diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/CMS_encrypt.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/CMS_encrypt.3 | 46 |
1 files changed, 28 insertions, 18 deletions
diff --git a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 index 690220e4189b..f874bcbe3079 100644 --- a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,29 +130,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_ENCRYPT 3" -.TH CMS_ENCRYPT 3 "2022-05-03" "1.1.1o" "OpenSSL" +.IX Title "CMS_ENCRYPT 3ossl" +.TH CMS_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_encrypt \- create a CMS envelopedData structure +CMS_encrypt_ex, CMS_encrypt \- create a CMS envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& +\& CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags, +\& OSSL_LIB_CTX *libctx, const char *propq); \& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, \& const EVP_CIPHER *cipher, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR -is a list of recipient certificates. \fBin\fR is the content to be encrypted. -\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" +\&\fBCMS_encrypt_ex()\fR creates and returns a \s-1CMS\s0 EnvelopedData or +AuthEnvelopedData structure. \fIcerts\fR is a list of recipient certificates. +\&\fIin\fR is the content to be encrypted. \fIcipher\fR is the symmetric cipher to use. +\&\fIflags\fR is an optional set of flags. The library context \fIlibctx\fR and the +property query \fIpropq\fR are used internally when retrieving algorithms from +providers. +.PP Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this function. .PP @@ -162,7 +165,9 @@ function. because most clients will support it. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of -its parameters. +its parameters. If the cipher mode is \s-1GCM,\s0 then an AuthEnvelopedData structure +containing \s-1MAC\s0 is used. Otherwise an EnvelopedData structure is used. Currently +the \s-1AES\s0 variants with \s-1GCM\s0 mode are the only supported \s-1AEAD\s0 algorithms. .PP Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced @@ -195,8 +200,7 @@ finalization. The data being encrypted is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" +.PP If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable @@ -213,21 +217,27 @@ and \fBCMS_add0_recipient_key()\fR. .PP The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. +.PP +\&\fBCMS_encrypt()\fR is similar to \fBCMS_encrypt_ex()\fR but uses default values +of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBCMS_encrypt_ex()\fR and \fBCMS_encrypt()\fR return either a CMS_ContentInfo +structure or \s-1NULL\s0 if an error occurred. The error can be obtained from +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +The function \fBCMS_encrypt_ex()\fR was added in OpenSSL 3.0. +.PP The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |