1 files changed, 107 insertions, 17 deletions
diff --git a/src/lib/libcrypto/man/SMIME_write_CMS.3 b/src/lib/libcrypto/man/SMIME_write_CMS.3
index c2c6b77e53..5f4c43bb7c 100644
--- a/src/lib/libcrypto/man/SMIME_write_CMS.3
+++ b/src/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,7 +1,24 @@
-.\" $OpenBSD: SMIME_write_CMS.3,v 1.6 2021/12/13 17:24:39 schwarze Exp $
+.\" $OpenBSD: SMIME_write_CMS.3,v 1.9 2025/06/11 23:16:32 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2021, 2025 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,13 +65,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 13 2021 $
+.Dd $Mdocdate: June 11 2025 $
 .Dt SMIME_WRITE_CMS 3
 .Os
 .Sh NAME
 .Nm SMIME_write_CMS
 .Nd convert CMS structure to S/MIME format
 .Sh SYNOPSIS
+.Lb libcrypto
 .In openssl/cms.h
 .Ft int
 .Fo SMIME_write_CMS
@@ -65,21 +83,35 @@
 .Fc
 .Sh DESCRIPTION
 .Fn SMIME_write_CMS
-adds the appropriate MIME headers to the
+generates an S/MIME message on
-.Fa cms
+.Fa out
-structure to produce an S/MIME message and writes it to
+by writing MIME 1.0 headers
-.Fa out .
+followed by a BER- and base64-encoded serialization of
+.Fa cms .
+The BER encoding uses the DER format except as described for
+.Dv CMS_STREAM
+below.
 If streaming is enabled, the content must be supplied in the
 .Fa data
 argument.
 .Pp
-The following
+The
 .Fa flags
-can be passed:
+can be the logical OR of zero or more of the following bits:
 .Bl -tag -width Ds
 .It Dv CMS_DETACHED
-Use cleartext signing.
+Use cleartext signing and generate a
-This option only makes sense if
+.Qq multipart/signed
+S/MIME message.
+The content is read from
+.Fa data .
+If
+.Fa data
+is a
+.Dv NULL
+pointer, this flag is ignored.
+.Pp
+This flag is only supported if
 .Fa cms
 is of the type
 .Vt SignedData
@@ -94,13 +126,46 @@ is not set, the data must be read twice:
 once to compute the signature in
 .Xr CMS_sign 3
 and once to output the S/MIME message.
-.It Dv CMS_TEXT
+.Pp
-Add MIME headers for type text/plain to the content.
+If
-This only makes sense if
+.Dv CMS_DETACHED
+is ignored or not specified, the smime-type is chosen according to
+.Xr CMS_get0_type 3 :
+.Bl -tag -width Ds
+.It Dv NID_pkcs7_enveloped
+.Qq enveloped-data
+.It Dv NID_pkcs7_signed
+.Bl -tag -width Msigned-receiptM -compact
+.It Qq signed-receipt
+if
+.Xr CMS_get0_eContentType 3
+is
+.Dv NID_id_smime_ct_receipt
+.It Qq signed-data
+if
+.Fa cms
+specifies any digest algorithm
+.It Qq certs-only
+otherwise
+.El
+.It Dv NID_id_smime_ct_compressedData
+.Qq compressed-data
+.El
+.It Dv CMS_REUSE_DIGEST
+Skip the calls to
+.Xr CMS_dataInit 3
+and
+.Xr CMS_dataFinal 3 .
+This flag has no effect unless
 .Dv CMS_DETACHED
 is also set.
 .It Dv CMS_STREAM
-Perform streaming.
+Perform streaming by reading the content from
+.Fa data .
+This only works if
+.Dv CMS_DETACHED
+is not specified.
+.Pp
 This flag should only be set if
 .Dv CMS_STREAM
 was also passed to the function that created
@@ -111,17 +176,38 @@ constructed encoding except in the case of
 .Vt SignedData
 with detached content where the content is absent and DER format is
 used.
+.It Dv CMS_TEXT
+Prepend the line
+.Qq Content-Type: text/plain
+to the content.
+This only makes sense if
+.Dv CMS_DETACHED
+is also set.
+It is ignored if the flag
+.Dv SMIME_BINARY
+is also set.
+.It Dv SMIME_BINARY
+If specified, this flag is passed through to
+.Xr SMIME_crlf_copy 3 .
+.It Dv SMIME_CRLFEOL
+End MIME header lines with pairs of carriage return and newline characters.
+By default, no carriage return characters are written
+and header lines are ended with newline characters only.
 .El
 .Sh RETURN VALUES
 .Fn SMIME_write_CMS
-returns 1 for success or 0 for failure.
+is intended to return 1 on success or 0 on failure.
 .Sh SEE ALSO
+.Xr BIO_f_base64 3 ,
+.Xr BIO_new 3 ,
 .Xr CMS_ContentInfo_new 3 ,
 .Xr CMS_encrypt 3 ,
 .Xr CMS_sign 3 ,
 .Xr d2i_CMS_ContentInfo 3 ,
 .Xr ERR_get_error 3 ,
-.Xr SMIME_write_ASN1 3
+.Xr SMIME_crlf_copy 3 ,
+.Xr SMIME_read_CMS 3 ,
+.Xr SMIME_write_PKCS7 3
 .Sh HISTORY
 .Fn SMIME_write_CMS
 first appeared in OpenSSL 0.9.8h
@@ -129,5 +215,9 @@ and has been available since
 .Ox 6.7 .
 .Sh BUGS
 .Fn SMIME_write_CMS
+ignores most errors and is likely to return 1
+even after producing corrupt or incomplete output.
+.Pp
+.Fn SMIME_write_CMS
 always base64 encodes CMS structures.
 There should be an option to disable this.

diff --git a/src/lib/libcrypto/man/SMIME_write_CMS.3 b/src/lib/libcrypto/man/SMIME_write_CMS.3 index c2c6b77e53..5f4c43bb7c 100644 --- a/src/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/src/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,7 +1,24 @@
1	.\" $OpenBSD: SMIME_write_CMS.3,v 1.6 2021/12/13 17:24:39 schwarze Exp $	1	.\" $OpenBSD: SMIME_write_CMS.3,v 1.9 2025/06/11 23:16:32 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file is a derived work.
		5	.\" The changes are covered by the following Copyright and license:
		6	.\"
		7	.\" Copyright (c) 2021, 2025 Ingo Schwarze <schwarze@openbsd.org>
		8	.\"
		9	.\" Permission to use, copy, modify, and distribute this software for any
		10	.\" purpose with or without fee is hereby granted, provided that the above
		11	.\" copyright notice and this permission notice appear in all copies.
		12	.\"
		13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		20	.\"
		21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
5	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.	22	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.
6	.\"	23	.\"
7	.\" Redistribution and use in source and binary forms, with or without	24	.\" Redistribution and use in source and binary forms, with or without
@@ -48,13 +65,14 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	67	.\"
51	.Dd $Mdocdate: December 13 2021 $	68	.Dd $Mdocdate: June 11 2025 $
52	.Dt SMIME_WRITE_CMS 3	69	.Dt SMIME_WRITE_CMS 3
53	.Os	70	.Os
54	.Sh NAME	71	.Sh NAME
55	.Nm SMIME_write_CMS	72	.Nm SMIME_write_CMS
56	.Nd convert CMS structure to S/MIME format	73	.Nd convert CMS structure to S/MIME format
57	.Sh SYNOPSIS	74	.Sh SYNOPSIS
		75	.Lb libcrypto
58	.In openssl/cms.h	76	.In openssl/cms.h
59	.Ft int	77	.Ft int
60	.Fo SMIME_write_CMS	78	.Fo SMIME_write_CMS
@@ -65,21 +83,35 @@
65	.Fc	83	.Fc
66	.Sh DESCRIPTION	84	.Sh DESCRIPTION
67	.Fn SMIME_write_CMS	85	.Fn SMIME_write_CMS
68	adds the appropriate MIME headers to the	86	generates an S/MIME message on
69	.Fa cms	87	.Fa out
70	structure to produce an S/MIME message and writes it to	88	by writing MIME 1.0 headers
71	.Fa out .	89	followed by a BER- and base64-encoded serialization of
		90	.Fa cms .
		91	The BER encoding uses the DER format except as described for
		92	.Dv CMS_STREAM
		93	below.
72	If streaming is enabled, the content must be supplied in the	94	If streaming is enabled, the content must be supplied in the
73	.Fa data	95	.Fa data
74	argument.	96	argument.
75	.Pp	97	.Pp
76	The following	98	The
77	.Fa flags	99	.Fa flags
78	can be passed:	100	can be the logical OR of zero or more of the following bits:
79	.Bl -tag -width Ds	101	.Bl -tag -width Ds
80	.It Dv CMS_DETACHED	102	.It Dv CMS_DETACHED
81	Use cleartext signing.	103	Use cleartext signing and generate a
82	This option only makes sense if	104	.Qq multipart/signed
		105	S/MIME message.
		106	The content is read from
		107	.Fa data .
		108	If
		109	.Fa data
		110	is a
		111	.Dv NULL
		112	pointer, this flag is ignored.
		113	.Pp
		114	This flag is only supported if
83	.Fa cms	115	.Fa cms
84	is of the type	116	is of the type
85	.Vt SignedData	117	.Vt SignedData
@@ -94,13 +126,46 @@ is not set, the data must be read twice:
94	once to compute the signature in	126	once to compute the signature in
95	.Xr CMS_sign 3	127	.Xr CMS_sign 3
96	and once to output the S/MIME message.	128	and once to output the S/MIME message.
97	.It Dv CMS_TEXT	129	.Pp
98	Add MIME headers for type text/plain to the content.	130	If
99	This only makes sense if	131	.Dv CMS_DETACHED
		132	is ignored or not specified, the smime-type is chosen according to
		133	.Xr CMS_get0_type 3 :
		134	.Bl -tag -width Ds
		135	.It Dv NID_pkcs7_enveloped
		136	.Qq enveloped-data
		137	.It Dv NID_pkcs7_signed
		138	.Bl -tag -width Msigned-receiptM -compact
		139	.It Qq signed-receipt
		140	if
		141	.Xr CMS_get0_eContentType 3
		142	is
		143	.Dv NID_id_smime_ct_receipt
		144	.It Qq signed-data
		145	if
		146	.Fa cms
		147	specifies any digest algorithm
		148	.It Qq certs-only
		149	otherwise
		150	.El
		151	.It Dv NID_id_smime_ct_compressedData
		152	.Qq compressed-data
		153	.El
		154	.It Dv CMS_REUSE_DIGEST
		155	Skip the calls to
		156	.Xr CMS_dataInit 3
		157	and
		158	.Xr CMS_dataFinal 3 .
		159	This flag has no effect unless
100	.Dv CMS_DETACHED	160	.Dv CMS_DETACHED
101	is also set.	161	is also set.
102	.It Dv CMS_STREAM	162	.It Dv CMS_STREAM
103	Perform streaming.	163	Perform streaming by reading the content from
		164	.Fa data .
		165	This only works if
		166	.Dv CMS_DETACHED
		167	is not specified.
		168	.Pp
104	This flag should only be set if	169	This flag should only be set if
105	.Dv CMS_STREAM	170	.Dv CMS_STREAM
106	was also passed to the function that created	171	was also passed to the function that created
@@ -111,17 +176,38 @@ constructed encoding except in the case of
111	.Vt SignedData	176	.Vt SignedData
112	with detached content where the content is absent and DER format is	177	with detached content where the content is absent and DER format is
113	used.	178	used.
		179	.It Dv CMS_TEXT
		180	Prepend the line
		181	.Qq Content-Type: text/plain
		182	to the content.
		183	This only makes sense if
		184	.Dv CMS_DETACHED
		185	is also set.
		186	It is ignored if the flag
		187	.Dv SMIME_BINARY
		188	is also set.
		189	.It Dv SMIME_BINARY
		190	If specified, this flag is passed through to
		191	.Xr SMIME_crlf_copy 3 .
		192	.It Dv SMIME_CRLFEOL
		193	End MIME header lines with pairs of carriage return and newline characters.
		194	By default, no carriage return characters are written
		195	and header lines are ended with newline characters only.
114	.El	196	.El
115	.Sh RETURN VALUES	197	.Sh RETURN VALUES
116	.Fn SMIME_write_CMS	198	.Fn SMIME_write_CMS
117	returns 1 for success or 0 for failure.	199	is intended to return 1 on success or 0 on failure.
118	.Sh SEE ALSO	200	.Sh SEE ALSO
		201	.Xr BIO_f_base64 3 ,
		202	.Xr BIO_new 3 ,
119	.Xr CMS_ContentInfo_new 3 ,	203	.Xr CMS_ContentInfo_new 3 ,
120	.Xr CMS_encrypt 3 ,	204	.Xr CMS_encrypt 3 ,
121	.Xr CMS_sign 3 ,	205	.Xr CMS_sign 3 ,
122	.Xr d2i_CMS_ContentInfo 3 ,	206	.Xr d2i_CMS_ContentInfo 3 ,
123	.Xr ERR_get_error 3 ,	207	.Xr ERR_get_error 3 ,
124	.Xr SMIME_write_ASN1 3	208	.Xr SMIME_crlf_copy 3 ,
		209	.Xr SMIME_read_CMS 3 ,
		210	.Xr SMIME_write_PKCS7 3
125	.Sh HISTORY	211	.Sh HISTORY
126	.Fn SMIME_write_CMS	212	.Fn SMIME_write_CMS
127	first appeared in OpenSSL 0.9.8h	213	first appeared in OpenSSL 0.9.8h
@@ -129,5 +215,9 @@ and has been available since
129	.Ox 6.7 .	215	.Ox 6.7 .
130	.Sh BUGS	216	.Sh BUGS
131	.Fn SMIME_write_CMS	217	.Fn SMIME_write_CMS
		218	ignores most errors and is likely to return 1
		219	even after producing corrupt or incomplete output.
		220	.Pp
		221	.Fn SMIME_write_CMS
132	always base64 encodes CMS structures.	222	always base64 encodes CMS structures.
133	There should be an option to disable this.	223	There should be an option to disable this.