summaryrefslogtreecommitdiff
path: root/lib/libcrypto/doc
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2014-07-10 13:08:59 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2014-07-10 13:08:59 +0000
commit355422e6f18af8cdc87bb2c1861a53051ceabd43 (patch)
tree11c25d42875fc2569975ab1b66091a1e47f4f2cf /lib/libcrypto/doc
parent91b1f46632533a0fd88f920ba506f35d23905057 (diff)
Attempt to (incompletely) document EVP_aes_*().
When EVP_des_cbc() was suggested, suggest EVP_aes_256_cbc() instead. Remove mention of EVP_des_ede3_cbc() being the algorithm of choice for S/MIME. Don't mention US-export limited RC2 algorithms, you'd better not know about them.
Diffstat (limited to 'lib/libcrypto/doc')
-rw-r--r--lib/libcrypto/doc/EVP_EncryptInit.pod16
-rw-r--r--lib/libcrypto/doc/EVP_SealInit.pod2
-rw-r--r--lib/libcrypto/doc/PKCS7_encrypt.pod7
3 files changed, 15 insertions, 10 deletions
diff --git a/lib/libcrypto/doc/EVP_EncryptInit.pod b/lib/libcrypto/doc/EVP_EncryptInit.pod
index d42445cf104..a876ac789cf 100644
--- a/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -101,7 +101,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
before calling this function. B<type> is normally supplied
-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the
default implementation is used. B<key> is the symmetric key to use
and B<iv> is the IV to use (if necessary), the actual number of bytes
used for the key and IV depends on the cipher. It is possible to set
@@ -279,10 +279,22 @@ All algorithms have a fixed key length unless otherwise stated.
=over 4
-=item EVP_enc_null()
+=item EVP_enc_null(void)
Null cipher: does nothing.
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void)
+
+128-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void)
+
+192-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void)
+
+256-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
DES in CBC, ECB, CFB and OFB modes respectively.
diff --git a/lib/libcrypto/doc/EVP_SealInit.pod b/lib/libcrypto/doc/EVP_SealInit.pod
index ff73a04fd96..76eebb72a97 100644
--- a/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/lib/libcrypto/doc/EVP_SealInit.pod
@@ -25,7 +25,7 @@ encrypted using this key.
EVP_SealInit() initializes a cipher context B<ctx> for encryption
with cipher B<type> using a random secret key and IV. B<type> is normally
-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted
using one or more public keys, this allows the same encrypted data to be
decrypted using any of the corresponding private keys. B<ek> is an array of
buffers where the public key encrypted secret key will be written, each buffer
diff --git a/lib/libcrypto/doc/PKCS7_encrypt.pod b/lib/libcrypto/doc/PKCS7_encrypt.pod
index e2066843846..8bc77407b9e 100644
--- a/lib/libcrypto/doc/PKCS7_encrypt.pod
+++ b/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -22,13 +22,6 @@ Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
certificates supplied to this function must all contain RSA public keys, though
they do not have to be signed using the RSA algorithm.
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
-because most clients will support it.
-
-Some old "export grade" clients may only support weak encryption using 40 or 64
-bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
-respectively.
-
The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
its parameters.