Huge documentation update for libcrypto and libssl, mostly from Matt Caswell,

Jeff Trawick, Jean-Paul Calderone, Michal Bozon, Jeffrey Walton and Rich Salz, via OpenSSL trunk (with some parts not applying to us, such as SSLv2 support, at least partially removed).
author: miod <> 2014-07-11 16:18:14 +0000
committer: miod <> 2014-07-11 16:18:14 +0000
commit: 42ef36c6813822962aff009ee1ca5eaf04d6c5c7 (patch)
tree: d06ffa1565a72fd493dbed6024d44e5daa26be91 /src/lib/libcrypto/doc/evp.pod
parent: 687488572f223f89cf98909e87b4d1a3fbb14bfd (diff)
download: openbsd-42ef36c6813822962aff009ee1ca5eaf04d6c5c7.tar.gz
openbsd-42ef36c6813822962aff009ee1ca5eaf04d6c5c7.tar.bz2
openbsd-42ef36c6813822962aff009ee1ca5eaf04d6c5c7.zip
1 files changed, 57 insertions, 9 deletions
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
index 33ce7cb6d6..57c761d01f 100644
--- a/src/lib/libcrypto/doc/evp.pod
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -13,22 +13,58 @@ evp - high-level cryptographic functions
 The EVP library provides a high-level interface to cryptographic
 functions.
-B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)>
-and decryption to implement digital "envelopes".
+provide public key encryption and decryption to implement digital "envelopes".
-The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and
-digital signatures.
+L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement
+digital signatures and Message Authentication Codes (MACs). Also see the older
+L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)>
+functions.
-Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)>
-functions.  The B<EVP_Digest>I<...> functions provide message digests.
+functions.  The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests.
 The B<EVP_PKEY>I<...> functions provide a high level interface to
-asymmetric algorithms.
+asymmetric algorithms. To create a new EVP_PKEY see
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>. EVP_PKEYs can be associated
+with a private key of a particular algorithm by using the functions
+described on the L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> page, or
+new keys can be generated using L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>.
+EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)|EVP_PKEY_cmp(3)>, or printed using
+L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>.
+The EVP_PKEY functions support the full range of asymmetric algorithm operations:
+=over
+=item For key agreement see L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
+=item For signing and verifying see L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>.
+However, note that
+these functions do not perform a digest of the data to be signed. Therefore
+normally you would use the L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)>
+functions for this purpose.
+=item For encryption and decryption see L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>
+and L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)> respectively. However, note that
+these functions perform encryption and decryption only. As public key
+encryption is an expensive operation, normally you would wrap
+an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and
+L<B<EVP_Open>I<...>|EVP_OpenInit(3)> functions.
+=back
+The L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> function provides some limited support for password
+based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible
+implementation. However, new applications should not typically use this (preferring, for example,
+PBKDF2 from PCKS#5).
-Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>.
 All the symmetric algorithms (ciphers), digests and asymmetric algorithms
-(public key algorithms) can be replaced by ENGINE modules providing alternative
+(public key algorithms) can be replaced by L<ENGINE|engine(3)> modules providing alternative
 implementations. If ENGINE implementations of ciphers or digests are registered
 as defaults, then the various EVP functions will automatically use those
 implementations automatically in preference to built in software
@@ -47,8 +83,20 @@ L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>,
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>,
+L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>,
+L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>,
 L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
 L<engine(3)|engine(3)>
author	miod <>	2014-07-11 16:18:14 +0000
committer	miod <>	2014-07-11 16:18:14 +0000
commit	42ef36c6813822962aff009ee1ca5eaf04d6c5c7 (patch)
tree	d06ffa1565a72fd493dbed6024d44e5daa26be91 /src/lib/libcrypto/doc/evp.pod
parent	687488572f223f89cf98909e87b4d1a3fbb14bfd (diff)
download	openbsd-42ef36c6813822962aff009ee1ca5eaf04d6c5c7.tar.gz openbsd-42ef36c6813822962aff009ee1ca5eaf04d6c5c7.tar.bz2 openbsd-42ef36c6813822962aff009ee1ca5eaf04d6c5c7.zip

diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod index 33ce7cb6d6..57c761d01f 100644 --- a/src/lib/libcrypto/doc/evp.pod +++ b/src/lib/libcrypto/doc/evp.pod
@@ -13,22 +13,58 @@ evp - high-level cryptographic functions
13	The EVP library provides a high-level interface to cryptographic	13	The EVP library provides a high-level interface to cryptographic
14	functions.	14	functions.
15		15
16	B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption	16	L<B<EVP_Seal>I<...>\|EVP_SealInit(3)> and L<B<EVP_Open>I<...>\|EVP_OpenInit(3)>
17	and decryption to implement digital "envelopes".	17	provide public key encryption and decryption to implement digital "envelopes".
18		18
19	The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement	19	The L<B<EVP_DigestSign>I<...>\|EVP_DigestSignInit(3)> and
20	digital signatures.	20	L<B<EVP_DigestVerify>I<...>\|EVP_DigestVerifyInit(3)> functions implement
		21	digital signatures and Message Authentication Codes (MACs). Also see the older
		22	L<B<EVP_Sign>I<...>\|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>\|EVP_VerifyInit(3)>
		23	functions.
21		24
22	Symmetric encryption is available with the B<EVP_Encrypt>I<...>	25	Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>\|EVP_EncryptInit(3)>
23	functions. The B<EVP_Digest>I<...> functions provide message digests.	26	functions. The L<B<EVP_Digest>I<...>\|EVP_DigestInit(3)> functions provide message digests.
24		27
25	The B<EVP_PKEY>I<...> functions provide a high level interface to	28	The B<EVP_PKEY>I<...> functions provide a high level interface to
26	asymmetric algorithms.	29	asymmetric algorithms. To create a new EVP_PKEY see
		30	L<EVP_PKEY_new(3)\|EVP_PKEY_new(3)>. EVP_PKEYs can be associated
		31	with a private key of a particular algorithm by using the functions
		32	described on the L<EVP_PKEY_set1_RSA(3)\|EVP_PKEY_set1_RSA(3)> page, or
		33	new keys can be generated using L<EVP_PKEY_keygen(3)\|EVP_PKEY_keygen(3)>.
		34	EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)\|EVP_PKEY_cmp(3)>, or printed using
		35	L<EVP_PKEY_print_private(3)\|EVP_PKEY_print_private(3)>.
		36
		37	The EVP_PKEY functions support the full range of asymmetric algorithm operations:
		38
		39	=over
		40
		41	=item For key agreement see L<EVP_PKEY_derive(3)\|EVP_PKEY_derive(3)>
		42
		43	=item For signing and verifying see L<EVP_PKEY_sign(3)\|EVP_PKEY_sign(3)>,
		44	L<EVP_PKEY_verify(3)\|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)\|EVP_PKEY_verify_recover(3)>.
		45	However, note that
		46	these functions do not perform a digest of the data to be signed. Therefore
		47	normally you would use the L<B<EVP_DigestSign>I<...>\|EVP_DigestSignInit(3)>
		48	functions for this purpose.
		49
		50	=item For encryption and decryption see L<EVP_PKEY_encrypt(3)\|EVP_PKEY_encrypt(3)>
		51	and L<EVP_PKEY_decrypt(3)\|EVP_PKEY_decrypt(3)> respectively. However, note that
		52	these functions perform encryption and decryption only. As public key
		53	encryption is an expensive operation, normally you would wrap
		54	an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>\|EVP_SealInit(3)> and
		55	L<B<EVP_Open>I<...>\|EVP_OpenInit(3)> functions.
		56
		57	=back
		58
		59	The L<EVP_BytesToKey(3)\|EVP_BytesToKey(3)> function provides some limited support for password
		60	based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible
		61	implementation. However, new applications should not typically use this (preferring, for example,
		62	PBKDF2 from PCKS#5).
27		63
28	Algorithms are loaded with OpenSSL_add_all_algorithms(3).	64	Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)\|OpenSSL_add_all_algorithms(3)>.
29		65
30	All the symmetric algorithms (ciphers), digests and asymmetric algorithms	66	All the symmetric algorithms (ciphers), digests and asymmetric algorithms
31	(public key algorithms) can be replaced by ENGINE modules providing alternative	67	(public key algorithms) can be replaced by L<ENGINE\|engine(3)> modules providing alternative
32	implementations. If ENGINE implementations of ciphers or digests are registered	68	implementations. If ENGINE implementations of ciphers or digests are registered
33	as defaults, then the various EVP functions will automatically use those	69	as defaults, then the various EVP functions will automatically use those
34	implementations automatically in preference to built in software	70	implementations automatically in preference to built in software
@@ -47,8 +83,20 @@ L<EVP_DigestInit(3)\|EVP_DigestInit(3)>,
47	L<EVP_EncryptInit(3)\|EVP_EncryptInit(3)>,	83	L<EVP_EncryptInit(3)\|EVP_EncryptInit(3)>,
48	L<EVP_OpenInit(3)\|EVP_OpenInit(3)>,	84	L<EVP_OpenInit(3)\|EVP_OpenInit(3)>,
49	L<EVP_SealInit(3)\|EVP_SealInit(3)>,	85	L<EVP_SealInit(3)\|EVP_SealInit(3)>,
		86	L<EVP_DigestSignInit(3)\|EVP_DigestSignInit(3)>,
50	L<EVP_SignInit(3)\|EVP_SignInit(3)>,	87	L<EVP_SignInit(3)\|EVP_SignInit(3)>,
51	L<EVP_VerifyInit(3)\|EVP_VerifyInit(3)>,	88	L<EVP_VerifyInit(3)\|EVP_VerifyInit(3)>,
		89	L<EVP_PKEY_new(3)\|EVP_PKEY_new(3)>,
		90	L<EVP_PKEY_set1_RSA(3)\|EVP_PKEY_set1_RSA(3)>,
		91	L<EVP_PKEY_keygen(3)\|EVP_PKEY_keygen(3)>,
		92	L<EVP_PKEY_print_private(3)\|EVP_PKEY_print_private(3)>,
		93	L<EVP_PKEY_decrypt(3)\|EVP_PKEY_decrypt(3)>,
		94	L<EVP_PKEY_encrypt(3)\|EVP_PKEY_encrypt(3)>,
		95	L<EVP_PKEY_sign(3)\|EVP_PKEY_sign(3)>,
		96	L<EVP_PKEY_verify(3)\|EVP_PKEY_verify(3)>,
		97	L<EVP_PKEY_verify_recover(3)\|EVP_PKEY_verify_recover(3)>,
		98	L<EVP_PKEY_derive(3)\|EVP_PKEY_derive(3)>,
		99	L<EVP_BytesToKey(3)\|EVP_BytesToKey(3)>,
52	L<OpenSSL_add_all_algorithms(3)\|OpenSSL_add_all_algorithms(3)>,	100	L<OpenSSL_add_all_algorithms(3)\|OpenSSL_add_all_algorithms(3)>,
53	L<engine(3)\|engine(3)>	101	L<engine(3)\|engine(3)>
54		102