convert EVP manuals from pod to mdoc

author: schwarze <> 2016-11-03 09:35:34 +0000
committer: schwarze <> 2016-11-03 09:35:34 +0000
commit: ca3058f44f6c221a5580f274a8d643470f5ffa0a (patch)
tree: 58d82d0d7f6aeee380eaadbcfaa231ecbe6b90a0 /src/lib/libcrypto/man/EVP_SealInit.3
parent: 13e48df1ecc456d07bff6a1552bb8ff8286b8b17 (diff)
download: openbsd-ca3058f44f6c221a5580f274a8d643470f5ffa0a.tar.gz
openbsd-ca3058f44f6c221a5580f274a8d643470f5ffa0a.tar.bz2
openbsd-ca3058f44f6c221a5580f274a8d643470f5ffa0a.zip
1 files changed, 131 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_SealInit.3 b/src/lib/libcrypto/man/EVP_SealInit.3
new file mode 100644
index 0000000000..9511111486
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_SealInit.3
@@ -0,0 +1,131 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_SEALINIT 3
+.Os
+.Sh NAME
+.Nm EVP_SealInit ,
+.Nm EVP_SealUpdate ,
+.Nm EVP_SealFinal
+.Nd EVP envelope encryption
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_SealInit
+.Fa "EVP_CIPHER_CTX *ctx"
+.Fa "const EVP_CIPHER *type"
+.Fa "unsigned char **ek"
+.Fa "int *ekl"
+.Fa "unsigned char *iv"
+.Fa "EVP_PKEY **pubk"
+.Fa "int npubk"
+.Fc
+.Ft int
+.Fo EVP_SealUpdate
+.Fa "EVP_CIPHER_CTX *ctx"
+.Fa "unsigned char *out"
+.Fa "int *outl"
+.Fa "unsigned char *in"
+.Fa "int inl"
+.Fc
+.Ft int
+.Fo EVP_SealFinal
+.Fa "EVP_CIPHER_CTX *ctx"
+.Fa "unsigned char *out"
+.Fa "int *outl"
+.Fc
+.Sh DESCRIPTION
+The EVP envelope routines are a high level interface to envelope
+encryption.
+They generate a random key and IV (if required) then "envelope" it by
+using public key encryption.
+Data can then be encrypted using this key.
+.Pp
+.Fn EVP_SealInit
+initializes a cipher context
+.Fa ctx
+for encryption with cipher
+.Fa type
+using a random secret key and IV.
+.Fa type
+is normally supplied by a function such as
+.Fn EVP_aes_256_cbc 3 ;
+see
+.Xr EVP_EncryptInit 3
+for details.
+The secret key is encrypted using one or more public keys.
+This allows the same encrypted data to be decrypted using any of
+the corresponding private keys.
+.Fa ek
+is an array of buffers where the public key encrypted secret key will be
+written.
+Each buffer must contain enough room for the corresponding encrypted
+key: that is
+.Fa ek[i]
+must have room for
+.Fn EVP_PKEY_size pubk[i]
+bytes.
+The actual size of each encrypted secret key is written to the array
+.Fa ekl .
+.Fa pubk
+is an array of
+.Fa npubk
+public keys.
+.Pp
+The
+.Fa iv
+parameter is a buffer where the generated IV is written to.
+It must contain enough room for the corresponding cipher's IV, as
+determined by (for example)
+.Fn EVP_CIPHER_iv_length type .
+.Pp
+If the cipher does not require an IV then the
+.Fa iv
+parameter is ignored and can be
+.Dv NULL .
+.Pp
+.Fn EVP_SealUpdate
+and
+.Fn EVP_SealFinal
+have exactly the same properties as the
+.Xr EVP_EncryptUpdate 3
+and
+.Xr EVP_EncryptFinal 3
+routines.
+.Pp
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+.Pp
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data.
+This is because public key encryption is slow but symmetric encryption
+is fast.
+So symmetric encryption is used for bulk encryption and the small random
+symmetric key used is transferred using public key encryption.
+.Pp
+It is possible to call
+.Fn EVP_SealInit
+twice in the same way as
+.Xr EVP_EncryptInit 3 .
+The first call should have
+.Fa npubk
+set to 0 and (after setting any cipher parameters) it should be called
+again with
+.Fa type
+set to NULL.
+.Sh RETURN VALUES
+.Fn EVP_SealInit
+returns 0 on error or
+.Fa npubk
+if successful.
+.Pp
+.Fn EVP_SealUpdate
+and
+.Fn EVP_SealFinal
+return 1 for success and 0 for failure.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_EncryptInit 3 ,
+.Xr EVP_OpenInit 3 ,
+.Xr rand 3
+.Sh HISTORY
+.Fn EVP_SealFinal
+did not return a value before OpenSSL 0.9.7.
author	schwarze <>	2016-11-03 09:35:34 +0000
committer	schwarze <>	2016-11-03 09:35:34 +0000
commit	ca3058f44f6c221a5580f274a8d643470f5ffa0a (patch)
tree	58d82d0d7f6aeee380eaadbcfaa231ecbe6b90a0 /src/lib/libcrypto/man/EVP_SealInit.3
parent	13e48df1ecc456d07bff6a1552bb8ff8286b8b17 (diff)
download	openbsd-ca3058f44f6c221a5580f274a8d643470f5ffa0a.tar.gz openbsd-ca3058f44f6c221a5580f274a8d643470f5ffa0a.tar.bz2 openbsd-ca3058f44f6c221a5580f274a8d643470f5ffa0a.zip

diff --git a/src/lib/libcrypto/man/EVP_SealInit.3 b/src/lib/libcrypto/man/EVP_SealInit.3 new file mode 100644 index 0000000000..9511111486 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_SealInit.3
@@ -0,0 +1,131 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_SEALINIT 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_SealInit ,
	6	.Nm EVP_SealUpdate ,
	7	.Nm EVP_SealFinal
	8	.Nd EVP envelope encryption
	9	.Sh SYNOPSIS
	10	.In openssl/evp.h
	11	.Ft int
	12	.Fo EVP_SealInit
	13	.Fa "EVP_CIPHER_CTX *ctx"
	14	.Fa "const EVP_CIPHER *type"
	15	.Fa "unsigned char **ek"
	16	.Fa "int *ekl"
	17	.Fa "unsigned char *iv"
	18	.Fa "EVP_PKEY **pubk"
	19	.Fa "int npubk"
	20	.Fc
	21	.Ft int
	22	.Fo EVP_SealUpdate
	23	.Fa "EVP_CIPHER_CTX *ctx"
	24	.Fa "unsigned char *out"
	25	.Fa "int *outl"
	26	.Fa "unsigned char *in"
	27	.Fa "int inl"
	28	.Fc
	29	.Ft int
	30	.Fo EVP_SealFinal
	31	.Fa "EVP_CIPHER_CTX *ctx"
	32	.Fa "unsigned char *out"
	33	.Fa "int *outl"
	34	.Fc
	35	.Sh DESCRIPTION
	36	The EVP envelope routines are a high level interface to envelope
	37	encryption.
	38	They generate a random key and IV (if required) then "envelope" it by
	39	using public key encryption.
	40	Data can then be encrypted using this key.
	41	.Pp
	42	.Fn EVP_SealInit
	43	initializes a cipher context
	44	.Fa ctx
	45	for encryption with cipher
	46	.Fa type
	47	using a random secret key and IV.
	48	.Fa type
	49	is normally supplied by a function such as
	50	.Fn EVP_aes_256_cbc 3 ;
	51	see
	52	.Xr EVP_EncryptInit 3
	53	for details.
	54	The secret key is encrypted using one or more public keys.
	55	This allows the same encrypted data to be decrypted using any of
	56	the corresponding private keys.
	57	.Fa ek
	58	is an array of buffers where the public key encrypted secret key will be
	59	written.
	60	Each buffer must contain enough room for the corresponding encrypted
	61	key: that is
	62	.Fa ek[i]
	63	must have room for
	64	.Fn EVP_PKEY_size pubk[i]
	65	bytes.
	66	The actual size of each encrypted secret key is written to the array
	67	.Fa ekl .
	68	.Fa pubk
	69	is an array of
	70	.Fa npubk
	71	public keys.
	72	.Pp
	73	The
	74	.Fa iv
	75	parameter is a buffer where the generated IV is written to.
	76	It must contain enough room for the corresponding cipher's IV, as
	77	determined by (for example)
	78	.Fn EVP_CIPHER_iv_length type .
	79	.Pp
	80	If the cipher does not require an IV then the
	81	.Fa iv
	82	parameter is ignored and can be
	83	.Dv NULL .
	84	.Pp
	85	.Fn EVP_SealUpdate
	86	and
	87	.Fn EVP_SealFinal
	88	have exactly the same properties as the
	89	.Xr EVP_EncryptUpdate 3
	90	and
	91	.Xr EVP_EncryptFinal 3
	92	routines.
	93	.Pp
	94	The public key must be RSA because it is the only OpenSSL public key
	95	algorithm that supports key transport.
	96	.Pp
	97	Envelope encryption is the usual method of using public key encryption
	98	on large amounts of data.
	99	This is because public key encryption is slow but symmetric encryption
	100	is fast.
	101	So symmetric encryption is used for bulk encryption and the small random
	102	symmetric key used is transferred using public key encryption.
	103	.Pp
	104	It is possible to call
	105	.Fn EVP_SealInit
	106	twice in the same way as
	107	.Xr EVP_EncryptInit 3 .
	108	The first call should have
	109	.Fa npubk
	110	set to 0 and (after setting any cipher parameters) it should be called
	111	again with
	112	.Fa type
	113	set to NULL.
	114	.Sh RETURN VALUES
	115	.Fn EVP_SealInit
	116	returns 0 on error or
	117	.Fa npubk
	118	if successful.
	119	.Pp
	120	.Fn EVP_SealUpdate
	121	and
	122	.Fn EVP_SealFinal
	123	return 1 for success and 0 for failure.
	124	.Sh SEE ALSO
	125	.Xr evp 3 ,
	126	.Xr EVP_EncryptInit 3 ,
	127	.Xr EVP_OpenInit 3 ,
	128	.Xr rand 3
	129	.Sh HISTORY
	130	.Fn EVP_SealFinal
	131	did not return a value before OpenSSL 0.9.7.