From cc47a3abfdbd325bb89055dfd451213698f0850e Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 10 Aug 2019 23:41:22 +0000 Subject: Re-convert and re-import the CMS manual pages from OpenSSL 1.1.1 (which are still under a free license) with pod2mdoc(1) now that jsing@ has begun work to provide these APIs. Some formatting was improved and some typos were fixed, but apart from that, little was changed, so there is still much to polish. --- src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 | 323 ++++++++++++++++++++++++ 1 file changed, 323 insertions(+) create mode 100644 src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 (limited to 'src/lib/libcrypto/man/CMS_get0_RecipientInfos.3') diff --git a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 new file mode 100644 index 0000000000..07c16c5675 --- /dev/null +++ b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -0,0 +1,323 @@ +.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.3 2019/08/10 23:41:22 schwarze Exp $ +.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2008, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 10 2019 $ +.Dt CMS_GET0_RECIPIENTINFOS 3 +.Os +.Sh NAME +.Nm CMS_get0_RecipientInfos , +.Nm CMS_RecipientInfo_type , +.Nm CMS_RecipientInfo_ktri_get0_signer_id , +.Nm CMS_RecipientInfo_ktri_cert_cmp , +.Nm CMS_RecipientInfo_set0_pkey , +.Nm CMS_RecipientInfo_kekri_get0_id , +.Nm CMS_RecipientInfo_kekri_id_cmp , +.Nm CMS_RecipientInfo_set0_key , +.Nm CMS_RecipientInfo_decrypt , +.Nm CMS_RecipientInfo_encrypt +.Nd CMS envelopedData RecipientInfo routines +.Sh SYNOPSIS +.In openssl/cms.h +.Ft STACK_OF(CMS_RecipientInfo) * +.Fo CMS_get0_RecipientInfos +.Fa "CMS_ContentInfo *cms" +.Fc +.Ft int +.Fo CMS_RecipientInfo_type +.Fa "CMS_RecipientInfo *ri" +.Fc +.Ft int +.Fo CMS_RecipientInfo_ktri_get0_signer_id +.Fa "CMS_RecipientInfo *ri" +.Fa "ASN1_OCTET_STRING **keyid" +.Fa "X509_NAME **issuer" +.Fa "ASN1_INTEGER **sno" +.Fc +.Ft int +.Fo CMS_RecipientInfo_ktri_cert_cmp +.Fa "CMS_RecipientInfo *ri" +.Fa "X509 *cert" +.Fc +.Ft int +.Fo CMS_RecipientInfo_set0_pkey +.Fa "CMS_RecipientInfo *ri" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo CMS_RecipientInfo_kekri_get0_id +.Fa "CMS_RecipientInfo *ri" +.Fa "X509_ALGOR **palg" +.Fa "ASN1_OCTET_STRING **pid" +.Fa "ASN1_GENERALIZEDTIME **pdate" +.Fa "ASN1_OBJECT **potherid" +.Fa "ASN1_TYPE **pothertype" +.Fc +.Ft int +.Fo CMS_RecipientInfo_kekri_id_cmp +.Fa "CMS_RecipientInfo *ri" +.Fa "const unsigned char *id" +.Fa "size_t idlen" +.Fc +.Ft int +.Fo CMS_RecipientInfo_set0_key +.Fa "CMS_RecipientInfo *ri" +.Fa "unsigned char *key" +.Fa "size_t keylen" +.Fc +.Ft int +.Fo CMS_RecipientInfo_decrypt +.Fa "CMS_ContentInfo *cms" +.Fa "CMS_RecipientInfo *ri" +.Fc +.Ft int +.Fo CMS_RecipientInfo_encrypt +.Fa "CMS_ContentInfo *cms" +.Fa "CMS_RecipientInfo *ri" +.Fc +.Sh DESCRIPTION +The function +.Fn CMS_get0_RecipientInfos +returns all the +.Vt CMS_RecipientInfo +structures associated with a CMS EnvelopedData structure. +.Pp +.Fn CMS_RecipientInfo_type +returns the type of the +.Vt CMS_RecipientInfo +structure +.Fa ri . +It will currently return +.Dv CMS_RECIPINFO_TRANS , +.Dv CMS_RECIPINFO_AGREE , +.Dv CMS_RECIPINFO_KEK , +.Dv CMS_RECIPINFO_PASS , +or +.Dv CMS_RECIPINFO_OTHER . +.Pp +.Fn CMS_RecipientInfo_ktri_get0_signer_id +retrieves the certificate recipient identifier associated with a +specific +.Vt CMS_RecipientInfo +structure +.Fa ri , +which must be of type +.Dv CMS_RECIPINFO_TRANS . +Either the keyidentifier will be set in +.Fa keyid +or +.Em both +issuer name and serial number in +.Fa issuer +and +.Fa sno . +.Pp +.Fn CMS_RecipientInfo_ktri_cert_cmp +compares the certificate +.Fa cert +against the +.Vt CMS_RecipientInfo +structure +.Fa ri , +which must be of type +.Dv CMS_RECIPINFO_TRANS . +It returns zero if the comparison is successful or non-zero if not. +.Pp +.Fn CMS_RecipientInfo_set0_pkey +associates the private key +.Fa pkey +with the +.Vt CMS_RecipientInfo +structure +.Fa ri , +which must be of type +.Dv CMS_RECIPINFO_TRANS . +.Pp +.Fn CMS_RecipientInfo_kekri_get0_id +retrieves the key information from the +.Vt CMS_RecipientInfo +structure +.Fa ri +which must be of type +.Dv CMS_RECIPINFO_KEK . +Any of the remaining parameters can be +.Dv NULL +if the application is not interested in the value of a field. +Where a field is optional and absent, +.Dv NULL +will be written to the corresponding parameter. +The keyEncryptionAlgorithm field is written to +.Fa palg , +the keyIdentifier field is written to +.Fa pid , +the +.Sy date +field if present is written to +.Fa pdate . +If the +.Sy other +field is present the components +.Sy keyAttrId +and +.Sy keyAttr +are written to the parameters +.Fa potherid +and +.Fa pothertype . +.Pp +.Fn CMS_RecipientInfo_kekri_id_cmp +compares the ID in the +.Fa id +and +.Fa idlen +parameters against the keyIdentifier +.Vt CMS_RecipientInfo +structure +.Fa ri , +which must be of type +.Dv CMS_RECIPINFO_KEK . +It returns zero if the comparison is successful or non-zero if not. +.Pp +.Fn CMS_RecipientInfo_set0_key +associates the symmetric key +.Fa key +of length +.Fa keylen +with the +.Vt CMS_RecipientInfo +structure +.Fa ri , +which must be of type +.Dv CMS_RECIPINFO_KEK . +.Pp +.Fn CMS_RecipientInfo_decrypt +attempts to decrypt the +.Vt CMS_RecipientInfo +structure +.Fa ri +in structure +.Fa cms . +A key must have been associated with the structure first. +.Pp +.Fn CMS_RecipientInfo_encrypt +attempts to encrypt the +.Vt CMS_RecipientInfo +structure +.Fa ri +in structure +.Fa cms . +A key must have been associated with the structure first and the content +encryption key must be available: for example by a previous call to +.Fn CMS_RecipientInfo_decrypt . +.Pp +The main purpose of these functions is to enable an application to +lookup recipient keys using any appropriate technique when the simpler +method of +.Xr CMS_decrypt 3 +is not appropriate. +.Pp +In typical usage, an application will retrieve all +.Vt CMS_RecipientInfo +structures using +.Fn CMS_get0_RecipientInfos +and check the type of each using +.Fn CMS_RecipientInfo_type . +Depending on the type, the +.Vt CMS_RecipientInfo +structure can be ignored or its key identifier data retrieved using +an appropriate function. +If the corresponding secret or private key can be obtained by any +appropriate means it can then be associated with the structure and +.Fn CMS_RecipientInfo_decrypt +called. +If successful, +.Xr CMS_decrypt 3 +can be called with a +.Dv NULL +key to decrypt the enveloped content. +.Pp +The function +.Fn CMS_RecipientInfo_encrypt +can be used to add a new recipient to an existing enveloped data +structure. +Typically an application will first decrypt an appropriate +.Vt CMS_RecipientInfo +structure to make the content encrypt key available. +Ot will then add a new recipient using a function such as +.Xr CMS_add1_recipient_cert 3 +and finally encrypt the content encryption key using +.Fn CMS_RecipientInfo_encrypt . +.Sh RETURN VALUES +.Fn CMS_get0_RecipientInfos +returns all +.Vt CMS_RecipientInfo +structures, or +.Dv NULL +if an error occurs. +.Pp +.Fn CMS_RecipientInfo_ktri_get0_signer_id , +.Fn CMS_RecipientInfo_set0_pkey , +.Fn CMS_RecipientInfo_kekri_get0_id , +.Fn CMS_RecipientInfo_set0_key , +.Fn CMS_RecipientInfo_decrypt , +and +.Fn CMS_RecipientInfo_encrypt +return 1 for success or 0 if an error occurs. +.Pp +.Fn CMS_RecipientInfo_ktri_cert_cmp +and +.Fn CMS_RecipientInfo_kekri_id_cmp +return 0 for a successful comparison or non-zero otherwise. +.Pp +Any error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr CMS_decrypt 3 +.Sh HISTORY +These functions were first was added to OpenSSL 0.9.8. -- cgit v1.2.3-55-g6feb