1 files changed, 28 insertions, 15 deletions
diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3
index 5596aadcc2..579d58102f 100644
--- a/src/lib/libcrypto/man/CMS_decrypt.3
+++ b/src/lib/libcrypto/man/CMS_decrypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_decrypt.3,v 1.5 2019/08/12 15:34:41 schwarze Exp $
+.\" $OpenBSD: CMS_decrypt.3,v 1.6 2019/08/16 10:43:15 schwarze Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file is a derived work.
@@ -65,14 +65,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 12 2019 $
+.Dd $Mdocdate: August 16 2019 $
 .Dt CMS_DECRYPT 3
 .Os
 .Sh NAME
 .Nm CMS_decrypt ,
 .Nm CMS_decrypt_set1_pkey ,
 .Nm CMS_decrypt_set1_key
-.Nd decrypt content from a CMS envelopedData structure
+.Nd decrypt content from a CMS EnvelopedData structure
 .Sh SYNOPSIS
 .In openssl/cms.h
 .Ft int
@@ -100,7 +100,10 @@
 .Fc
 .Sh DESCRIPTION
 .Fn CMS_decrypt
-extracts and decrypts the content from a CMS EnvelopedData structure
+extracts and decrypts the content from the CMS
+.Vt EnvelopedData
+structure
+.Fa cms
 using the
 .Fa private_key
 and the
@@ -109,17 +112,17 @@ of the recipient.
 It writes the decrypted content to
 .Fa out .
 .Pp
-The
+In the rare case where the compressed content is detached, pass it in via
+.Fa dcont .
+For normal use, set
 .Fa dcont
-parameter is used in the rare case where the encrypted content is
+to
-detached.
-It will normally be set to
 .Dv NULL .
 .Pp
 Although the recipient's
 .Fa certificate
 is not needed to decrypt the data, it is needed to locate the
-appropriate (of possible several) recipients in the CMS structure.
+appropriate (of possibly several) recipients in the CMS structure.
 .Pp
 If the
 .Fa certificate
@@ -128,17 +131,17 @@ is set to
 all possible recipients are tried.
 This case however is problematic.
 To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
-padding) all recipients are tried whether they succeed or not.
+padding), all recipients are tried whether they succeed or not.
-If no recipient succeeds then a random symmetric key is used to decrypt
+If no recipient succeeds, a random symmetric key is used to decrypt
 the content: this will typically output garbage and may (but is not
 guaranteed to) ultimately return a padding error only.
 If
 .Fn CMS_decrypt
 just returned an error when all recipient encrypted keys failed to
-decrypt an attacker could use this in a timing attack.
+decrypt, an attacker could use this in a timing attack.
 If the special flag
 .Dv CMS_DEBUG_DECRYPT
-is set, then the above behaviour is modified and an error
+is set, the above behaviour is modified and an error
 .Em is
 returned if no recipient encrypted key can be decrypted
 .Em without
@@ -147,7 +150,7 @@ Applications should use this flag with extreme caution
 especially in automated gateways as it can leave them open to attack.
 .Pp
 It is possible to determine the correct recipient key by other means
-(for example looking them up in a database) and setting them in the
+(for example by looking them up in a database) and setting them in the
 .Fa cms
 structure in advance using the CMS utility functions such as
 .Fn CMS_decrypt_set1_pkey .
@@ -161,7 +164,9 @@ when calling
 .Fn CMS_decrypt
 later on.
 .Pp
-To process KEKRecipientInfo types,
+To process
+.Vt KEKRecipientInfo
+types,
 .Fn CMS_decrypt_set1_key
 or
 .Xr CMS_RecipientInfo_set0_key 3
@@ -195,6 +200,14 @@ The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_encrypt 3
+.Sh STANDARDS
+RFC 5652: Cryptographic Message Syntax (CMS)
+.Bl -dash -compact -offset indent
+.It
+section 6.1: EnvelopedData Type
+.It
+section 6.2.3: KEKRecipientInfo Type
+.El
 .Sh HISTORY
 .Fn CMS_decrypt ,
 .Fn CMS_decrypt_set1_pkey ,

diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3 index 5596aadcc2..579d58102f 100644 --- a/src/lib/libcrypto/man/CMS_decrypt.3 +++ b/src/lib/libcrypto/man/CMS_decrypt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_decrypt.3,v 1.5 2019/08/12 15:34:41 schwarze Exp $	1	.\" $OpenBSD: CMS_decrypt.3,v 1.6 2019/08/16 10:43:15 schwarze Exp $
2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -65,14 +65,14 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: August 12 2019 $	68	.Dd $Mdocdate: August 16 2019 $
69	.Dt CMS_DECRYPT 3	69	.Dt CMS_DECRYPT 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
72	.Nm CMS_decrypt ,	72	.Nm CMS_decrypt ,
73	.Nm CMS_decrypt_set1_pkey ,	73	.Nm CMS_decrypt_set1_pkey ,
74	.Nm CMS_decrypt_set1_key	74	.Nm CMS_decrypt_set1_key
75	.Nd decrypt content from a CMS envelopedData structure	75	.Nd decrypt content from a CMS EnvelopedData structure
76	.Sh SYNOPSIS	76	.Sh SYNOPSIS
77	.In openssl/cms.h	77	.In openssl/cms.h
78	.Ft int	78	.Ft int
@@ -100,7 +100,10 @@
100	.Fc	100	.Fc
101	.Sh DESCRIPTION	101	.Sh DESCRIPTION
102	.Fn CMS_decrypt	102	.Fn CMS_decrypt
103	extracts and decrypts the content from a CMS EnvelopedData structure	103	extracts and decrypts the content from the CMS
		104	.Vt EnvelopedData
		105	structure
		106	.Fa cms
104	using the	107	using the
105	.Fa private_key	108	.Fa private_key
106	and the	109	and the
@@ -109,17 +112,17 @@ of the recipient.
109	It writes the decrypted content to	112	It writes the decrypted content to
110	.Fa out .	113	.Fa out .
111	.Pp	114	.Pp
112	The	115	In the rare case where the compressed content is detached, pass it in via
		116	.Fa dcont .
		117	For normal use, set
113	.Fa dcont	118	.Fa dcont
114	parameter is used in the rare case where the encrypted content is	119	to
115	detached.
116	It will normally be set to
117	.Dv NULL .	120	.Dv NULL .
118	.Pp	121	.Pp
119	Although the recipient's	122	Although the recipient's
120	.Fa certificate	123	.Fa certificate
121	is not needed to decrypt the data, it is needed to locate the	124	is not needed to decrypt the data, it is needed to locate the
122	appropriate (of possible several) recipients in the CMS structure.	125	appropriate (of possibly several) recipients in the CMS structure.
123	.Pp	126	.Pp
124	If the	127	If the
125	.Fa certificate	128	.Fa certificate
@@ -128,17 +131,17 @@ is set to
128	all possible recipients are tried.	131	all possible recipients are tried.
129	This case however is problematic.	132	This case however is problematic.
130	To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA	133	To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA
131	padding) all recipients are tried whether they succeed or not.	134	padding), all recipients are tried whether they succeed or not.
132	If no recipient succeeds then a random symmetric key is used to decrypt	135	If no recipient succeeds, a random symmetric key is used to decrypt
133	the content: this will typically output garbage and may (but is not	136	the content: this will typically output garbage and may (but is not
134	guaranteed to) ultimately return a padding error only.	137	guaranteed to) ultimately return a padding error only.
135	If	138	If
136	.Fn CMS_decrypt	139	.Fn CMS_decrypt
137	just returned an error when all recipient encrypted keys failed to	140	just returned an error when all recipient encrypted keys failed to
138	decrypt an attacker could use this in a timing attack.	141	decrypt, an attacker could use this in a timing attack.
139	If the special flag	142	If the special flag
140	.Dv CMS_DEBUG_DECRYPT	143	.Dv CMS_DEBUG_DECRYPT
141	is set, then the above behaviour is modified and an error	144	is set, the above behaviour is modified and an error
142	.Em is	145	.Em is
143	returned if no recipient encrypted key can be decrypted	146	returned if no recipient encrypted key can be decrypted
144	.Em without	147	.Em without
@@ -147,7 +150,7 @@ Applications should use this flag with extreme caution
147	especially in automated gateways as it can leave them open to attack.	150	especially in automated gateways as it can leave them open to attack.
148	.Pp	151	.Pp
149	It is possible to determine the correct recipient key by other means	152	It is possible to determine the correct recipient key by other means
150	(for example looking them up in a database) and setting them in the	153	(for example by looking them up in a database) and setting them in the
151	.Fa cms	154	.Fa cms
152	structure in advance using the CMS utility functions such as	155	structure in advance using the CMS utility functions such as
153	.Fn CMS_decrypt_set1_pkey .	156	.Fn CMS_decrypt_set1_pkey .
@@ -161,7 +164,9 @@ when calling
161	.Fn CMS_decrypt	164	.Fn CMS_decrypt
162	later on.	165	later on.
163	.Pp	166	.Pp
164	To process KEKRecipientInfo types,	167	To process
		168	.Vt KEKRecipientInfo
		169	types,
165	.Fn CMS_decrypt_set1_key	170	.Fn CMS_decrypt_set1_key
166	or	171	or
167	.Xr CMS_RecipientInfo_set0_key 3	172	.Xr CMS_RecipientInfo_set0_key 3
@@ -195,6 +200,14 @@ The error can be obtained from
195	.Xr ERR_get_error 3 .	200	.Xr ERR_get_error 3 .
196	.Sh SEE ALSO	201	.Sh SEE ALSO
197	.Xr CMS_encrypt 3	202	.Xr CMS_encrypt 3
		203	.Sh STANDARDS
		204	RFC 5652: Cryptographic Message Syntax (CMS)
		205	.Bl -dash -compact -offset indent
		206	.It
		207	section 6.1: EnvelopedData Type
		208	.It
		209	section 6.2.3: KEKRecipientInfo Type
		210	.El
198	.Sh HISTORY	211	.Sh HISTORY
199	.Fn CMS_decrypt ,	212	.Fn CMS_decrypt ,
200	.Fn CMS_decrypt_set1_pkey ,	213	.Fn CMS_decrypt_set1_pkey ,