From cc47a3abfdbd325bb89055dfd451213698f0850e Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 10 Aug 2019 23:41:22 +0000 Subject: Re-convert and re-import the CMS manual pages from OpenSSL 1.1.1 (which are still under a free license) with pod2mdoc(1) now that jsing@ has begun work to provide these APIs. Some formatting was improved and some typos were fixed, but apart from that, little was changed, so there is still much to polish. --- src/lib/libcrypto/man/CMS_encrypt.3 | 190 ++++++++++++++++++++++++++++++++++++ 1 file changed, 190 insertions(+) create mode 100644 src/lib/libcrypto/man/CMS_encrypt.3 (limited to 'src/lib/libcrypto/man/CMS_encrypt.3') diff --git a/src/lib/libcrypto/man/CMS_encrypt.3 b/src/lib/libcrypto/man/CMS_encrypt.3 new file mode 100644 index 0000000000..8550de2c9f --- /dev/null +++ b/src/lib/libcrypto/man/CMS_encrypt.3 @@ -0,0 +1,190 @@ +.\" $OpenBSD: CMS_encrypt.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $ +.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 10 2019 $ +.Dt CMS_ENCRYPT 3 +.Os +.Sh NAME +.Nm CMS_encrypt +.Nd create a CMS envelopedData structure +.Sh SYNOPSIS +.In openssl/cms.h +.Ft CMS_ContentInfo * +.Fo CMS_encrypt +.Fa "STACK_OF(X509) *certs" +.Fa "BIO *in" +.Fa "const EVP_CIPHER *cipher" +.Fa "unsigned int flags" +.Fc +.Sh DESCRIPTION +.Fn CMS_encrypt +creates and returns a CMS EnvelopedData structure. +.Fa certs +is a list of recipient certificates. +.Fa in +is the content to be encrypted. +.Fa cipher +is the symmetric cipher to use. +.Fa flags +is an optional set of flags. +.Pp +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported +by this function. +.Pp +.Xr EVP_des_ede3_cbc 3 +(triple DES) is the algorithm of choice for S/MIME use because most +clients will support it. +.Pp +The algorithm passed in the +.Fa cipher +parameter must support ASN1 encoding of its parameters. +.Pp +Many browsers implement a "sign and encrypt" option which is simply an +S/MIME envelopedData containing an S/MIME signed message. +This can be readily produced by storing the S/MIME signed message in a +memory BIO and passing it to +.Fn CMS_encrypt . +.Pp +The following flags can be passed in the +.Fa flags +parameter: +.Bl -tag -width Ds +.It Dv CMS_TEXT +MIME headers for type text/plain are prepended to the data. +.It Dv CMS_BINARY +Do not translate the supplied content into MIME canonical format +even though that is required by the S/MIME specifications. +This option should be used if the supplied data is in binary format. +Otherwise, the translation will corrupt it. +If +.Dv CMS_BINARY +is set, then +.Dv CMS_TEXT +is ignored. +.It Dv CMS_USE_KEYID +Use the subject key identifier value to identify recipient certificates. +An error occurs if all recipient certificates do not have a subject key +identifier extension. +By default, issuer name and serial number are used instead. +.It Dv CMS_STREAM +Return a partial +.Vt CMS_ContentInfo +structure suitable for streaming I/O: no data is read from the BIO +.Fa in . +.It Dv CMS_PARTIAL +Return a partial +.Vt CMS_ContentInfo +structure to which additional recipients and attributes can +be added before finalization. +.It Dv CMS_DETACHED +Omit the data being encrypted from the +.Vt CMS_ContentInfo +structure. +This is rarely used in practice and is not supported by +.Xr SMIME_write_CMS 3 . +.El +.Pp +If the flag +.Dv CMS_STREAM +is set, the returned +.Vt CMS_ContentInfo +structure is +.Em not +complete and outputting its contents via a function that does not +properly finalize the +.Vt CMS_ContentInfo +structure will give unpredictable results. +.Pp +Several functions including +.Xr SMIME_write_CMS 3 , +.Xr i2d_CMS_bio_stream 3 , +.Xr PEM_write_bio_CMS_stream 3 +finalize the structure. +Alternatively finalization can be performed by obtaining the streaming +ASN1 +.Vt BIO +directly using +.Xr BIO_new_CMS 3 . +.Pp +The recipients specified in +.Fa certs +use a CMS KeyTransRecipientInfo info structure. +KEKRecipientInfo is also supported using the flag +.Dv CMS_PARTIAL +and +.Xr CMS_add0_recipient_key 3 . +.Pp +The parameter +.Fa certs +may be +.Dv NULL +if +.Dv CMS_PARTIAL +is set and recipients are added later using +.Xr CMS_add1_recipient_cert 3 +or +.Xr CMS_add0_recipient_key 3 . +.Sh RETURN VALUES +.Fn CMS_encrypt +returns either a +.Vt CMS_ContentInfo +structure or +.Dv NULL +if an error occurred. +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr CMS_decrypt 3 +.Sh HISTORY +.Fn CMS_encrypt +was added to OpenSSL 0.9.8. +The +.Sy CMS_STREAM +flag was first supported in OpenSSL 1.0.0. -- cgit v1.2.3-55-g6feb