1 files changed, 55 insertions, 60 deletions
diff --git a/src/lib/libcrypto/man/CMS_encrypt.3 b/src/lib/libcrypto/man/CMS_encrypt.3
index a2e6b837ac..884615e06b 100644
--- a/src/lib/libcrypto/man/CMS_encrypt.3
+++ b/src/lib/libcrypto/man/CMS_encrypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_encrypt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $
+.\" $OpenBSD: CMS_encrypt.3,v 1.5 2019/08/16 11:30:10 schwarze Exp $
 .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,46 +48,59 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2019 $
+.Dd $Mdocdate: August 16 2019 $
 .Dt CMS_ENCRYPT 3
 .Os
 .Sh NAME
 .Nm CMS_encrypt
-.Nd create a CMS envelopedData structure
+.Nd create a CMS EnvelopedData structure
 .Sh SYNOPSIS
 .In openssl/cms.h
 .Ft CMS_ContentInfo *
 .Fo CMS_encrypt
-.Fa "STACK_OF(X509) *certs"
+.Fa "STACK_OF(X509) *certificates"
 .Fa "BIO *in"
 .Fa "const EVP_CIPHER *cipher"
 .Fa "unsigned int flags"
 .Fc
 .Sh DESCRIPTION
 .Fn CMS_encrypt
-creates and returns a CMS EnvelopedData structure.
+creates a CMS
-.Fa certs
+.Vt EnvelopedData
-is a list of recipient certificates.
+structure, encrypting the content provided by
-.Fa in
+.Fa in .
-is the content to be encrypted.
-.Fa cipher
-is the symmetric cipher to use.
-.Fa flags
-is an optional set of flags.
 .Pp
+The recipient
+.Fa certificates
+are added as
+.Vt KeyTransRecipientInfo
+structures by calling the function
+.Xr CMS_add1_recipient_cert 3
+internally.
 Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
 by this function.
+The
+.Fa certificates
+argument can be set to
+.Dv NULL
+if the
+.Dv CMS_PARTIAL
+flag is set and recipients are added later using
+.Xr CMS_add1_recipient_cert 3
+or
+.Xr CMS_add0_recipient_key 3 .
 .Pp
+.Fa cipher
+is the symmetric cipher to use.
+It must support ASN.1 encoding of its parameters.
 .Xr EVP_des_ede3_cbc 3
 (triple DES) is the algorithm of choice for S/MIME use because most
-clients will support it.
+clients support it.
-.Pp
-The algorithm passed in the
-.Fa cipher
-parameter must support ASN1 encoding of its parameters.
 .Pp
 Many browsers implement a "sign and encrypt" option which is simply an
-S/MIME envelopedData containing an S/MIME signed message.
+S/MIME
+.Vt EnvelopedData
+containing an S/MIME signed message.
 This can be readily produced by storing the S/MIME signed message in a
 memory BIO and passing it to
 .Fn CMS_encrypt .
@@ -118,6 +131,21 @@ Return a partial
 .Vt CMS_ContentInfo
 structure suitable for streaming I/O: no data is read from the BIO
 .Fa in .
+Several functions including
+.Xr SMIME_write_CMS 3 ,
+.Xr i2d_CMS_bio_stream 3 ,
+or
+.Xr PEM_write_bio_CMS_stream 3
+can be used  to finalize the structure.
+Alternatively, finalization can be performed by obtaining the streaming
+ASN1
+.Vt BIO
+directly using
+.Xr BIO_new_CMS 3 .
+Outputting the content of the returned
+.Vt CMS_ContentInfo
+structure via a function that does not properly finalize it
+will give unpredictable results.
 .It Dv CMS_PARTIAL
 Return a partial
 .Vt CMS_ContentInfo
@@ -130,47 +158,6 @@ structure.
 This is rarely used in practice and is not supported by
 .Xr SMIME_write_CMS 3 .
 .El
-.Pp
-If the flag
-.Dv CMS_STREAM
-is set, the returned
-.Vt CMS_ContentInfo
-structure is
-.Em not
-complete and outputting its contents via a function that does not
-properly finalize the
-.Vt CMS_ContentInfo
-structure will give unpredictable results.
-.Pp
-Several functions including
-.Xr SMIME_write_CMS 3 ,
-.Xr i2d_CMS_bio_stream 3 ,
-.Xr PEM_write_bio_CMS_stream 3
-finalize the structure.
-Alternatively finalization can be performed by obtaining the streaming
-ASN1
-.Vt BIO
-directly using
-.Xr BIO_new_CMS 3 .
-.Pp
-The recipients specified in
-.Fa certs
-use a CMS KeyTransRecipientInfo info structure.
-KEKRecipientInfo is also supported using the flag
-.Dv CMS_PARTIAL
-and
-.Xr CMS_add0_recipient_key 3 .
-.Pp
-The parameter
-.Fa certs
-may be
-.Dv NULL
-if
-.Dv CMS_PARTIAL
-is set and recipients are added later using
-.Xr CMS_add1_recipient_cert 3
-or
-.Xr CMS_add0_recipient_key 3 .
 .Sh RETURN VALUES
 .Fn CMS_encrypt
 returns either a
@@ -182,6 +169,14 @@ The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_decrypt 3
+.Sh STANDARDS
+RFC 5652: Cryptographic Message Syntax (CMS)
+.Bl -dash -compact -offset indent
+.It
+section 6.1: EnvelopedData Type
+.It
+section 6.2.1: KeyTransRecipientInfo Type
+.El
 .Sh HISTORY
 .Fn CMS_encrypt
 first appeared in OpenSSL 0.9.8h

diff --git a/src/lib/libcrypto/man/CMS_encrypt.3 b/src/lib/libcrypto/man/CMS_encrypt.3 index a2e6b837ac..884615e06b 100644 --- a/src/lib/libcrypto/man/CMS_encrypt.3 +++ b/src/lib/libcrypto/man/CMS_encrypt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_encrypt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $	1	.\" $OpenBSD: CMS_encrypt.3,v 1.5 2019/08/16 11:30:10 schwarze Exp $
2	.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100	2	.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,46 +48,59 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: August 11 2019 $	51	.Dd $Mdocdate: August 16 2019 $
52	.Dt CMS_ENCRYPT 3	52	.Dt CMS_ENCRYPT 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
55	.Nm CMS_encrypt	55	.Nm CMS_encrypt
56	.Nd create a CMS envelopedData structure	56	.Nd create a CMS EnvelopedData structure
57	.Sh SYNOPSIS	57	.Sh SYNOPSIS
58	.In openssl/cms.h	58	.In openssl/cms.h
59	.Ft CMS_ContentInfo *	59	.Ft CMS_ContentInfo *
60	.Fo CMS_encrypt	60	.Fo CMS_encrypt
61	.Fa "STACK_OF(X509) *certs"	61	.Fa "STACK_OF(X509) *certificates"
62	.Fa "BIO *in"	62	.Fa "BIO *in"
63	.Fa "const EVP_CIPHER *cipher"	63	.Fa "const EVP_CIPHER *cipher"
64	.Fa "unsigned int flags"	64	.Fa "unsigned int flags"
65	.Fc	65	.Fc
66	.Sh DESCRIPTION	66	.Sh DESCRIPTION
67	.Fn CMS_encrypt	67	.Fn CMS_encrypt
68	creates and returns a CMS EnvelopedData structure.	68	creates a CMS
69	.Fa certs	69	.Vt EnvelopedData
70	is a list of recipient certificates.	70	structure, encrypting the content provided by
71	.Fa in	71	.Fa in .
72	is the content to be encrypted.
73	.Fa cipher
74	is the symmetric cipher to use.
75	.Fa flags
76	is an optional set of flags.
77	.Pp	72	.Pp
		73	The recipient
		74	.Fa certificates
		75	are added as
		76	.Vt KeyTransRecipientInfo
		77	structures by calling the function
		78	.Xr CMS_add1_recipient_cert 3
		79	internally.
78	Only certificates carrying RSA, Diffie-Hellman or EC keys are supported	80	Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
79	by this function.	81	by this function.
		82	The
		83	.Fa certificates
		84	argument can be set to
		85	.Dv NULL
		86	if the
		87	.Dv CMS_PARTIAL
		88	flag is set and recipients are added later using
		89	.Xr CMS_add1_recipient_cert 3
		90	or
		91	.Xr CMS_add0_recipient_key 3 .
80	.Pp	92	.Pp
		93	.Fa cipher
		94	is the symmetric cipher to use.
		95	It must support ASN.1 encoding of its parameters.
81	.Xr EVP_des_ede3_cbc 3	96	.Xr EVP_des_ede3_cbc 3
82	(triple DES) is the algorithm of choice for S/MIME use because most	97	(triple DES) is the algorithm of choice for S/MIME use because most
83	clients will support it.	98	clients support it.
84	.Pp
85	The algorithm passed in the
86	.Fa cipher
87	parameter must support ASN1 encoding of its parameters.
88	.Pp	99	.Pp
89	Many browsers implement a "sign and encrypt" option which is simply an	100	Many browsers implement a "sign and encrypt" option which is simply an
90	S/MIME envelopedData containing an S/MIME signed message.	101	S/MIME
		102	.Vt EnvelopedData
		103	containing an S/MIME signed message.
91	This can be readily produced by storing the S/MIME signed message in a	104	This can be readily produced by storing the S/MIME signed message in a
92	memory BIO and passing it to	105	memory BIO and passing it to
93	.Fn CMS_encrypt .	106	.Fn CMS_encrypt .
@@ -118,6 +131,21 @@ Return a partial
118	.Vt CMS_ContentInfo	131	.Vt CMS_ContentInfo
119	structure suitable for streaming I/O: no data is read from the BIO	132	structure suitable for streaming I/O: no data is read from the BIO
120	.Fa in .	133	.Fa in .
		134	Several functions including
		135	.Xr SMIME_write_CMS 3 ,
		136	.Xr i2d_CMS_bio_stream 3 ,
		137	or
		138	.Xr PEM_write_bio_CMS_stream 3
		139	can be used to finalize the structure.
		140	Alternatively, finalization can be performed by obtaining the streaming
		141	ASN1
		142	.Vt BIO
		143	directly using
		144	.Xr BIO_new_CMS 3 .
		145	Outputting the content of the returned
		146	.Vt CMS_ContentInfo
		147	structure via a function that does not properly finalize it
		148	will give unpredictable results.
121	.It Dv CMS_PARTIAL	149	.It Dv CMS_PARTIAL
122	Return a partial	150	Return a partial
123	.Vt CMS_ContentInfo	151	.Vt CMS_ContentInfo
@@ -130,47 +158,6 @@ structure.
130	This is rarely used in practice and is not supported by	158	This is rarely used in practice and is not supported by
131	.Xr SMIME_write_CMS 3 .	159	.Xr SMIME_write_CMS 3 .
132	.El	160	.El
133	.Pp
134	If the flag
135	.Dv CMS_STREAM
136	is set, the returned
137	.Vt CMS_ContentInfo
138	structure is
139	.Em not
140	complete and outputting its contents via a function that does not
141	properly finalize the
142	.Vt CMS_ContentInfo
143	structure will give unpredictable results.
144	.Pp
145	Several functions including
146	.Xr SMIME_write_CMS 3 ,
147	.Xr i2d_CMS_bio_stream 3 ,
148	.Xr PEM_write_bio_CMS_stream 3
149	finalize the structure.
150	Alternatively finalization can be performed by obtaining the streaming
151	ASN1
152	.Vt BIO
153	directly using
154	.Xr BIO_new_CMS 3 .
155	.Pp
156	The recipients specified in
157	.Fa certs
158	use a CMS KeyTransRecipientInfo info structure.
159	KEKRecipientInfo is also supported using the flag
160	.Dv CMS_PARTIAL
161	and
162	.Xr CMS_add0_recipient_key 3 .
163	.Pp
164	The parameter
165	.Fa certs
166	may be
167	.Dv NULL
168	if
169	.Dv CMS_PARTIAL
170	is set and recipients are added later using
171	.Xr CMS_add1_recipient_cert 3
172	or
173	.Xr CMS_add0_recipient_key 3 .
174	.Sh RETURN VALUES	161	.Sh RETURN VALUES
175	.Fn CMS_encrypt	162	.Fn CMS_encrypt
176	returns either a	163	returns either a
@@ -182,6 +169,14 @@ The error can be obtained from
182	.Xr ERR_get_error 3 .	169	.Xr ERR_get_error 3 .
183	.Sh SEE ALSO	170	.Sh SEE ALSO
184	.Xr CMS_decrypt 3	171	.Xr CMS_decrypt 3
		172	.Sh STANDARDS
		173	RFC 5652: Cryptographic Message Syntax (CMS)
		174	.Bl -dash -compact -offset indent
		175	.It
		176	section 6.1: EnvelopedData Type
		177	.It
		178	section 6.2.1: KeyTransRecipientInfo Type
		179	.El
185	.Sh HISTORY	180	.Sh HISTORY
186	.Fn CMS_encrypt	181	.Fn CMS_encrypt
187	first appeared in OpenSSL 0.9.8h	182	first appeared in OpenSSL 0.9.8h