Attempt to (incompletely) document EVP_aes_*().

When EVP_des_cbc() was suggested, suggest EVP_aes_256_cbc() instead.

Remove mention of EVP_des_ede3_cbc() being the algorithm of choice for S/MIME.

Don't mention US-export limited RC2 algorithms, you'd better not know about
them.

7 files changed, 30 insertions, 23 deletions

diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index d42445cf10..a876ac789c 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -101,7 +101,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
 EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
 with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
 before calling this function. B<type> is normally supplied
-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the
 default implementation is used. B<key> is the symmetric key to use
 and B<iv> is the IV to use (if necessary), the actual number of bytes
 used for the key and IV depends on the cipher. It is possible to set
@@ -279,10 +279,22 @@ All algorithms have a fixed key length unless otherwise stated.
 
 =over 4
 
-=item EVP_enc_null()
+=item EVP_enc_null(void)
 
 Null cipher: does nothing.
 
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void)
+
+128-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void)
+
+192-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void)
+
+256-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
 =item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
 
 DES in CBC, ECB, CFB and OFB modes respectively.
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
index ff73a04fd9..76eebb72a9 100644
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -25,7 +25,7 @@ encrypted using this key.
 
 EVP_SealInit() initializes a cipher context B<ctx> for encryption
 with cipher B<type> using a random secret key and IV. B<type> is normally
-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted
 using one or more public keys, this allows the same encrypted data to be
 decrypted using any of the corresponding private keys. B<ek> is an array of
 buffers where the public key encrypted secret key will be written, each buffer
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
index e206684384..8bc77407b9 100644
--- a/src/lib/libcrypto/doc/PKCS7_encrypt.pod
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -22,13 +22,6 @@ Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
 certificates supplied to this function must all contain RSA public keys, though
 they do not have to be signed using the RSA algorithm.
 
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
-because most clients will support it.
-
-Some old "export grade" clients may only support weak encryption using 40 or 64
-bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
-respectively.
-
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
 its parameters.
 
diff --git a/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod b/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod
index 4f26e24bf6..f697e87e2b 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod
@@ -22,9 +22,6 @@ Only certificates carrying RSA keys are supported so the recipient certificates
 supplied to this function must all contain RSA public keys, though they do not
 have to be signed using the RSA algorithm.
 
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
-because most clients will support it.
-
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
 its parameters.
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index d42445cf10..a876ac789c 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -101,7 +101,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
 EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
 with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
 before calling this function. B<type> is normally supplied
-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the
 default implementation is used. B<key> is the symmetric key to use
 and B<iv> is the IV to use (if necessary), the actual number of bytes
 used for the key and IV depends on the cipher. It is possible to set
@@ -279,10 +279,22 @@ All algorithms have a fixed key length unless otherwise stated.
 
 =over 4
 
-=item EVP_enc_null()
+=item EVP_enc_null(void)
 
 Null cipher: does nothing.
 
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void)
+
+128-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void)
+
+192-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void)
+
+256-bit AES in CBC, ECB, CFB and OFB modes respectively.
+
 =item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
 
 DES in CBC, ECB, CFB and OFB modes respectively.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index ff73a04fd9..76eebb72a9 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -25,7 +25,7 @@ encrypted using this key.
 
 EVP_SealInit() initializes a cipher context B<ctx> for encryption
 with cipher B<type> using a random secret key and IV. B<type> is normally
-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted
 using one or more public keys, this allows the same encrypted data to be
 decrypted using any of the corresponding private keys. B<ek> is an array of
 buffers where the public key encrypted secret key will be written, each buffer
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
index e206684384..8bc77407b9 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
@@ -22,13 +22,6 @@ Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
 certificates supplied to this function must all contain RSA public keys, though
 they do not have to be signed using the RSA algorithm.
 
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
-because most clients will support it.
-
-Some old "export grade" clients may only support weak encryption using 40 or 64
-bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
-respectively.
-
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
 its parameters.