-core@openssl.org.
	28	.\"
	29	.\" 5. Products derived from this software may not be called "OpenSSL"
	30	.\" nor may "OpenSSL" appear in their names without prior written
	31	.\" permission of the OpenSSL Project.
	32	.\"
	33	.\" 6. Redistributions of any form whatsoever must retain the following
	34	.\" acknowledgment:
	35	.\" "This product includes software developed by the OpenSSL Project
	36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	.\"
	38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	50	.\"
	51	.Dd $Mdocdate: August 10 2019 $
	52	.Dt CMS_DECRYPT 3
	53	.Os
	54	.Sh NAME
	55	.Nm CMS_decrypt
	56	.Nd decrypt content from a CMS envelopedData structure
	57	.Sh SYNOPSIS
	58	.In openssl/cms.h
	59	.Ft int
	60	.Fo CMS_decrypt
	61	.Fa "CMS_ContentInfo *cms"
	62	.Fa "EVP_PKEY *pkey"
	63	.Fa "X509 *cert"
	64	.Fa "BIO *dcont"
	65	.Fa "BIO *out"
	66	.Fa "unsigned int flags"
	67	.Fc
	68	.Sh DESCRIPTION
	69	.Fn CMS_decrypt
	70	extracts and decrypts the content from a CMS EnvelopedData structure.
	71	.Fa pkey
	72	is the private key of the recipient,
	73	.Fa cert
	74	is the recipient's certificate,
	75	.Fa out
	76	is a
	77	.Vt BIO
	78	to write the content to and
	79	.Fa flags
	80	is an optional set of flags.
	81	.Pp
	82	The
	83	.Fa dcont
	84	parameter is used in the rare case where the encrypted content is
	85	detached.
	86	It will normally be set to
	87	.Dv NULL .
	88	.Pp
	89	Although the recipients certificate is not needed to decrypt the data it
	90	is needed to locate the appropriate (of possible several) recipients in
	91	the CMS structure.
	92	.Pp
	93	If
	94	.Fa cert
	95	is set to
	96	.Dv NULL ,
	97	all possible recipients are tried.
	98	This case however is problematic.
	99	To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
	100	padding) all recipients are tried whether they succeed or not.
	101	If no recipient succeeds then a random symmetric key is used to decrypt
	102	the content: this will typically output garbage and may (but is not
	103	guaranteed to) ultimately return a padding error only.
	104	If
	105	.Fn CMS_decrypt
	106	just returned an error when all recipient encrypted keys failed to
	107	decrypt an attacker could use this in a timing attack.
	108	If the special flag
	109	.Dv CMS_DEBUG_DECRYPT
	110	is set, then the above behaviour is modified and an error
	111	.Em is
	112	returned if no recipient encrypted key can be decrypted
	113	.Em without
	114	generating a random content encryption key.
	115	Applications should use this flag with extreme caution
	116	especially in automated gateways as it can leave them open to attack.
	117	.Pp
	118	It is possible to determine the correct recipient key by other means
	119	(for example looking them up in a database) and setting them in the CMS
	120	structure in advance using the CMS utility functions such as
	121	.Xr CMS_set1_pkey 3 .
	122	In this case both
	123	.Fa cert
	124	and
	125	.Fa pkey
	126	should be set to
	127	.Dv NULL .
	128	.Pp
	129	To process KEKRecipientInfo types,
	130	.Xr CMS_set1_key 3
	131	or
	132	.Xr CMS_RecipientInfo_set0_key 3
	133	and
	134	.Xr CMS_RecipientInfo_decrypt 3
	135	should be called before
	136	.Fn CMS_decrypt
	137	and
	138	.Fa cert
	139	and
	140	.Fa pkey
	141	set to
	142	.Dv NULL .
	143	.Pp
	144	The following flags can be passed in the
	145	.Fa flags
	146	parameter:
	147	.Pp
	148	If the
	149	.Dv CMS_TEXT
	150	flag is set, MIME headers for type text/plain
	151	are deleted from the content.
	152	If the content is not of type text/plain,
	153	then an error is returned.
	154	.Sh RETURN VALUES
	155	.Fn CMS_decrypt
	156	returns either 1 for success or 0 for failure.
	157	The error can be obtained from
	158	.Xr ERR_get_error 3 .
	159	.Sh SEE ALSO
	160	.Xr CMS_encrypt 3
	161	.Sh HISTORY
	162	.Fn CMS_decrypt
	163	was added to OpenSSL 0.9.8.
	164	.Sh BUGS
	165	The lack of single pass processing and the need to hold all data in
	166	memory as mentioned in
	167	.Xr CMS_verify 3
	168	also applies to
	169	.Fn CMS_decrypt .