2 files changed, 181 insertions, 63 deletions
diff --git a/src/lib/libcrypto/man/SMIME_write_CMS.3 b/src/lib/libcrypto/man/SMIME_write_CMS.3
index 1a691fc29a..5f4c43bb7c 100644
--- a/src/lib/libcrypto/man/SMIME_write_CMS.3
+++ b/src/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,7 +1,24 @@
-.\" $OpenBSD: SMIME_write_CMS.3,v 1.8 2025/06/11 14:23:14 schwarze Exp $
+.\" $OpenBSD: SMIME_write_CMS.3,v 1.9 2025/06/11 23:16:32 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2021, 2025 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -66,21 +83,35 @@
 .Fc
 .Sh DESCRIPTION
 .Fn SMIME_write_CMS
-adds the appropriate MIME headers to the
+generates an S/MIME message on
-.Fa cms
+.Fa out
-structure to produce an S/MIME message and writes it to
+by writing MIME 1.0 headers
-.Fa out .
+followed by a BER- and base64-encoded serialization of
+.Fa cms .
+The BER encoding uses the DER format except as described for
+.Dv CMS_STREAM
+below.
 If streaming is enabled, the content must be supplied in the
 .Fa data
 argument.
 .Pp
-The following
+The
 .Fa flags
-can be passed:
+can be the logical OR of zero or more of the following bits:
 .Bl -tag -width Ds
 .It Dv CMS_DETACHED
-Use cleartext signing.
+Use cleartext signing and generate a
-This option only makes sense if
+.Qq multipart/signed
+S/MIME message.
+The content is read from
+.Fa data .
+If
+.Fa data
+is a
+.Dv NULL
+pointer, this flag is ignored.
+.Pp
+This flag is only supported if
 .Fa cms
 is of the type
 .Vt SignedData
@@ -95,13 +126,46 @@ is not set, the data must be read twice:
 once to compute the signature in
 .Xr CMS_sign 3
 and once to output the S/MIME message.
-.It Dv CMS_TEXT
+.Pp
-Add MIME headers for type text/plain to the content.
+If
-This only makes sense if
+.Dv CMS_DETACHED
+is ignored or not specified, the smime-type is chosen according to
+.Xr CMS_get0_type 3 :
+.Bl -tag -width Ds
+.It Dv NID_pkcs7_enveloped
+.Qq enveloped-data
+.It Dv NID_pkcs7_signed
+.Bl -tag -width Msigned-receiptM -compact
+.It Qq signed-receipt
+if
+.Xr CMS_get0_eContentType 3
+is
+.Dv NID_id_smime_ct_receipt
+.It Qq signed-data
+if
+.Fa cms
+specifies any digest algorithm
+.It Qq certs-only
+otherwise
+.El
+.It Dv NID_id_smime_ct_compressedData
+.Qq compressed-data
+.El
+.It Dv CMS_REUSE_DIGEST
+Skip the calls to
+.Xr CMS_dataInit 3
+and
+.Xr CMS_dataFinal 3 .
+This flag has no effect unless
 .Dv CMS_DETACHED
 is also set.
 .It Dv CMS_STREAM
-Perform streaming.
+Perform streaming by reading the content from
+.Fa data .
+This only works if
+.Dv CMS_DETACHED
+is not specified.
+.Pp
 This flag should only be set if
 .Dv CMS_STREAM
 was also passed to the function that created
@@ -112,6 +176,23 @@ constructed encoding except in the case of
 .Vt SignedData
 with detached content where the content is absent and DER format is
 used.
+.It Dv CMS_TEXT
+Prepend the line
+.Qq Content-Type: text/plain
+to the content.
+This only makes sense if
+.Dv CMS_DETACHED
+is also set.
+It is ignored if the flag
+.Dv SMIME_BINARY
+is also set.
+.It Dv SMIME_BINARY
+If specified, this flag is passed through to
+.Xr SMIME_crlf_copy 3 .
+.It Dv SMIME_CRLFEOL
+End MIME header lines with pairs of carriage return and newline characters.
+By default, no carriage return characters are written
+and header lines are ended with newline characters only.
 .El
 .Sh RETURN VALUES
 .Fn SMIME_write_CMS
diff --git a/src/lib/libcrypto/man/SMIME_write_PKCS7.3 b/src/lib/libcrypto/man/SMIME_write_PKCS7.3
index 72200c0b1b..5e344d9c63 100644
--- a/src/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/src/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -1,10 +1,10 @@
-.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.11 2025/06/11 14:23:14 schwarze Exp $
+.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.12 2025/06/11 23:16:32 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2021, 2025 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -84,48 +84,81 @@
 .Fc
 .Sh DESCRIPTION
 .Fn SMIME_write_PKCS7
-adds the appropriate MIME headers to a PKCS#7 structure to produce an
+generates an S/MIME message on
-S/MIME message.
-.Pp
 .Fa out
-is the
+by writing MIME 1.0 headers
-.Vt BIO
+followed by a BER- and base64-encoded serialization of
-to write the data to.
+.Fa p7 .
-.Fa p7
+The BER encoding uses the DER format except as described for
-is the appropriate
+.Dv PKCS7_STREAM
-.Vt PKCS7
+below.
-structure.
 If streaming is enabled, then the content must be supplied in the
 .Fa data
 argument.
-.Fa flags
-is an optional set of flags.
 .Pp
-The following flags can be passed in the
+The
 .Fa flags
-parameter.
+can be the logical OR of zero or more of the following bits:
-.Pp
+.Bl -tag -width Ds
+.It Dv PKCS7_DETACHED
+Use cleartext signing and generate a
+.Qq multipart/signed
+S/MIME message.
+The content is read from
+.Fa data .
 If
-.Dv PKCS7_DETACHED
+.Fa data
-is set, then cleartext signing will be used.
+is a
-This option only makes sense for signedData where
+.Dv NULL
+pointer, this flag is ignored.
+.Pp
+This flag is only supported for signedData where
 .Dv PKCS7_DETACHED
 is also set when
 .Xr PKCS7_sign 3
-is also called.
+is called.
 .Pp
-If the
+If
-.Dv PKCS7_TEXT
+.Dv PKCS7_STREAM
-flag is set, MIME headers for type
+is not set, the data must be read twice: once to compute the
-.Sy text/plain
+signature in
-are added to the content.
+.Xr PKCS7_sign 3
-This only makes sense if
+and once to output the S/MIME message.
+.Pp
+If
+.Dv PKCS7_DETACHED
+is ignored or not specified, the smime-type is chosen according to the type of
+.Fa p7 :
+.Bl -tag -width Ds
+.It Dv NID_pkcs7_enveloped
+.Qq enveloped-data
+.It Dv NID_pkcs7_signed
+.Bl -tag -width Msigned-dataM -compact
+.It Qq signed-data
+if
+.Fa p7
+specifies any digest algorithm
+.It Qq certs-only
+otherwise
+.El
+.It Dv NID_id_smime_ct_compressedData
+.Qq compressed-data
+.El
+.It Dv PKCS7_REUSE_DIGEST
+Skip the calls to
+.Xr PKCS7_dataInit 3
+and
+.Xr PKCS7_dataFinal 3 .
+This flag has no effect unless
 .Dv PKCS7_DETACHED
 is also set.
+.It Dv PKCS7_STREAM
+Perform streaming by reading the content from
+.Fa data .
+This only works if
+.Dv PKCS7_DETACHED
+is not specified.
 .Pp
-If the
-.Dv PKCS7_STREAM
-flag is set, streaming is performed.
 This flag should only be set if
 .Dv PKCS7_STREAM
 was also set in the previous call to
@@ -133,13 +166,28 @@ was also set in the previous call to
 or
 .Xr PKCS7_encrypt 3 .
 .Pp
-The bit
+The content is output in BER format using indefinite length constructed
-.Dv SMIME_OLDMIME
+encoding except in the case of signed data with detached content
-is inverted before passing on the
+where the content is absent and DER format is used.
-.Fa flags
+.It Dv PKCS7_TEXT
-to
+Prepend the line
-.Xr SMIME_write_ASN1 3 .
+.Qq Content-Type: text/plain
-Consequently, if this bit is set in the
+to the content.
+This only makes sense if
+.Dv PKCS7_DETACHED
+is also set.
+It is ignored if the flag
+.Dv SMIME_BINARY
+is also set.
+.It Dv SMIME_BINARY
+If specified, this flag is passed through to
+.Xr SMIME_crlf_copy 3 .
+.It Dv SMIME_CRLFEOL
+End MIME header lines with pairs of carriage return and newline characters.
+By default, no carriage return characters are written
+and header lines are ended with newline characters only.
+.It Dv SMIME_OLDMIME
+If this bit is set in the
 .Fa flags
 argument,
 .Qq application/pkcs7-mime
@@ -151,18 +199,7 @@ Otherwise,
 or
 .Qq application/x-pkcs7-signature
 is used.
-.Pp
+.El
-If cleartext signing is being used and
-.Dv PKCS7_STREAM
-is not set, then the data must be read twice: once to compute the
-signature in
-.Xr PKCS7_sign 3
-and once to output the S/MIME message.
-.Pp
-If streaming is performed, the content is output in BER format using
-indefinite length constructed encoding except in the case of signed
-data with detached content where the content is absent and DER
-format is used.
 .Sh RETURN VALUES
 .Fn SMIME_write_PKCS7
 is intended to return 1 on success or 0 on failure.

diff --git a/src/lib/libcrypto/man/SMIME_write_CMS.3 b/src/lib/libcrypto/man/SMIME_write_CMS.3 index 1a691fc29a..5f4c43bb7c 100644 --- a/src/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/src/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,7 +1,24 @@
1	.\" $OpenBSD: SMIME_write_CMS.3,v 1.8 2025/06/11 14:23:14 schwarze Exp $	1	.\" $OpenBSD: SMIME_write_CMS.3,v 1.9 2025/06/11 23:16:32 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file is a derived work.
		5	.\" The changes are covered by the following Copyright and license:
		6	.\"
		7	.\" Copyright (c) 2021, 2025 Ingo Schwarze <schwarze@openbsd.org>
		8	.\"
		9	.\" Permission to use, copy, modify, and distribute this software for any
		10	.\" purpose with or without fee is hereby granted, provided that the above
		11	.\" copyright notice and this permission notice appear in all copies.
		12	.\"
		13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		20	.\"
		21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
5	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.	22	.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved.
6	.\"	23	.\"
7	.\" Redistribution and use in source and binary forms, with or without	24	.\" Redistribution and use in source and binary forms, with or without
@@ -66,21 +83,35 @@
66	.Fc	83	.Fc
67	.Sh DESCRIPTION	84	.Sh DESCRIPTION
68	.Fn SMIME_write_CMS	85	.Fn SMIME_write_CMS
69	adds the appropriate MIME headers to the	86	generates an S/MIME message on
70	.Fa cms	87	.Fa out
71	structure to produce an S/MIME message and writes it to	88	by writing MIME 1.0 headers
72	.Fa out .	89	followed by a BER- and base64-encoded serialization of
		90	.Fa cms .
		91	The BER encoding uses the DER format except as described for
		92	.Dv CMS_STREAM
		93	below.
73	If streaming is enabled, the content must be supplied in the	94	If streaming is enabled, the content must be supplied in the
74	.Fa data	95	.Fa data
75	argument.	96	argument.
76	.Pp	97	.Pp
77	The following	98	The
78	.Fa flags	99	.Fa flags
79	can be passed:	100	can be the logical OR of zero or more of the following bits:
80	.Bl -tag -width Ds	101	.Bl -tag -width Ds
81	.It Dv CMS_DETACHED	102	.It Dv CMS_DETACHED
82	Use cleartext signing.	103	Use cleartext signing and generate a
83	This option only makes sense if	104	.Qq multipart/signed
		105	S/MIME message.
		106	The content is read from
		107	.Fa data .
		108	If
		109	.Fa data
		110	is a
		111	.Dv NULL
		112	pointer, this flag is ignored.
		113	.Pp
		114	This flag is only supported if
84	.Fa cms	115	.Fa cms
85	is of the type	116	is of the type
86	.Vt SignedData	117	.Vt SignedData
@@ -95,13 +126,46 @@ is not set, the data must be read twice:
95	once to compute the signature in	126	once to compute the signature in
96	.Xr CMS_sign 3	127	.Xr CMS_sign 3
97	and once to output the S/MIME message.	128	and once to output the S/MIME message.
98	.It Dv CMS_TEXT	129	.Pp
99	Add MIME headers for type text/plain to the content.	130	If
100	This only makes sense if	131	.Dv CMS_DETACHED
		132	is ignored or not specified, the smime-type is chosen according to
		133	.Xr CMS_get0_type 3 :
		134	.Bl -tag -width Ds
		135	.It Dv NID_pkcs7_enveloped
		136	.Qq enveloped-data
		137	.It Dv NID_pkcs7_signed
		138	.Bl -tag -width Msigned-receiptM -compact
		139	.It Qq signed-receipt
		140	if
		141	.Xr CMS_get0_eContentType 3
		142	is
		143	.Dv NID_id_smime_ct_receipt
		144	.It Qq signed-data
		145	if
		146	.Fa cms
		147	specifies any digest algorithm
		148	.It Qq certs-only
		149	otherwise
		150	.El
		151	.It Dv NID_id_smime_ct_compressedData
		152	.Qq compressed-data
		153	.El
		154	.It Dv CMS_REUSE_DIGEST
		155	Skip the calls to
		156	.Xr CMS_dataInit 3
		157	and
		158	.Xr CMS_dataFinal 3 .
		159	This flag has no effect unless
101	.Dv CMS_DETACHED	160	.Dv CMS_DETACHED
102	is also set.	161	is also set.
103	.It Dv CMS_STREAM	162	.It Dv CMS_STREAM
104	Perform streaming.	163	Perform streaming by reading the content from
		164	.Fa data .
		165	This only works if
		166	.Dv CMS_DETACHED
		167	is not specified.
		168	.Pp
105	This flag should only be set if	169	This flag should only be set if
106	.Dv CMS_STREAM	170	.Dv CMS_STREAM
107	was also passed to the function that created	171	was also passed to the function that created
@@ -112,6 +176,23 @@ constructed encoding except in the case of
112	.Vt SignedData	176	.Vt SignedData
113	with detached content where the content is absent and DER format is	177	with detached content where the content is absent and DER format is
114	used.	178	used.
		179	.It Dv CMS_TEXT
		180	Prepend the line
		181	.Qq Content-Type: text/plain
		182	to the content.
		183	This only makes sense if
		184	.Dv CMS_DETACHED
		185	is also set.
		186	It is ignored if the flag
		187	.Dv SMIME_BINARY
		188	is also set.
		189	.It Dv SMIME_BINARY
		190	If specified, this flag is passed through to
		191	.Xr SMIME_crlf_copy 3 .
		192	.It Dv SMIME_CRLFEOL
		193	End MIME header lines with pairs of carriage return and newline characters.
		194	By default, no carriage return characters are written
		195	and header lines are ended with newline characters only.
115	.El	196	.El
116	.Sh RETURN VALUES	197	.Sh RETURN VALUES
117	.Fn SMIME_write_CMS	198	.Fn SMIME_write_CMS


diff --git a/src/lib/libcrypto/man/SMIME_write_PKCS7.3 b/src/lib/libcrypto/man/SMIME_write_PKCS7.3 index 72200c0b1b..5e344d9c63 100644 --- a/src/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/src/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -1,10 +1,10 @@
1	.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.11 2025/06/11 14:23:14 schwarze Exp $	1	.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.12 2025/06/11 23:16:32 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
5	.\" The changes are covered by the following Copyright and license:	5	.\" The changes are covered by the following Copyright and license:
6	.\"	6	.\"
7	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	7	.\" Copyright (c) 2021, 2025 Ingo Schwarze <schwarze@openbsd.org>
8	.\"	8	.\"
9	.\" Permission to use, copy, modify, and distribute this software for any	9	.\" Permission to use, copy, modify, and distribute this software for any
10	.\" purpose with or without fee is hereby granted, provided that the above	10	.\" purpose with or without fee is hereby granted, provided that the above
@@ -84,48 +84,81 @@
84	.Fc	84	.Fc
85	.Sh DESCRIPTION	85	.Sh DESCRIPTION
86	.Fn SMIME_write_PKCS7	86	.Fn SMIME_write_PKCS7
87	adds the appropriate MIME headers to a PKCS#7 structure to produce an	87	generates an S/MIME message on
88	S/MIME message.
89	.Pp
90	.Fa out	88	.Fa out
91	is the	89	by writing MIME 1.0 headers
92	.Vt BIO	90	followed by a BER- and base64-encoded serialization of
93	to write the data to.	91	.Fa p7 .
94	.Fa p7	92	The BER encoding uses the DER format except as described for
95	is the appropriate	93	.Dv PKCS7_STREAM
96	.Vt PKCS7	94	below.
97	structure.
98	If streaming is enabled, then the content must be supplied in the	95	If streaming is enabled, then the content must be supplied in the
99	.Fa data	96	.Fa data
100	argument.	97	argument.
101	.Fa flags
102	is an optional set of flags.
103	.Pp	98	.Pp
104	The following flags can be passed in the	99	The
105	.Fa flags	100	.Fa flags
106	parameter.	101	can be the logical OR of zero or more of the following bits:
107	.Pp	102	.Bl -tag -width Ds
		103	.It Dv PKCS7_DETACHED
		104	Use cleartext signing and generate a
		105	.Qq multipart/signed
		106	S/MIME message.
		107	The content is read from
		108	.Fa data .
108	If	109	If
109	.Dv PKCS7_DETACHED	110	.Fa data
110	is set, then cleartext signing will be used.	111	is a
111	This option only makes sense for signedData where	112	.Dv NULL
		113	pointer, this flag is ignored.
		114	.Pp
		115	This flag is only supported for signedData where
112	.Dv PKCS7_DETACHED	116	.Dv PKCS7_DETACHED
113	is also set when	117	is also set when
114	.Xr PKCS7_sign 3	118	.Xr PKCS7_sign 3
115	is also called.	119	is called.
116	.Pp	120	.Pp
117	If the	121	If
118	.Dv PKCS7_TEXT	122	.Dv PKCS7_STREAM
119	flag is set, MIME headers for type	123	is not set, the data must be read twice: once to compute the
120	.Sy text/plain	124	signature in
121	are added to the content.	125	.Xr PKCS7_sign 3
122	This only makes sense if	126	and once to output the S/MIME message.
		127	.Pp
		128	If
		129	.Dv PKCS7_DETACHED
		130	is ignored or not specified, the smime-type is chosen according to the type of
		131	.Fa p7 :
		132	.Bl -tag -width Ds
		133	.It Dv NID_pkcs7_enveloped
		134	.Qq enveloped-data
		135	.It Dv NID_pkcs7_signed
		136	.Bl -tag -width Msigned-dataM -compact
		137	.It Qq signed-data
		138	if
		139	.Fa p7
		140	specifies any digest algorithm
		141	.It Qq certs-only
		142	otherwise
		143	.El
		144	.It Dv NID_id_smime_ct_compressedData
		145	.Qq compressed-data
		146	.El
		147	.It Dv PKCS7_REUSE_DIGEST
		148	Skip the calls to
		149	.Xr PKCS7_dataInit 3
		150	and
		151	.Xr PKCS7_dataFinal 3 .
		152	This flag has no effect unless
123	.Dv PKCS7_DETACHED	153	.Dv PKCS7_DETACHED
124	is also set.	154	is also set.
		155	.It Dv PKCS7_STREAM
		156	Perform streaming by reading the content from
		157	.Fa data .
		158	This only works if
		159	.Dv PKCS7_DETACHED
		160	is not specified.
125	.Pp	161	.Pp
126	If the
127	.Dv PKCS7_STREAM
128	flag is set, streaming is performed.
129	This flag should only be set if	162	This flag should only be set if
130	.Dv PKCS7_STREAM	163	.Dv PKCS7_STREAM
131	was also set in the previous call to	164	was also set in the previous call to
@@ -133,13 +166,28 @@ was also set in the previous call to
133	or	166	or
134	.Xr PKCS7_encrypt 3 .	167	.Xr PKCS7_encrypt 3 .
135	.Pp	168	.Pp
136	The bit	169	The content is output in BER format using indefinite length constructed
137	.Dv SMIME_OLDMIME	170	encoding except in the case of signed data with detached content
138	is inverted before passing on the	171	where the content is absent and DER format is used.
139	.Fa flags	172	.It Dv PKCS7_TEXT
140	to	173	Prepend the line
141	.Xr SMIME_write_ASN1 3 .	174	.Qq Content-Type: text/plain
142	Consequently, if this bit is set in the	175	to the content.
		176	This only makes sense if
		177	.Dv PKCS7_DETACHED
		178	is also set.
		179	It is ignored if the flag
		180	.Dv SMIME_BINARY
		181	is also set.
		182	.It Dv SMIME_BINARY
		183	If specified, this flag is passed through to
		184	.Xr SMIME_crlf_copy 3 .
		185	.It Dv SMIME_CRLFEOL
		186	End MIME header lines with pairs of carriage return and newline characters.
		187	By default, no carriage return characters are written
		188	and header lines are ended with newline characters only.
		189	.It Dv SMIME_OLDMIME
		190	If this bit is set in the
143	.Fa flags	191	.Fa flags
144	argument,	192	argument,
145	.Qq application/pkcs7-mime	193	.Qq application/pkcs7-mime
@@ -151,18 +199,7 @@ Otherwise,
151	or	199	or
152	.Qq application/x-pkcs7-signature	200	.Qq application/x-pkcs7-signature
153	is used.	201	is used.
154	.Pp	202	.El
155	If cleartext signing is being used and
156	.Dv PKCS7_STREAM
157	is not set, then the data must be read twice: once to compute the
158	signature in
159	.Xr PKCS7_sign 3
160	and once to output the S/MIME message.
161	.Pp
162	If streaming is performed, the content is output in BER format using
163	indefinite length constructed encoding except in the case of signed
164	data with detached content where the content is absent and DER
165	format is used.
166	.Sh RETURN VALUES	203	.Sh RETURN VALUES
167	.Fn SMIME_write_PKCS7	204	.Fn SMIME_write_PKCS7
168	is intended to return 1 on success or 0 on failure.	205	is intended to return 1 on success or 0 on failure.