diff options
Diffstat (limited to 'doc/crypto')
| -rw-r--r-- | doc/crypto/ASN1_generate_nconf.pod | 2 | ||||
| -rw-r--r-- | doc/crypto/BIO_f_base64.pod | 15 | ||||
| -rw-r--r-- | doc/crypto/BIO_push.pod | 2 | ||||
| -rw-r--r-- | doc/crypto/ERR_get_error.pod | 4 | ||||
| -rw-r--r-- | doc/crypto/EVP_DigestInit.pod | 5 | ||||
| -rw-r--r-- | doc/crypto/EVP_EncryptInit.pod | 5 | ||||
| -rw-r--r-- | doc/crypto/EVP_SignInit.pod | 8 | ||||
| -rw-r--r-- | doc/crypto/RSA_set_method.pod | 14 | ||||
| -rw-r--r-- | doc/crypto/RSA_sign.pod | 4 | ||||
| -rw-r--r-- | doc/crypto/des.pod | 7 | ||||
| -rw-r--r-- | doc/crypto/err.pod | 1 | ||||
| -rw-r--r-- | doc/crypto/pem.pod | 8 | ||||
| -rw-r--r-- | doc/crypto/ui.pod | 2 |
13 files changed, 46 insertions, 31 deletions
diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index 542fd1579ab8..bfa0a04ff974 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must not be present. =item B<INTEGER>, B<INT> Encodes an ASN1 B<INTEGER> type. The B<value> string represents -the value of the integer, it can be preceeded by a minus sign and +the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix B<0x> is included. diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod index 438af3b6b66c..d1d7bf0bd066 100644 --- a/doc/crypto/BIO_f_base64.pod +++ b/doc/crypto/BIO_f_base64.pod @@ -46,11 +46,11 @@ to standard output: b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdout, BIO_NOCLOSE); - bio = BIO_push(b64, bio); - BIO_write(bio, message, strlen(message)); - BIO_flush(bio); + BIO_push(b64, bio); + BIO_write(b64, message, strlen(message)); + BIO_flush(b64); - BIO_free_all(bio); + BIO_free_all(b64); Read Base64 encoded data from standard input and write the decoded data to standard output: @@ -62,11 +62,12 @@ data to standard output: b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdin, BIO_NOCLOSE); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); - bio = BIO_push(b64, bio); - while((inlen = BIO_read(bio, inbuf, 512)) > 0) + BIO_push(b64, bio); + while((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(bio_out, inbuf, inlen); - BIO_free_all(bio); + BIO_flush(bio_out); + BIO_free_all(b64); =head1 BUGS diff --git a/doc/crypto/BIO_push.pod b/doc/crypto/BIO_push.pod index 8af1d3c09751..8a2657cd588c 100644 --- a/doc/crypto/BIO_push.pod +++ b/doc/crypto/BIO_push.pod @@ -40,7 +40,7 @@ If the call: BIO_push(b64, f); -is made then the new chain will be B<b64-chain>. After making the calls +is made then the new chain will be B<b64-f>. After making the calls BIO_push(md2, b64); BIO_push(md1, md2); diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod index 828ecf529b2e..01e196c95fda 100644 --- a/doc/crypto/ERR_get_error.pod +++ b/doc/crypto/ERR_get_error.pod @@ -49,10 +49,10 @@ additionally store the file name and line number where the error occurred in *B<file> and *B<line>, unless these are B<NULL>. ERR_get_error_line_data(), ERR_peek_error_line_data() and -ERR_get_last_error_line_data() store additional data and flags +ERR_peek_last_error_line_data() store additional data and flags associated with the error code in *B<data> and *B<flags>, unless these are B<NULL>. *B<data> contains a string -if *B<flags>&B<ERR_TXT_STRING> is true. +if *B<flags>&B<ERR_TXT_STRING> is true. An application B<MUST NOT> free the *B<data> pointer (or any other pointers returned by these functions) with OPENSSL_free() as freeing is handled diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 367691cc7aed..310c65eb3705 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -161,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure. EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists. -EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(), -EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block -size in bytes. +EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and +EVP_MD_CTX_block_size() return the digest or block size in bytes. EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 1c4bf184a1b0..d11e054e48b3 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -344,7 +344,10 @@ bits and 12 rounds. Where possible the B<EVP> interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes -transparent to the cipher used and much more flexible. +transparent to the cipher used and much more flexible. Additionally, the +B<EVP> interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). PKCS padding works by adding B<n> padding bytes of value B<n> to make the total length of the encrypted data a multiple of the block size. Padding is always diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 620a623ab620..14ecc775af6a 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -30,9 +30,11 @@ signature context B<ctx>. This function can be called several times on the same B<ctx> to include additional data. EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and -places the signature in B<sig>. The number of bytes of data written (i.e. the -length of the signature) will be written to the integer at B<s>, at most -EVP_PKEY_size(pkey) bytes will be written. +places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey) +bytes in size. B<s> is an OUT paramter, and not used as an IN parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes +will be written. EVP_SignInit() initializes a signing context B<ctx> to use the default implementation of digest B<type>. diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 2c963d7e5bba..0ef078118651 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -125,14 +125,18 @@ the default method is used. /* sign. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); /* verify. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + int (*rsa_verify)(int dtype, + const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa); + /* keygen. If NULL builtin RSA key generation will be used */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); } RSA_METHOD; diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod index 8553be8e99b6..fc16b1f4f806 100644 --- a/doc/crypto/RSA_sign.pod +++ b/doc/crypto/RSA_sign.pod @@ -20,6 +20,10 @@ RSA_sign() signs the message digest B<m> of size B<m_len> using the private key B<rsa> as specified in PKCS #1 v2.0. It stores the signature in B<sigret> and the signature size in B<siglen>. B<sigret> must point to RSA_size(B<rsa>) bytes of memory. +Note that PKCS #1 adds meta-data, placing limits on the size of the +key that can be used. +See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level +operations. B<type> denotes the message digest algorithm that was used to generate B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>; diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 6f0cf1cc5e5f..e1add56b5e81 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -135,9 +135,8 @@ depend on a global variable. DES_set_odd_parity() sets the parity of the passed I<key> to odd. -DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it -is ok. The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them. +DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it +is ok. The following routines mostly operate on an input and output stream of I<DES_cblock>s. @@ -181,7 +180,7 @@ of 24 bytes. This is much better than CBC DES. DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with three keys. This means that each DES operation inside the CBC mode is -really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. +an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>. diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 6f729554d2a9..4a5dc6935cc7 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -171,7 +171,6 @@ ERR_get_string_table(void) respectively. =head1 SEE ALSO -L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 54414a3f6f37..21e9fe3b98a9 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -450,9 +450,9 @@ byte B<salt> encoded as a set of hexadecimal digits. After this is the base64 encoded encrypted data. -The encryption key is determined using EVP_bytestokey(), using B<salt> and an +The encryption key is determined using EVP_BytesToKey(), using B<salt> and an iteration count of 1. The IV used is the value of B<salt> and *not* the IV -returned by EVP_bytestokey(). +returned by EVP_BytesToKey(). =head1 BUGS @@ -474,3 +474,7 @@ The read routines return either a pointer to the structure read or NULL if an error occurred. The write routines return 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<EVP_get_cipherbyname(3)|EVP_get_cipherbyname>, L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod index 6df68d604a82..04f8e9c360a8 100644 --- a/doc/crypto/ui.pod +++ b/doc/crypto/ui.pod @@ -119,7 +119,7 @@ verification will fail. UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given -as well. The prompt itself is really divided in two, one part being the +as well. The prompt itself is divided in two, one part being the descriptive text (given through the I<prompt> argument) and one describing the possible answers (given through the I<action_desc> argument). |