1 files changed, 190 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/CMS_encrypt.3 b/src/lib/libcrypto/man/CMS_encrypt.3
new file mode 100644
index 0000000000..8550de2c9f
--- /dev/null
+++ b/src/lib/libcrypto/man/CMS_encrypt.3
@@ -0,0 +1,190 @@
+.\" $OpenBSD: CMS_encrypt.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
+.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 10 2019 $
+.Dt CMS_ENCRYPT 3
+.Os
+.Sh NAME
+.Nm CMS_encrypt
+.Nd create a CMS envelopedData structure
+.Sh SYNOPSIS
+.In openssl/cms.h
+.Ft CMS_ContentInfo *
+.Fo CMS_encrypt
+.Fa "STACK_OF(X509) *certs"
+.Fa "BIO *in"
+.Fa "const EVP_CIPHER *cipher"
+.Fa "unsigned int flags"
+.Fc
+.Sh DESCRIPTION
+.Fn CMS_encrypt
+creates and returns a CMS EnvelopedData structure.
+.Fa certs
+is a list of recipient certificates.
+.Fa in
+is the content to be encrypted.
+.Fa cipher
+is the symmetric cipher to use.
+.Fa flags
+is an optional set of flags.
+.Pp
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
+by this function.
+.Pp
+.Xr EVP_des_ede3_cbc 3
+(triple DES) is the algorithm of choice for S/MIME use because most
+clients will support it.
+.Pp
+The algorithm passed in the
+.Fa cipher
+parameter must support ASN1 encoding of its parameters.
+.Pp
+Many browsers implement a "sign and encrypt" option which is simply an
+S/MIME envelopedData containing an S/MIME signed message.
+This can be readily produced by storing the S/MIME signed message in a
+memory BIO and passing it to
+.Fn CMS_encrypt .
+.Pp
+The following flags can be passed in the
+.Fa flags
+parameter:
+.Bl -tag -width Ds
+.It Dv CMS_TEXT
+MIME headers for type text/plain are prepended to the data.
+.It Dv CMS_BINARY
+Do not translate the supplied content into MIME canonical format
+even though that is required by the S/MIME specifications.
+This option should be used if the supplied data is in binary format.
+Otherwise, the translation will corrupt it.
+If
+.Dv CMS_BINARY
+is set, then
+.Dv CMS_TEXT
+is ignored.
+.It Dv CMS_USE_KEYID
+Use the subject key identifier value to identify recipient certificates.
+An error occurs if all recipient certificates do not have a subject key
+identifier extension.
+By default, issuer name and serial number are used instead.
+.It Dv CMS_STREAM
+Return a partial
+.Vt CMS_ContentInfo
+structure suitable for streaming I/O: no data is read from the BIO
+.Fa in .
+.It Dv CMS_PARTIAL
+Return a partial
+.Vt CMS_ContentInfo
+structure to which additional recipients and attributes can
+be added before finalization.
+.It Dv CMS_DETACHED
+Omit the data being encrypted from the
+.Vt CMS_ContentInfo
+structure.
+This is rarely used in practice and is not supported by
+.Xr SMIME_write_CMS 3 .
+.El
+.Pp
+If the flag
+.Dv CMS_STREAM
+is set, the returned
+.Vt CMS_ContentInfo
+structure is
+.Em not
+complete and outputting its contents via a function that does not
+properly finalize the
+.Vt CMS_ContentInfo
+structure will give unpredictable results.
+.Pp
+Several functions including
+.Xr SMIME_write_CMS 3 ,
+.Xr i2d_CMS_bio_stream 3 ,
+.Xr PEM_write_bio_CMS_stream 3
+finalize the structure.
+Alternatively finalization can be performed by obtaining the streaming
+ASN1
+.Vt BIO
+directly using
+.Xr BIO_new_CMS 3 .
+.Pp
+The recipients specified in
+.Fa certs
+use a CMS KeyTransRecipientInfo info structure.
+KEKRecipientInfo is also supported using the flag
+.Dv CMS_PARTIAL
+and
+.Xr CMS_add0_recipient_key 3 .
+.Pp
+The parameter
+.Fa certs
+may be
+.Dv NULL
+if
+.Dv CMS_PARTIAL
+is set and recipients are added later using
+.Xr CMS_add1_recipient_cert 3
+or
+.Xr CMS_add0_recipient_key 3 .
+.Sh RETURN VALUES
+.Fn CMS_encrypt
+returns either a
+.Vt CMS_ContentInfo
+structure or
+.Dv NULL
+if an error occurred.
+The error can be obtained from
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr CMS_decrypt 3
+.Sh HISTORY
+.Fn CMS_encrypt
+was added to OpenSSL 0.9.8.
+The
+.Sy CMS_STREAM
+flag was first supported in OpenSSL 1.0.0.

diff --git a/src/lib/libcrypto/man/CMS_encrypt.3 b/src/lib/libcrypto/man/CMS_encrypt.3 new file mode 100644 index 0000000000..8550de2c9f --- /dev/null +++ b/src/lib/libcrypto/man/CMS_encrypt.3
@@ -0,0 +1,190 @@
	1	.\" $OpenBSD: CMS_encrypt.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $
	2	.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
	5	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\"
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\"
	14	.\" 2. Redistributions in binary form must reproduce the above copyright
	15	.\" notice, this list of conditions and the following disclaimer in
	16	.\" the documentation and/or other materials provided with the
	17	.\" distribution.
	18	.\"
	19	.\" 3. All advertising materials mentioning features or use of this
	20	.\" software must display the following acknowledgment:
	21	.\" "This product includes software developed by the OpenSSL Project
	22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	.\"
	24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	.\" endorse or promote products derived from this software without
	26	.\" prior written permission. For written permission, please contact
	27	.\" openssl-core@openssl.org.
	28	.\"
	29	.\" 5. Products derived from this software may not be called "OpenSSL"
	30	.\" nor may "OpenSSL" appear in their names without prior written
	31	.\" permission of the OpenSSL Project.
	32	.\"
	33	.\" 6. Redistributions of any form whatsoever must retain the following
	34	.\" acknowledgment:
	35	.\" "This product includes software developed by the OpenSSL Project
	36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	.\"
	38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	50	.\"
	51	.Dd $Mdocdate: August 10 2019 $
	52	.Dt CMS_ENCRYPT 3
	53	.Os
	54	.Sh NAME
	55	.Nm CMS_encrypt
	56	.Nd create a CMS envelopedData structure
	57	.Sh SYNOPSIS
	58	.In openssl/cms.h
	59	.Ft CMS_ContentInfo *
	60	.Fo CMS_encrypt
	61	.Fa "STACK_OF(X509) *certs"
	62	.Fa "BIO *in"
	63	.Fa "const EVP_CIPHER *cipher"
	64	.Fa "unsigned int flags"
	65	.Fc
	66	.Sh DESCRIPTION
	67	.Fn CMS_encrypt
	68	creates and returns a CMS EnvelopedData structure.
	69	.Fa certs
	70	is a list of recipient certificates.
	71	.Fa in
	72	is the content to be encrypted.
	73	.Fa cipher
	74	is the symmetric cipher to use.
	75	.Fa flags
	76	is an optional set of flags.
	77	.Pp
	78	Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
	79	by this function.
	80	.Pp
	81	.Xr EVP_des_ede3_cbc 3
	82	(triple DES) is the algorithm of choice for S/MIME use because most
	83	clients will support it.
	84	.Pp
	85	The algorithm passed in the
	86	.Fa cipher
	87	parameter must support ASN1 encoding of its parameters.
	88	.Pp
	89	Many browsers implement a "sign and encrypt" option which is simply an
	90	S/MIME envelopedData containing an S/MIME signed message.
	91	This can be readily produced by storing the S/MIME signed message in a
	92	memory BIO and passing it to
	93	.Fn CMS_encrypt .
	94	.Pp
	95	The following flags can be passed in the
	96	.Fa flags
	97	parameter:
	98	.Bl -tag -width Ds
	99	.It Dv CMS_TEXT
	100	MIME headers for type text/plain are prepended to the data.
	101	.It Dv CMS_BINARY
	102	Do not translate the supplied content into MIME canonical format
	103	even though that is required by the S/MIME specifications.
	104	This option should be used if the supplied data is in binary format.
	105	Otherwise, the translation will corrupt it.
	106	If
	107	.Dv CMS_BINARY
	108	is set, then
	109	.Dv CMS_TEXT
	110	is ignored.
	111	.It Dv CMS_USE_KEYID
	112	Use the subject key identifier value to identify recipient certificates.
	113	An error occurs if all recipient certificates do not have a subject key
	114	identifier extension.
	115	By default, issuer name and serial number are used instead.
	116	.It Dv CMS_STREAM
	117	Return a partial
	118	.Vt CMS_ContentInfo
	119	structure suitable for streaming I/O: no data is read from the BIO
	120	.Fa in .
	121	.It Dv CMS_PARTIAL
	122	Return a partial
	123	.Vt CMS_ContentInfo
	124	structure to which additional recipients and attributes can
	125	be added before finalization.
	126	.It Dv CMS_DETACHED
	127	Omit the data being encrypted from the
	128	.Vt CMS_ContentInfo
	129	structure.
	130	This is rarely used in practice and is not supported by
	131	.Xr SMIME_write_CMS 3 .
	132	.El
	133	.Pp
	134	If the flag
	135	.Dv CMS_STREAM
	136	is set, the returned
	137	.Vt CMS_ContentInfo
	138	structure is
	139	.Em not
	140	complete and outputting its contents via a function that does not
	141	properly finalize the
	142	.Vt CMS_ContentInfo
	143	structure will give unpredictable results.
	144	.Pp
	145	Several functions including
	146	.Xr SMIME_write_CMS 3 ,
	147	.Xr i2d_CMS_bio_stream 3 ,
	148	.Xr PEM_write_bio_CMS_stream 3
	149	finalize the structure.
	150	Alternatively finalization can be performed by obtaining the streaming
	151	ASN1
	152	.Vt BIO
	153	directly using
	154	.Xr BIO_new_CMS 3 .
	155	.Pp
	156	The recipients specified in
	157	.Fa certs
	158	use a CMS KeyTransRecipientInfo info structure.
	159	KEKRecipientInfo is also supported using the flag
	160	.Dv CMS_PARTIAL
	161	and
	162	.Xr CMS_add0_recipient_key 3 .
	163	.Pp
	164	The parameter
	165	.Fa certs
	166	may be
	167	.Dv NULL
	168	if
	169	.Dv CMS_PARTIAL
	170	is set and recipients are added later using
	171	.Xr CMS_add1_recipient_cert 3
	172	or
	173	.Xr CMS_add0_recipient_key 3 .
	174	.Sh RETURN VALUES
	175	.Fn CMS_encrypt
	176	returns either a
	177	.Vt CMS_ContentInfo
	178	structure or
	179	.Dv NULL
	180	if an error occurred.
	181	The error can be obtained from
	182	.Xr ERR_get_error 3 .
	183	.Sh SEE ALSO
	184	.Xr CMS_decrypt 3
	185	.Sh HISTORY
	186	.Fn CMS_encrypt
	187	was added to OpenSSL 0.9.8.
	188	The
	189	.Sy CMS_STREAM
	190	flag was first supported in OpenSSL 1.0.0.