X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=doc%2Fman3%2FCMS_encrypt.pod;h=cddd89447b473add9463b4981c81869f578b60b9;hb=bf973d0697e61a44dc46d08b0421a08a8cb61887;hp=3e777582d56e6ad3ed1b07c18e2b4ea928e086e8;hpb=ecd4b8fe852612bb902b8dee7ca09648fa730253;p=openssl.git diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod index 3e777582d5..cddd89447b 100644 --- a/doc/man3/CMS_encrypt.pod +++ b/doc/man3/CMS_encrypt.pod @@ -2,22 +2,26 @@ =head1 NAME -CMS_encrypt - create a CMS envelopedData structure +CMS_encrypt_ex, CMS_encrypt - create a CMS envelopedData structure =head1 SYNOPSIS #include + CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); =head1 DESCRIPTION -CMS_encrypt() creates and returns a CMS EnvelopedData structure. B -is a list of recipient certificates. B is the content to be encrypted. -B is the symmetric cipher to use. B is an optional set of flags. - -=head1 NOTES +CMS_encrypt_ex() creates and returns a CMS EnvelopedData or +AuthEnvelopedData structure. I is a list of recipient certificates. +I is the content to be encrypted. I is the symmetric cipher to use. +I is an optional set of flags. The library context I and the +property query I are used internally when retrieving algorithms from +providers. Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this function. @@ -26,7 +30,9 @@ EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. The algorithm passed in the B parameter must support ASN1 encoding of -its parameters. +its parameters. If the cipher mode is GCM, then an AuthEnvelopedData structure +containing MAC is used. Otherwise an EnvelopedData structure is used. Currently +the AES variants with GCM mode are the only supported AEAD algorithms. Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced @@ -60,8 +66,6 @@ The data being encrypted is included in the CMS_ContentInfo structure, unless B is set in which case it is omitted. This is rarely used in practice and is not supported by SMIME_write_CMS(). -=head1 NOTES - If the flag B is set the returned B structure is B complete and outputting its contents via a function that does not properly finalize the B structure will give unpredictable @@ -79,10 +83,14 @@ and CMS_add0_recipient_key(). The parameter B may be NULL if B is set and recipients added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key(). +CMS_encrypt() is similar to CMS_encrypt_ex() but uses default values +of NULL for the library context I and the property query I. + =head1 RETURN VALUES -CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). +CMS_encrypt_ex() and CMS_encrypt() return either a CMS_ContentInfo +structure or NULL if an error occurred. The error can be obtained from +ERR_get_error(3). =head1 SEE ALSO @@ -90,13 +98,15 @@ L, L =head1 HISTORY +The function CMS_encrypt_ex() was added in OpenSSL 3.0. + The B flag was first supported in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.