Mention the key lengths of some encryption algorithms.

This is relevant because EVP_EncryptInit(3) takes a "key" argument,
and users need to consider the size of that argument.

While here, also mention whether ciphers are stream ciphers
or block ciphers and what the block size is.

1 files changed, 27 insertions, 14 deletions

diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index a0adfbab09..32ed3349b9 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.52 2024/07/21 08:36:43 tb Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.53 2024/11/09 22:03:49 schwarze Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2024 $
+.Dd $Mdocdate: November 9 2024 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -553,7 +553,6 @@ returns an
 .Vt EVP_CIPHER
 structure.
 .Sh CIPHER LISTING
-All algorithms have a fixed key length unless otherwise stated.
 .Bl -tag -width Ds
 .It Fn EVP_enc_null
 Null cipher: does nothing.
@@ -564,6 +563,8 @@ Null cipher: does nothing.
 .Fn EVP_idea_ofb
 .Xc
 IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+IDEA is a block cipher operating on 64 bit blocks using a 128 bit
+.Fa key .
 .Fn EVP_idea_cfb
 is an alias for
 .Fn EVP_idea_cfb64 ,
@@ -575,7 +576,9 @@ implemented as a macro.
 .Fn EVP_rc2_ofb
 .Xc
 RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-This is a variable key length cipher with an additional parameter called
+RC2 is a block cipher operating on 64 bit blocks using a variable
+.Fa key
+length with an additional parameter called
 "effective key bits" or "effective key length".
 By default both are set to 128 bits.
 .Fn EVP_rc2_cfb
@@ -602,7 +605,10 @@ to set the key length and effective key length.
 .Xc
 Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes
 respectively.
-This is a variable key length cipher.
+Blowfish is a block cipher operating on 64 bit blocks using a variable
+.Fa key
+length.
+The default key length is 128 bits.
 .Fn EVP_bf_cfb
 is an alias for
 .Fn EVP_bf_cfb64 ,
@@ -613,21 +619,28 @@ implemented as a macro.
 .Fn EVP_cast5_cfb64 ,
 .Fn EVP_cast5_ofb
 .Xc
-CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-This is a variable key length cipher.
+CAST-128 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+CAST-128 is a block cipher operating on 64 bit blocks using a variable
+.Fa key
+length.
+The default and maximum key length is 128 bits.
 .Fn EVP_cast5_cfb
 is an alias for
 .Fn EVP_cast5_cfb64 ,
 implemented as a macro.
 .El
 .Pp
-See also
-.Xr EVP_aes_128_cbc 3 ,
-.Xr EVP_camellia_128_cbc 3 ,
-.Xr EVP_des_cbc 3 ,
-.Xr EVP_rc4 3 ,
-and
-.Xr EVP_sm4_cbc 3 .
+Some algorithms are documented in separate manual pages:
+.Pp
+.Bl -column "EVP_camellia_128_cbc(3)" "block size" -compact
+.It manual page               Ta block size Ta Fa key No size Pq in bits
+.It Xr EVP_aes_128_cbc 3      Ta 128        Ta 128, 192, 256
+.It Xr EVP_camellia_128_cbc 3 Ta 128        Ta 128, 192, 256
+.It Xr EVP_chacha20 3         Ta stream     Ta 256
+.It Xr EVP_des_cbc 3          Ta 64         Ta 64
+.It Xr EVP_rc4 3              Ta stream     Ta variable, default 128
+.It Xr EVP_sm4_cbc 3          Ta 128        Ta 128
+.El
 .Ss GCM mode
 For GCM mode ciphers, the behaviour of the EVP interface
 is subtly altered and several additional ctrl operations are