1 files changed, 83 insertions, 43 deletions
diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3
index 5433411a39..5596aadcc2 100644
--- a/src/lib/libcrypto/man/CMS_decrypt.3
+++ b/src/lib/libcrypto/man/CMS_decrypt.3
@@ -1,7 +1,24 @@
-.\" $OpenBSD: CMS_decrypt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $
+.\" $OpenBSD: CMS_decrypt.3,v 1.5 2019/08/12 15:34:41 schwarze Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2008, 2014 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,36 +65,49 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2019 $
+.Dd $Mdocdate: August 12 2019 $
 .Dt CMS_DECRYPT 3
 .Os
 .Sh NAME
-.Nm CMS_decrypt
+.Nm CMS_decrypt ,
+.Nm CMS_decrypt_set1_pkey ,
+.Nm CMS_decrypt_set1_key
 .Nd decrypt content from a CMS envelopedData structure
 .Sh SYNOPSIS
 .In openssl/cms.h
 .Ft int
 .Fo CMS_decrypt
 .Fa "CMS_ContentInfo *cms"
-.Fa "EVP_PKEY *pkey"
+.Fa "EVP_PKEY *private_key"
-.Fa "X509 *cert"
+.Fa "X509 *certificate"
 .Fa "BIO *dcont"
 .Fa "BIO *out"
 .Fa "unsigned int flags"
 .Fc
+.Ft int
+.Fo CMS_decrypt_set1_pkey
+.Fa "CMS_ContentInfo *cms"
+.Fa "EVP_PKEY *private_key"
+.Fa "X509 *certificate"
+.Fc
+.Ft int
+.Fo CMS_decrypt_set1_key
+.Fa "CMS_ContentInfo *cms"
+.Fa "unsigned char *symmetric_key"
+.Fa "size_t keylen"
+.Fa "const unsigned char *id"
+.Fa "size_t idlen"
+.Fc
 .Sh DESCRIPTION
 .Fn CMS_decrypt
-extracts and decrypts the content from a CMS EnvelopedData structure.
+extracts and decrypts the content from a CMS EnvelopedData structure
-.Fa pkey
+using the
-is the private key of the recipient,
+.Fa private_key
-.Fa cert
+and the
-is the recipient's certificate,
+.Fa certificate
-.Fa out
+of the recipient.
-is a
+It writes the decrypted content to
-.Vt BIO
+.Fa out .
-to write the content to and
-.Fa flags
-is an optional set of flags.
 .Pp
 The
 .Fa dcont
@@ -86,12 +116,13 @@ detached.
 It will normally be set to
 .Dv NULL .
 .Pp
-Although the recipients certificate is not needed to decrypt the data it
+Although the recipient's
-is needed to locate the appropriate (of possible several) recipients in
+.Fa certificate
-the CMS structure.
+is not needed to decrypt the data, it is needed to locate the
+appropriate (of possible several) recipients in the CMS structure.
 .Pp
-If
+If the
-.Fa cert
+.Fa certificate
 is set to
 .Dv NULL ,
 all possible recipients are tried.
@@ -116,18 +147,22 @@ Applications should use this flag with extreme caution
 especially in automated gateways as it can leave them open to attack.
 .Pp
 It is possible to determine the correct recipient key by other means
-(for example looking them up in a database) and setting them in the CMS
+(for example looking them up in a database) and setting them in the
+.Fa cms
 structure in advance using the CMS utility functions such as
-.Xr CMS_set1_pkey 3 .
+.Fn CMS_decrypt_set1_pkey .
 In this case both
-.Fa cert
+.Fa certificate
 and
-.Fa pkey
+.Fa private_key
 should be set to
-.Dv NULL .
+.Dv NULL
+when calling
+.Fn CMS_decrypt
+later on.
 .Pp
 To process KEKRecipientInfo types,
-.Xr CMS_set1_key 3
+.Fn CMS_decrypt_set1_key
 or
 .Xr CMS_RecipientInfo_set0_key 3
 and
@@ -135,33 +170,38 @@ and
 should be called before
 .Fn CMS_decrypt
 and
-.Fa cert
+.Fa certificate
 and
-.Fa pkey
+.Fa private_key
 set to
-.Dv NULL .
+.Dv NULL
-.Pp
+when calling
-The following flags can be passed in the
+.Fn CMS_decrypt
-.Fa flags
+later on.
-parameter:
 .Pp
 If the
 .Dv CMS_TEXT
-flag is set, MIME headers for type text/plain
+bit is set in
-are deleted from the content.
+.Fa flags ,
-If the content is not of type text/plain,
+MIME headers for type text/plain are deleted from the content.
-then an error is returned.
+If the content is not of type text/plain, an error occurs.
 .Sh RETURN VALUES
-.Fn CMS_decrypt
+.Fn CMS_decrypt ,
-returns either 1 for success or 0 for failure.
+.Fn CMS_decrypt_set1_pkey ,
+and
+.Fn CMS_decrypt_set1_key
+return 1 for success or 0 for failure.
 The error can be obtained from
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr CMS_encrypt 3
 .Sh HISTORY
-.Fn CMS_decrypt
+.Fn CMS_decrypt ,
+.Fn CMS_decrypt_set1_pkey ,
+and
+.Fn CMS_decrypt_set1_key
 first appeared in OpenSSL 0.9.8h
-and has been available since
+and have been available since
 .Ox 6.6 .
 .Sh BUGS
 The lack of single pass processing and the need to hold all data in

diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3 index 5433411a39..5596aadcc2 100644 --- a/src/lib/libcrypto/man/CMS_decrypt.3 +++ b/src/lib/libcrypto/man/CMS_decrypt.3
@@ -1,7 +1,24 @@
1	.\" $OpenBSD: CMS_decrypt.3,v 1.4 2019/08/11 12:46:38 schwarze Exp $	1	.\" $OpenBSD: CMS_decrypt.3,v 1.5 2019/08/12 15:34:41 schwarze Exp $
2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100	2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file is a derived work.
		5	.\" The changes are covered by the following Copyright and license:
		6	.\"
		7	.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
		8	.\"
		9	.\" Permission to use, copy, modify, and distribute this software for any
		10	.\" purpose with or without fee is hereby granted, provided that the above
		11	.\" copyright notice and this permission notice appear in all copies.
		12	.\"
		13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		20	.\"
		21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
5	.\" Copyright (c) 2008, 2014 The OpenSSL Project. All rights reserved.	22	.\" Copyright (c) 2008, 2014 The OpenSSL Project. All rights reserved.
6	.\"	23	.\"
7	.\" Redistribution and use in source and binary forms, with or without	24	.\" Redistribution and use in source and binary forms, with or without
@@ -48,36 +65,49 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	67	.\"
51	.Dd $Mdocdate: August 11 2019 $	68	.Dd $Mdocdate: August 12 2019 $
52	.Dt CMS_DECRYPT 3	69	.Dt CMS_DECRYPT 3
53	.Os	70	.Os
54	.Sh NAME	71	.Sh NAME
55	.Nm CMS_decrypt	72	.Nm CMS_decrypt ,
		73	.Nm CMS_decrypt_set1_pkey ,
		74	.Nm CMS_decrypt_set1_key
56	.Nd decrypt content from a CMS envelopedData structure	75	.Nd decrypt content from a CMS envelopedData structure
57	.Sh SYNOPSIS	76	.Sh SYNOPSIS
58	.In openssl/cms.h	77	.In openssl/cms.h
59	.Ft int	78	.Ft int
60	.Fo CMS_decrypt	79	.Fo CMS_decrypt
61	.Fa "CMS_ContentInfo *cms"	80	.Fa "CMS_ContentInfo *cms"
62	.Fa "EVP_PKEY *pkey"	81	.Fa "EVP_PKEY *private_key"
63	.Fa "X509 *cert"	82	.Fa "X509 *certificate"
64	.Fa "BIO *dcont"	83	.Fa "BIO *dcont"
65	.Fa "BIO *out"	84	.Fa "BIO *out"
66	.Fa "unsigned int flags"	85	.Fa "unsigned int flags"
67	.Fc	86	.Fc
		87	.Ft int
		88	.Fo CMS_decrypt_set1_pkey
		89	.Fa "CMS_ContentInfo *cms"
		90	.Fa "EVP_PKEY *private_key"
		91	.Fa "X509 *certificate"
		92	.Fc
		93	.Ft int
		94	.Fo CMS_decrypt_set1_key
		95	.Fa "CMS_ContentInfo *cms"
		96	.Fa "unsigned char *symmetric_key"
		97	.Fa "size_t keylen"
		98	.Fa "const unsigned char *id"
		99	.Fa "size_t idlen"
		100	.Fc
68	.Sh DESCRIPTION	101	.Sh DESCRIPTION
69	.Fn CMS_decrypt	102	.Fn CMS_decrypt
70	extracts and decrypts the content from a CMS EnvelopedData structure.	103	extracts and decrypts the content from a CMS EnvelopedData structure
71	.Fa pkey	104	using the
72	is the private key of the recipient,	105	.Fa private_key
73	.Fa cert	106	and the
74	is the recipient's certificate,	107	.Fa certificate
75	.Fa out	108	of the recipient.
76	is a	109	It writes the decrypted content to
77	.Vt BIO	110	.Fa out .
78	to write the content to and
79	.Fa flags
80	is an optional set of flags.
81	.Pp	111	.Pp
82	The	112	The
83	.Fa dcont	113	.Fa dcont
@@ -86,12 +116,13 @@ detached.
86	It will normally be set to	116	It will normally be set to
87	.Dv NULL .	117	.Dv NULL .
88	.Pp	118	.Pp
89	Although the recipients certificate is not needed to decrypt the data it	119	Although the recipient's
90	is needed to locate the appropriate (of possible several) recipients in	120	.Fa certificate
91	the CMS structure.	121	is not needed to decrypt the data, it is needed to locate the
		122	appropriate (of possible several) recipients in the CMS structure.
92	.Pp	123	.Pp
93	If	124	If the
94	.Fa cert	125	.Fa certificate
95	is set to	126	is set to
96	.Dv NULL ,	127	.Dv NULL ,
97	all possible recipients are tried.	128	all possible recipients are tried.
@@ -116,18 +147,22 @@ Applications should use this flag with extreme caution
116	especially in automated gateways as it can leave them open to attack.	147	especially in automated gateways as it can leave them open to attack.
117	.Pp	148	.Pp
118	It is possible to determine the correct recipient key by other means	149	It is possible to determine the correct recipient key by other means
119	(for example looking them up in a database) and setting them in the CMS	150	(for example looking them up in a database) and setting them in the
		151	.Fa cms
120	structure in advance using the CMS utility functions such as	152	structure in advance using the CMS utility functions such as
121	.Xr CMS_set1_pkey 3 .	153	.Fn CMS_decrypt_set1_pkey .
122	In this case both	154	In this case both
123	.Fa cert	155	.Fa certificate
124	and	156	and
125	.Fa pkey	157	.Fa private_key
126	should be set to	158	should be set to
127	.Dv NULL .	159	.Dv NULL
		160	when calling
		161	.Fn CMS_decrypt
		162	later on.
128	.Pp	163	.Pp
129	To process KEKRecipientInfo types,	164	To process KEKRecipientInfo types,
130	.Xr CMS_set1_key 3	165	.Fn CMS_decrypt_set1_key
131	or	166	or
132	.Xr CMS_RecipientInfo_set0_key 3	167	.Xr CMS_RecipientInfo_set0_key 3
133	and	168	and
@@ -135,33 +170,38 @@ and
135	should be called before	170	should be called before
136	.Fn CMS_decrypt	171	.Fn CMS_decrypt
137	and	172	and
138	.Fa cert	173	.Fa certificate
139	and	174	and
140	.Fa pkey	175	.Fa private_key
141	set to	176	set to
142	.Dv NULL .	177	.Dv NULL
143	.Pp	178	when calling
144	The following flags can be passed in the	179	.Fn CMS_decrypt
145	.Fa flags	180	later on.
146	parameter:
147	.Pp	181	.Pp
148	If the	182	If the
149	.Dv CMS_TEXT	183	.Dv CMS_TEXT
150	flag is set, MIME headers for type text/plain	184	bit is set in
151	are deleted from the content.	185	.Fa flags ,
152	If the content is not of type text/plain,	186	MIME headers for type text/plain are deleted from the content.
153	then an error is returned.	187	If the content is not of type text/plain, an error occurs.
154	.Sh RETURN VALUES	188	.Sh RETURN VALUES
155	.Fn CMS_decrypt	189	.Fn CMS_decrypt ,
156	returns either 1 for success or 0 for failure.	190	.Fn CMS_decrypt_set1_pkey ,
		191	and
		192	.Fn CMS_decrypt_set1_key
		193	return 1 for success or 0 for failure.
157	The error can be obtained from	194	The error can be obtained from
158	.Xr ERR_get_error 3 .	195	.Xr ERR_get_error 3 .
159	.Sh SEE ALSO	196	.Sh SEE ALSO
160	.Xr CMS_encrypt 3	197	.Xr CMS_encrypt 3
161	.Sh HISTORY	198	.Sh HISTORY
162	.Fn CMS_decrypt	199	.Fn CMS_decrypt ,
		200	.Fn CMS_decrypt_set1_pkey ,
		201	and
		202	.Fn CMS_decrypt_set1_key
163	first appeared in OpenSSL 0.9.8h	203	first appeared in OpenSSL 0.9.8h
164	and has been available since	204	and have been available since
165	.Ox 6.6 .	205	.Ox 6.6 .
166	.Sh BUGS	206	.Sh BUGS
167	The lack of single pass processing and the need to hold all data in	207	The lack of single pass processing and the need to hold all data in