Add CMS AuthEnvelopedData with AES-GCM support

Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM
parameter as defined in RFC 5084.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8024)

1 files changed, 32 insertions, 16 deletions

diff --git a/doc/man3/CMS_EnvelopedData_create.pod b/doc/man3/CMS_EnvelopedData_create.pod
index e6903ea3f8..6978aaabcb 100644
--- a/doc/man3/CMS_EnvelopedData_create.pod
+++ b/doc/man3/CMS_EnvelopedData_create.pod
@@ -2,25 +2,39 @@
 
 =head1 NAME
 
-CMS_EnvelopedData_create_with_libctx, CMS_EnvelopedData_create
+CMS_EnvelopedData_create_with_libctx, CMS_EnvelopedData_create,
+CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_with_libctx
 - Create CMS envelope
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                                       OPENSSL_CTX *libctx,
-                                                       const char *propq);
+ CMS_ContentInfo *
+ CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
+                                      OPENSSL_CTX *libctx,
+                                      const char *propq);
  CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 
+ CMS_ContentInfo *
+ CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
+                                          OPENSSL_CTX *libctx,
+                                          const char *propq);
+ CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
+
 =head1 DESCRIPTION
 
-CMS_EnvelopedData_create_with_libctx() creates a B<CMS_ContentInfo> structure with
-a type B<NID_pkcs7_enveloped>. I<cipher> is the symmetric cipher to use. The
-library context I<libctx> and the property query I<propq> are used when
+CMS_EnvelopedData_create_with_libctx() creates a B<CMS_ContentInfo> structure
+with a type B<NID_pkcs7_enveloped>. I<cipher> is the symmetric cipher to use.
+The library context I<libctx> and the property query I<propq> are used when
 retrieving algorithms from providers.
 
+CMS_AuthEnvelopedData_create_with_libctx() creates a B<CMS_ContentInfo>
+structure with a type B<NID_id_smime_ct_authEnvelopedData>. B<cipher> is the
+symmetric AEAD cipher to use. Currently only AES variants with GCM mode are
+supported. The library context I<libctx> and the property query I<propq> are
+used when retrieving algorithms from providers.
+
 The algorithm passed in the I<cipher> parameter must support ASN1 encoding of
 its parameters.
 
@@ -30,21 +44,23 @@ L<CMS_add0_recipient_key(3)>.
 The B<CMS_ContentInfo> structure needs to be finalized using L<CMS_final(3)>
 and then freed using L<CMS_ContentInfo_free(3)>.
 
-CMS_EnvelopedData_create() is similar to CMS_EnvelopedData_create_with_libctx()
-but uses default values of NULL for the library context I<libctx> and the
-property query I<propq>.
+CMS_EnvelopedData_create() and  CMS_AuthEnvelopedData_create are similar to
+CMS_EnvelopedData_create_with_libctx() and
+CMS_AuthEnvelopedData_create_with_libctx() but use default values of NULL for
+the library context I<libctx> and the property query I<propq>.
 
 =head1 NOTES
 
-Although CMS_EnvelopedData_create() allocates a new B<CMS_ContentInfo>
-structure it is usually not used in applications. The wrappers
-L<CMS_encrypt(3)> and L<CMS_decrypt(3)> are often used instead.
+Although CMS_EnvelopedData_create() and CMS_AuthEnvelopedData_create() allocate
+a new B<CMS_ContentInfo> structure, they are not usually used in applications.
+The wrappers L<CMS_encrypt(3)> and L<CMS_decrypt(3)> are often used instead.
 
 =head1 RETURN VALUES
 
-If the allocation fails, CMS_EnvelopedData_create() returns NULL and sets
-an error code that can be obtained by L<ERR_get_error(3)>.
-Otherwise it returns a pointer to the newly allocated structure.
+If the allocation fails, CMS_EnvelopedData_create() and
+CMS_AuthEnvelopedData_create() return NULL and set an error code that can be
+obtained by L<ERR_get_error(3)>. Otherwise they return a pointer to the newly
+allocated structure.
 
 =head1 SEE ALSO