|  | =pod | 
|  |  | 
|  | =head1 NAME | 
|  |  | 
|  | CMS_get0_RecipientInfos, CMS_RecipientInfo_type, | 
|  | CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, | 
|  | CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, | 
|  | CMS_RecipientInfo_kari_set0_pkey_and_peer, | 
|  | CMS_RecipientInfo_kari_set0_pkey, | 
|  | CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, | 
|  | CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt | 
|  | - CMS envelopedData RecipientInfo routines | 
|  |  | 
|  | =head1 SYNOPSIS | 
|  |  | 
|  | #include <openssl/cms.h> | 
|  |  | 
|  | STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); | 
|  | int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); | 
|  |  | 
|  | int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, | 
|  | ASN1_OCTET_STRING **keyid, | 
|  | X509_NAME **issuer, | 
|  | ASN1_INTEGER **sno); | 
|  | int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); | 
|  | int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); | 
|  | int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, | 
|  | EVP_PKEY *pk, X509 *peer); | 
|  | int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); | 
|  | int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, | 
|  | ASN1_OCTET_STRING **pid, | 
|  | ASN1_GENERALIZEDTIME **pdate, | 
|  | ASN1_OBJECT **potherid, | 
|  | ASN1_TYPE **pothertype); | 
|  | int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, | 
|  | const unsigned char *id, size_t idlen); | 
|  | int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, | 
|  | unsigned char *key, size_t keylen); | 
|  |  | 
|  | int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); | 
|  | int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); | 
|  |  | 
|  | =head1 DESCRIPTION | 
|  |  | 
|  | The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo | 
|  | structures associated with a CMS EnvelopedData structure. | 
|  |  | 
|  | CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B<ri>. | 
|  | It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, | 
|  | CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER. | 
|  |  | 
|  | CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient | 
|  | identifier associated with a specific CMS_RecipientInfo structure B<ri>, which | 
|  | must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in | 
|  | B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>. | 
|  |  | 
|  | CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the | 
|  | CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS. | 
|  | It returns zero if the comparison is successful and non zero if not. | 
|  |  | 
|  | CMS_RecipientInfo_set0_pkey() associates the private key B<pkey> with | 
|  | the CMS_RecipientInfo structure B<ri>, which must be of type | 
|  | CMS_RECIPINFO_TRANS. | 
|  |  | 
|  | CMS_RecipientInfo_kari_set0_pkey_and_peer() associates the private key B<pkey> | 
|  | and peer certificate B<peer> with the CMS_RecipientInfo structure B<ri>, which | 
|  | must be of type CMS_RECIPINFO_AGREE. | 
|  |  | 
|  | CMS_RecipientInfo_kari_set0_pkey() associates the private key B<pkey> with the | 
|  | CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_AGREE. | 
|  |  | 
|  | CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the | 
|  | CMS_RecipientInfo structure B<ri> which must be of type CMS_RECIPINFO_KEK.  Any | 
|  | of the remaining parameters can be NULL if the application is not interested in | 
|  | the value of a field. Where a field is optional and absent NULL will be written | 
|  | to the corresponding parameter. The keyEncryptionAlgorithm field is written to | 
|  | B<palg>, the B<keyIdentifier> field is written to B<pid>, the B<date> field if | 
|  | present is written to B<pdate>, if the B<other> field is present the components | 
|  | B<keyAttrId> and B<keyAttr> are written to parameters B<potherid> and | 
|  | B<pothertype>. | 
|  |  | 
|  | CMS_RecipientInfo_kekri_id_cmp() compares the ID in the B<id> and B<idlen> | 
|  | parameters against the B<keyIdentifier> CMS_RecipientInfo structure B<ri>, | 
|  | which must be of type CMS_RECIPINFO_KEK.  It returns zero if the comparison is | 
|  | successful and non zero if not. | 
|  |  | 
|  | CMS_RecipientInfo_set0_key() associates the symmetric key B<key> of length | 
|  | B<keylen> with the CMS_RecipientInfo structure B<ri>, which must be of type | 
|  | CMS_RECIPINFO_KEK. | 
|  |  | 
|  | CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure | 
|  | B<ri> in structure B<cms>. A key must have been associated with the structure | 
|  | first. | 
|  |  | 
|  | CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure | 
|  | B<ri> in structure B<cms>. A key must have been associated with the structure | 
|  | first and the content encryption key must be available: for example by a | 
|  | previous call to CMS_RecipientInfo_decrypt(). | 
|  |  | 
|  | =head1 NOTES | 
|  |  | 
|  | The main purpose of these functions is to enable an application to lookup | 
|  | recipient keys using any appropriate technique when the simpler method | 
|  | of CMS_decrypt() is not appropriate. | 
|  |  | 
|  | In typical usage and application will retrieve all CMS_RecipientInfo structures | 
|  | using CMS_get0_RecipientInfos() and check the type of each using | 
|  | CMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure | 
|  | can be ignored or its key identifier data retrieved using an appropriate | 
|  | function. Then if the corresponding secret or private key can be obtained by | 
|  | any appropriate means it can then associated with the structure and | 
|  | CMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called | 
|  | with a NULL key to decrypt the enveloped content. | 
|  |  | 
|  | The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an | 
|  | existing enveloped data structure. Typically an application will first decrypt | 
|  | an appropriate CMS_RecipientInfo structure to make the content encrypt key | 
|  | available, it will then add a new recipient using a function such as | 
|  | CMS_add1_recipient_cert() and finally encrypt the content encryption key | 
|  | using CMS_RecipientInfo_encrypt(). | 
|  |  | 
|  | =head1 RETURN VALUES | 
|  |  | 
|  | CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if | 
|  | an error occurs. | 
|  |  | 
|  | CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), | 
|  | CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and | 
|  | CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. | 
|  | CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs. | 
|  |  | 
|  | CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 | 
|  | for a successful comparison and non zero otherwise. | 
|  |  | 
|  | Any error can be obtained from L<ERR_get_error(3)>. | 
|  |  | 
|  | =head1 SEE ALSO | 
|  |  | 
|  | L<ERR_get_error(3)>, L<CMS_decrypt(3)> | 
|  |  | 
|  | =head1 HISTORY | 
|  |  | 
|  | B<CMS_RecipientInfo_kari_set0_pkey_and_peer> and B<CMS_RecipientInfo_kari_set0_pkey> | 
|  | were added in OpenSSL 3.0. | 
|  |  | 
|  | =head1 COPYRIGHT | 
|  |  | 
|  | Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. | 
|  |  | 
|  | Licensed under the Apache License 2.0 (the "License").  You may not use | 
|  | this file except in compliance with the License.  You can obtain a copy | 
|  | in the file LICENSE in the source distribution or at | 
|  | L<https://www.openssl.org/source/license.html>. | 
|  |  | 
|  | =cut |