Mention the key lengths of some encryption algorithms.

This is relevant because EVP_EncryptInit(3) takes a "key" argument,
and users need to consider the size of that argument.

While here, also mention whether ciphers are stream ciphers
or block ciphers and what the block size is.

1 files changed, 11 insertions, 2 deletions

diff --git a/lib/libcrypto/man/EVP_des_cbc.3 b/lib/libcrypto/man/EVP_des_cbc.3
index 759e03fac0b..7c8a08c7dbe 100644
--- a/lib/libcrypto/man/EVP_des_cbc.3
+++ b/lib/libcrypto/man/EVP_des_cbc.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_des_cbc.3,v 1.1 2019/03/21 12:54:37 schwarze Exp $
+.\" $OpenBSD: EVP_des_cbc.3,v 1.2 2024/11/09 22:03:49 schwarze Exp $
 .\" full merge up to:
 .\"   OpenSSL EVP_desx_cbc.pod 8fa4d95e Oct 21 11:59:09 2017 +0900
 .\" selective merge up to:
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 21 2019 $
+.Dd $Mdocdate: November 9 2024 $
 .Dt EVP_DES_CBC 3
 .Os
 .Sh NAME
@@ -128,6 +128,15 @@
 These functions provide the DES encryption algorithm in the
 .Xr evp 3
 framework.
+DES is a block cipher operating on 64 bit blocks.
+The key length to be used for
+.Xr EVP_EncryptInit 3
+is 64 bits.
+However, only 56 of these bits are used in the encryption algorithm.
+The least significant bit in each of the eight bytes is only used
+for checking parity.
+Using this algorithm is discouraged because the short key length
+makes it vulnerable to brute force attacks.
 .Pp
 .Fn EVP_des_cbc ,
 .Fn EVP_des_cfb1 ,