10 files changed, 307 insertions, 16 deletions
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
index dca41d8dbc..a8f75bdd9d 100644
--- a/src/lib/libcrypto/doc/DH_set_method.pod
+++ b/src/lib/libcrypto/doc/DH_set_method.pod
@@ -56,7 +56,7 @@ the default method is used.
     /* compute shared secret */
        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
-     /* compute r = a ^ p mod m. May be NULL */
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                                const BIGNUM *m, BN_CTX *ctx,
                                BN_MONT_CTX *m_ctx);
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
index 0b13ec9237..edec46413d 100644
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -62,12 +62,13 @@ struct
        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
                                 DSA_SIG *sig, DSA *dsa);
-     /* compute rr = a1^p1 * a2^p2 mod m. May be NULL */
+     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
+                                          implementations) */
        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
-     /* compute r = a ^ p mod m. May be NULL */
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
                                 const BIGNUM *p, const BIGNUM *m,
                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod
new file mode 100644
index 0000000000..9707a4b399
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod
@@ -0,0 +1,51 @@
+=pod
+=head1 NAME
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
+ void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+=head1 DESCRIPTION
+The EVP envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+EVP_OpenInit() initialises a cipher context B<ctx> for decryption
+with cipher B<type>. It decrypts the encrypted symmetric key of length
+B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+The IV is supplied in the B<iv> parameter.
+EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page. 
+=head1 RETURN VALUES
+EVP_OpenInit() returns -1 on error or an non zero integer (actually the
+recovered secret key size) if successful.
+EVP_SealUpdate() does not return a value.
+EVP_SealFinal() returns 0 if the decrypt failed or 1 for success.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>
+=head1 HISTORY
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
new file mode 100644
index 0000000000..1579d110fa
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -0,0 +1,70 @@
+=pod
+=head1 NAME
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+ void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+=head1 DESCRIPTION
+The EVP envelope routines are a high level interface to envelope
+encryption. They generate a random key and then "envelope" it by
+using public key encryption. Data can then be encrypted using this
+key.
+EVP_SealInit() initialises a cipher context B<ctx> for encryption
+with cipher B<type> using a random secret key and IV supplied in
+the B<iv> parameter. B<type> is normally supplied by a function such
+as EVP_des_cbc(). The secret key is encrypted using one or more public
+keys, this allows the same encrypted data to be decrypted using any
+of the corresponding private keys. B<ek> is an array of buffers where
+the public key encrypted secret key will be written, each buffer must
+contain enough room for the corresponding encrypted key: that is
+B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+an array of B<npubk> public keys.
+EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page. 
+=head1 RETURN VALUES
+EVP_SealInit() returns -1 on error or B<npubk> if successful.
+EVP_SealUpdate() and EVP_SealFinal() do not return values.
+=head1 NOTES
+Because a random secret key is generated the random number generator
+must be seeded before calling EVP_SealInit().
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>
+=head1 HISTORY
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
new file mode 100644
index 0000000000..bbc9203c9c
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -0,0 +1,85 @@
+=pod
+=head1 NAME
+EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
+ int EVP_PKEY_size(EVP_PKEY *pkey);
+=head1 DESCRIPTION
+The EVP signature routines are a high level interface to digital
+signatures.
+EVP_SignInit() initialises a signing context B<ctx> to using digest
+B<type>: this will typically be supplied by a function such as
+EVP_sha1().
+EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This funtion can be called several times on the
+same B<ctx> to include additional data.
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
+and places the signature in B<sig>. If the B<s> parameter is not NULL
+then the number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written.  After calling EVP_SignFinal() no additional calls to
+EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase
+a new signature operation.
+EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
+signature returned by EVP_SignFinal() may be smaller.
+=head1 RETURN VALUES
+EVP_SignInit() and EVP_SignUpdate() do not return values.
+EVP_SignFinal() returns 1 for success and 0 for failure.
+EVP_PKEY_size() returns the maximum size of a signature in bytes.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+When signing with DSA private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for RSA signatures.
+=head1 BUGS
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+might.
+=head1 SEE ALSO
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+=head1 HISTORY
+EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
+available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
new file mode 100644
index 0000000000..3b5e07f4ad
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -0,0 +1,71 @@
+=pod
+=head1 NAME
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+=head1 DESCRIPTION
+The EVP signature verification routines are a high level interface to digital
+signatures.
+EVP_VerifyInit() initialises a verification context B<ctx> to using digest
+B<type>: this will typically be supplied by a function such as EVP_sha1().
+EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This funtion can be called several times on the
+same B<ctx> to include additional data.
+EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
+and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
+no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
+can be called to initialiase a new verification operation.
+=head1 RETURN VALUES
+EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.
+EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
+other error occurred.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+=head1 BUGS
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+might.
+=head1 SEE ALSO
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+=head1 HISTORY
+EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
+available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod
index 0a13ec2a92..67c66f3e0c 100644
--- a/src/lib/libcrypto/doc/RAND_add.pod
+++ b/src/lib/libcrypto/doc/RAND_add.pod
@@ -2,7 +2,8 @@
 =head1 NAME
-RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
 =head1 SYNOPSIS
@@ -14,6 +15,7 @@ RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG
 int  RAND_status(void);
+ int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
 void RAND_screen(void);
 =head1 DESCRIPTION
@@ -40,17 +42,24 @@ or L<RAND_load_file(3)|RAND_load_file(3)>.
 RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+RAND_event() collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the PRNG. The program can then
+process the messages as usual.
 The RAND_screen() function is available for the convenience of Windows
 programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG with
+For applications that can catch Windows events, seeding the PRNG by
-the parameters of B<WM_MOUSEMOVE> events is a significantly better
+calling RAND_event() is a significantly better source of
-source of randomness. It should be noted that both methods cannot be
+randomness. It should be noted that both methods cannot be used on
-used on servers that run without user interaction.
+servers that run without user interaction.
 =head1 RETURN VALUES
-RAND_status() returns 1 if the PRNG has been seeded with enough data,
+RAND_status() and RAND_event() return 1 if the PRNG has been seeded
-0 otherwise.
+with enough data, 0 otherwise.
 The other functions do not return values.
@@ -63,6 +72,6 @@ L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
 RAND_seed() and RAND_screen() are available in all versions of SSLeay
 and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
-0.9.5.
+0.9.5, RAND_event() in OpenSSL 0.9.5a.
 =cut
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
index 466e9b8767..464eba416d 100644
--- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -34,10 +34,12 @@ RAND_get_rand_method() returns a pointer to the current method.
        void (*cleanup)(void);
        void (*add)(const void *buf, int num, int entropy);
        int (*pseudorand)(unsigned char *buf, int num);
+        int (*status)(void);
 } RAND_METHOD;
 The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add() and RAND_pseudo_rand().
+RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
+and RAND_status().
 Each component may be NULL if the function is not implemented.
 =head1 RETURN VALUES
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
index deb1183a23..14b0b4cf35 100644
--- a/src/lib/libcrypto/doc/RSA_set_method.pod
+++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -87,10 +87,11 @@ the default method is used.
        int (*rsa_priv_dec)(int flen, unsigned char *from,
          unsigned char *to, RSA *rsa, int padding);
-     /* compute r0 = r0 ^ I mod rsa->n. May be NULL */
+     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
+                                        implementations) */
        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-     /* compute r = a ^ p mod m. May be NULL */
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
index 0486c044a6..eb8ba612c4 100644
--- a/src/lib/libcrypto/doc/rsa.pod
+++ b/src/lib/libcrypto/doc/rsa.pod
@@ -86,8 +86,9 @@ contain public as well as private RSA keys:
 In public keys, the private exponent and the related secret values are
 B<NULL>.
-B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private keys, but the
+B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
-RSA operations are much faster when these values are available.
+keys, but the RSA operations are much faster when these values are
+available.
 =head1 CONFORMING TO

diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod index dca41d8dbc..a8f75bdd9d 100644 --- a/src/lib/libcrypto/doc/DH_set_method.pod +++ b/src/lib/libcrypto/doc/DH_set_method.pod
@@ -56,7 +56,7 @@ the default method is used.
56	/* compute shared secret */	56	/* compute shared secret */
57	int (compute_key)(unsigned char key, BIGNUM pub_key, DH dh);	57	int (compute_key)(unsigned char key, BIGNUM pub_key, DH dh);
58		58
59	/* compute r = a ^ p mod m. May be NULL */	59	/* compute r = a ^ p mod m (May be NULL for some implementations) */
60	int (bn_mod_exp)(DH dh, BIGNUM r, BIGNUM a, const BIGNUM *p,	60	int (bn_mod_exp)(DH dh, BIGNUM r, BIGNUM a, const BIGNUM *p,
61	const BIGNUM m, BN_CTX ctx,	61	const BIGNUM m, BN_CTX ctx,
62	BN_MONT_CTX *m_ctx);	62	BN_MONT_CTX *m_ctx);


diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod index 0b13ec9237..edec46413d 100644 --- a/src/lib/libcrypto/doc/DSA_set_method.pod +++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -62,12 +62,13 @@ struct
62	int (dsa_do_verify)(const unsigned char dgst, int dgst_len,	62	int (dsa_do_verify)(const unsigned char dgst, int dgst_len,
63	DSA_SIG sig, DSA dsa);	63	DSA_SIG sig, DSA dsa);
64		64
65	/* compute rr = a1^p1 * a2^p2 mod m. May be NULL */	65	/* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
		66	implementations) */
66	int (dsa_mod_exp)(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM *p1,	67	int (dsa_mod_exp)(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM *p1,
67	BIGNUM a2, BIGNUM p2, BIGNUM *m,	68	BIGNUM a2, BIGNUM p2, BIGNUM *m,
68	BN_CTX ctx, BN_MONT_CTX in_mont);	69	BN_CTX ctx, BN_MONT_CTX in_mont);
69		70
70	/* compute r = a ^ p mod m. May be NULL */	71	/* compute r = a ^ p mod m (May be NULL for some implementations) */
71	int (bn_mod_exp)(DSA dsa, BIGNUM r, BIGNUM a,	72	int (bn_mod_exp)(DSA dsa, BIGNUM r, BIGNUM a,
72	const BIGNUM p, const BIGNUM m,	73	const BIGNUM p, const BIGNUM m,
73	BN_CTX ctx, BN_MONT_CTX m_ctx);	74	BN_CTX ctx, BN_MONT_CTX m_ctx);


diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod new file mode 100644 index 0000000000..9707a4b399 --- /dev/null +++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod
@@ -0,0 +1,51 @@
		1	=pod
		2
		3	=head1 NAME
		4
		5	EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
		6
		7	=head1 SYNOPSIS
		8
		9	#include <openssl/evp.h>
		10
		11	int EVP_OpenInit(EVP_CIPHER_CTX ctx,EVP_CIPHER type,unsigned char *ek,
		12	int ekl,unsigned char iv,EVP_PKEY priv);
		13	void EVP_OpenUpdate(EVP_CIPHER_CTX ctx, unsigned char out,
		14	int outl, unsigned char in, int inl);
		15	void EVP_OpenFinal(EVP_CIPHER_CTX ctx, unsigned char out,
		16	int *outl);
		17
		18	=head1 DESCRIPTION
		19
		20	The EVP envelope routines are a high level interface to envelope
		21	decryption. They decrypt a public key encrypted symmetric key and
		22	then decrypt data using it.
		23
		24	EVP_OpenInit() initialises a cipher context B<ctx> for decryption
		25	with cipher B<type>. It decrypts the encrypted symmetric key of length
		26	B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
		27	The IV is supplied in the B<iv> parameter.
		28
		29	EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
		30	as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
		31	documented on the L<EVP_EncryptInit(3)\|EVP_EncryptInit(3)> manual
		32	page.
		33
		34	=head1 RETURN VALUES
		35
		36	EVP_OpenInit() returns -1 on error or an non zero integer (actually the
		37	recovered secret key size) if successful.
		38
		39	EVP_SealUpdate() does not return a value.
		40
		41	EVP_SealFinal() returns 0 if the decrypt failed or 1 for success.
		42
		43	=head1 SEE ALSO
		44
		45	L<evp(3)\|evp(3)>,L<rand(3)\|rand(3)>
		46	L<EVP_EncryptInit(3)\|EVP_EncryptInit(3)>,
		47	L<EVP_SealInit(3)\|EVP_SealInit(3)>
		48
		49	=head1 HISTORY
		50
		51	=cut


diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod new file mode 100644 index 0000000000..1579d110fa --- /dev/null +++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -0,0 +1,70 @@
		1	=pod
		2
		3	=head1 NAME
		4
		5	EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
		6
		7	=head1 SYNOPSIS
		8
		9	#include <openssl/evp.h>
		10
		11	int EVP_SealInit(EVP_CIPHER_CTX ctx, EVP_CIPHER type, unsigned char **ek,
		12	int ekl, unsigned char iv,EVP_PKEY **pubk, int npubk);
		13	void EVP_SealUpdate(EVP_CIPHER_CTX ctx, unsigned char out,
		14	int outl, unsigned char in, int inl);
		15	void EVP_SealFinal(EVP_CIPHER_CTX ctx, unsigned char out,
		16	int *outl);
		17
		18	=head1 DESCRIPTION
		19
		20	The EVP envelope routines are a high level interface to envelope
		21	encryption. They generate a random key and then "envelope" it by
		22	using public key encryption. Data can then be encrypted using this
		23	key.
		24
		25	EVP_SealInit() initialises a cipher context B<ctx> for encryption
		26	with cipher B<type> using a random secret key and IV supplied in
		27	the B<iv> parameter. B<type> is normally supplied by a function such
		28	as EVP_des_cbc(). The secret key is encrypted using one or more public
		29	keys, this allows the same encrypted data to be decrypted using any
		30	of the corresponding private keys. B<ek> is an array of buffers where
		31	the public key encrypted secret key will be written, each buffer must
		32	contain enough room for the corresponding encrypted key: that is
		33	B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
		34	size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
		35	an array of B<npubk> public keys.
		36
		37	EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
		38	as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
		39	documented on the L<EVP_EncryptInit(3)\|EVP_EncryptInit(3)> manual
		40	page.
		41
		42	=head1 RETURN VALUES
		43
		44	EVP_SealInit() returns -1 on error or B<npubk> if successful.
		45
		46	EVP_SealUpdate() and EVP_SealFinal() do not return values.
		47
		48	=head1 NOTES
		49
		50	Because a random secret key is generated the random number generator
		51	must be seeded before calling EVP_SealInit().
		52
		53	The public key must be RSA because it is the only OpenSSL public key
		54	algorithm that supports key transport.
		55
		56	Envelope encryption is the usual method of using public key encryption
		57	on large amounts of data, this is because public key encryption is slow
		58	but symmetric encryption is fast. So symmetric encryption is used for
		59	bulk encryption and the small random symmetric key used is transferred
		60	using public key encryption.
		61
		62	=head1 SEE ALSO
		63
		64	L<evp(3)\|evp(3)>,L<rand(3)\|rand(3)>
		65	L<EVP_EncryptInit(3)\|EVP_EncryptInit(3)>,
		66	L<EVP_OpenInit(3)\|EVP_OpenInit(3)>
		67
		68	=head1 HISTORY
		69
		70	=cut


diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod new file mode 100644 index 0000000000..bbc9203c9c --- /dev/null +++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -0,0 +1,85 @@
		1	=pod
		2
		3	=head1 NAME
		4
		5	EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
		6
		7	=head1 SYNOPSIS
		8
		9	#include <openssl/evp.h>
		10
		11	void EVP_SignInit(EVP_MD_CTX ctx, const EVP_MD type);
		12	void EVP_SignUpdate(EVP_MD_CTX ctx, const void d, unsigned int cnt);
		13	int EVP_SignFinal(EVP_MD_CTX ctx,unsigned char sig,unsigned int s, EVP_PKEY pkey);
		14
		15	int EVP_PKEY_size(EVP_PKEY *pkey);
		16
		17	=head1 DESCRIPTION
		18
		19	The EVP signature routines are a high level interface to digital
		20	signatures.
		21
		22	EVP_SignInit() initialises a signing context B<ctx> to using digest
		23	B<type>: this will typically be supplied by a function such as
		24	EVP_sha1().
		25
		26	EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
		27	signature context B<ctx>. This funtion can be called several times on the
		28	same B<ctx> to include additional data.
		29
		30	EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
		31	and places the signature in B<sig>. If the B<s> parameter is not NULL
		32	then the number of bytes of data written (i.e. the length of the signature)
		33	will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
		34	will be written. After calling EVP_SignFinal() no additional calls to
		35	EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase
		36	a new signature operation.
		37
		38	EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
		39	signature returned by EVP_SignFinal() may be smaller.
		40
		41	=head1 RETURN VALUES
		42
		43	EVP_SignInit() and EVP_SignUpdate() do not return values.
		44
		45	EVP_SignFinal() returns 1 for success and 0 for failure.
		46
		47	EVP_PKEY_size() returns the maximum size of a signature in bytes.
		48
		49	The error codes can be obtained by L<ERR_get_error(3)\|ERR_get_error(3)>.
		50
		51	=head1 NOTES
		52
		53	The B<EVP> interface to digital signatures should almost always be used in
		54	preference to the low level interfaces. This is because the code then becomes
		55	transparent to the algorithm used and much more flexible.
		56
		57	Due to the link between message digests and public key algorithms the correct
		58	digest algorithm must be used with the correct public key type. A list of
		59	algorithms and associated public key algorithms appears in
		60	L<EVP_DigestInit(3)\|EVP_DigestInit(3)>.
		61
		62	When signing with DSA private keys the random number generator must be seeded
		63	or the operation will fail. The random number generator does not need to be
		64	seeded for RSA signatures.
		65
		66	=head1 BUGS
		67
		68	Several of the functions do not return values: maybe they should. Although the
		69	internal digest operations will never fail some future hardware based operations
		70	might.
		71
		72	=head1 SEE ALSO
		73
		74	L<EVP_VerifyInit(3)\|EVP_VerifyInit(3)>,
		75	L<EVP_DigestInit(3)\|EVP_DigestInit(3)>, L<err(3)\|err(3)>,
		76	L<evp(3)\|evp(3)>, L<hmac(3)\|hmac(3)>, L<md2(3)\|md2(3)>,
		77	L<md5(3)\|md5(3)>, L<mdc2(3)\|mdc2(3)>, L<ripemd(3)\|ripemd(3)>,
		78	L<sha(3)\|sha(3)>, L<digest(1)\|digest(1)>
		79
		80	=head1 HISTORY
		81
		82	EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
		83	available in all versions of SSLeay and OpenSSL.
		84
		85	=cut


diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod new file mode 100644 index 0000000000..3b5e07f4ad --- /dev/null +++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -0,0 +1,71 @@
		1	=pod
		2
		3	=head1 NAME
		4
		5	EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
		6
		7	=head1 SYNOPSIS
		8
		9	#include <openssl/evp.h>
		10
		11	void EVP_VerifyInit(EVP_MD_CTX ctx, const EVP_MD type);
		12	void EVP_VerifyUpdate(EVP_MD_CTX ctx, const void d, unsigned int cnt);
		13	int EVP_VerifyFinal(EVP_MD_CTX ctx,unsigned char sigbuf, unsigned int siglen,EVP_PKEY *pkey);
		14
		15	=head1 DESCRIPTION
		16
		17	The EVP signature verification routines are a high level interface to digital
		18	signatures.
		19
		20	EVP_VerifyInit() initialises a verification context B<ctx> to using digest
		21	B<type>: this will typically be supplied by a function such as EVP_sha1().
		22
		23	EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
		24	verification context B<ctx>. This funtion can be called several times on the
		25	same B<ctx> to include additional data.
		26
		27	EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
		28	and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
		29	no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
		30	can be called to initialiase a new verification operation.
		31
		32	=head1 RETURN VALUES
		33
		34	EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.
		35
		36	EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
		37	other error occurred.
		38
		39	The error codes can be obtained by L<ERR_get_error(3)\|ERR_get_error(3)>.
		40
		41	=head1 NOTES
		42
		43	The B<EVP> interface to digital signatures should almost always be used in
		44	preference to the low level interfaces. This is because the code then becomes
		45	transparent to the algorithm used and much more flexible.
		46
		47	Due to the link between message digests and public key algorithms the correct
		48	digest algorithm must be used with the correct public key type. A list of
		49	algorithms and associated public key algorithms appears in
		50	L<EVP_DigestInit(3)\|EVP_DigestInit(3)>.
		51
		52	=head1 BUGS
		53
		54	Several of the functions do not return values: maybe they should. Although the
		55	internal digest operations will never fail some future hardware based operations
		56	might.
		57
		58	=head1 SEE ALSO
		59
		60	L<EVP_SignInit(3)\|EVP_SignInit(3)>,
		61	L<EVP_DigestInit(3)\|EVP_DigestInit(3)>, L<err(3)\|err(3)>,
		62	L<evp(3)\|evp(3)>, L<hmac(3)\|hmac(3)>, L<md2(3)\|md2(3)>,
		63	L<md5(3)\|md5(3)>, L<mdc2(3)\|mdc2(3)>, L<ripemd(3)\|ripemd(3)>,
		64	L<sha(3)\|sha(3)>, L<digest(1)\|digest(1)>
		65
		66	=head1 HISTORY
		67
		68	EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
		69	available in all versions of SSLeay and OpenSSL.
		70
		71	=cut


diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod index 0a13ec2a92..67c66f3e0c 100644 --- a/src/lib/libcrypto/doc/RAND_add.pod +++ b/src/lib/libcrypto/doc/RAND_add.pod
@@ -2,7 +2,8 @@
2		2
3	=head1 NAME	3	=head1 NAME
4		4
5	RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG	5	RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
		6	entropy to the PRNG
6		7
7	=head1 SYNOPSIS	8	=head1 SYNOPSIS
8		9
@@ -14,6 +15,7 @@ RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG
14		15
15	int RAND_status(void);	16	int RAND_status(void);
16		17
		18	int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
17	void RAND_screen(void);	19	void RAND_screen(void);
18		20
19	=head1 DESCRIPTION	21	=head1 DESCRIPTION
@@ -40,17 +42,24 @@ or L<RAND_load_file(3)\|RAND_load_file(3)>.
40		42
41	RAND_seed() is equivalent to RAND_add() when B<num == entropy>.	43	RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
42		44
		45	RAND_event() collects the entropy from Windows events such as mouse
		46	movements and other user interaction. It should be called with the
		47	B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
		48	the window procedure. It will estimate the entropy contained in the
		49	event message (if any), and add it to the PRNG. The program can then
		50	process the messages as usual.
		51
43	The RAND_screen() function is available for the convenience of Windows	52	The RAND_screen() function is available for the convenience of Windows
44	programmers. It adds the current contents of the screen to the PRNG.	53	programmers. It adds the current contents of the screen to the PRNG.
45	For applications that can catch Windows events, seeding the PRNG with	54	For applications that can catch Windows events, seeding the PRNG by
46	the parameters of B<WM_MOUSEMOVE> events is a significantly better	55	calling RAND_event() is a significantly better source of
47	source of randomness. It should be noted that both methods cannot be	56	randomness. It should be noted that both methods cannot be used on
48	used on servers that run without user interaction.	57	servers that run without user interaction.
49		58
50	=head1 RETURN VALUES	59	=head1 RETURN VALUES
51		60
52	RAND_status() returns 1 if the PRNG has been seeded with enough data,	61	RAND_status() and RAND_event() return 1 if the PRNG has been seeded
53	0 otherwise.	62	with enough data, 0 otherwise.
54		63
55	The other functions do not return values.	64	The other functions do not return values.
56		65
@@ -63,6 +72,6 @@ L<RAND_load_file(3)\|RAND_load_file(3)>, L<RAND_cleanup(3)\|RAND_cleanup(3)>
63		72
64	RAND_seed() and RAND_screen() are available in all versions of SSLeay	73	RAND_seed() and RAND_screen() are available in all versions of SSLeay
65	and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL	74	and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
66	0.9.5.	75	0.9.5, RAND_event() in OpenSSL 0.9.5a.
67		76
68	=cut	77	=cut


diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod index 466e9b8767..464eba416d 100644 --- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod +++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -34,10 +34,12 @@ RAND_get_rand_method() returns a pointer to the current method.
34	void (*cleanup)(void);	34	void (*cleanup)(void);
35	void (add)(const void buf, int num, int entropy);	35	void (add)(const void buf, int num, int entropy);
36	int (pseudorand)(unsigned char buf, int num);	36	int (pseudorand)(unsigned char buf, int num);
		37	int (*status)(void);
37	} RAND_METHOD;	38	} RAND_METHOD;
38		39
39	The components point to the implementation of RAND_seed(),	40	The components point to the implementation of RAND_seed(),
40	RAND_bytes(), RAND_cleanup(), RAND_add() and RAND_pseudo_rand().	41	RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
		42	and RAND_status().
41	Each component may be NULL if the function is not implemented.	43	Each component may be NULL if the function is not implemented.
42		44
43	=head1 RETURN VALUES	45	=head1 RETURN VALUES


diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod index deb1183a23..14b0b4cf35 100644 --- a/src/lib/libcrypto/doc/RSA_set_method.pod +++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -87,10 +87,11 @@ the default method is used.
87	int (rsa_priv_dec)(int flen, unsigned char from,	87	int (rsa_priv_dec)(int flen, unsigned char from,
88	unsigned char to, RSA rsa, int padding);	88	unsigned char to, RSA rsa, int padding);
89		89
90	/* compute r0 = r0 ^ I mod rsa->n. May be NULL */	90	/* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
		91	implementations) */
91	int (rsa_mod_exp)(BIGNUM r0, BIGNUM I, RSA rsa);	92	int (rsa_mod_exp)(BIGNUM r0, BIGNUM I, RSA rsa);
92		93
93	/* compute r = a ^ p mod m. May be NULL */	94	/* compute r = a ^ p mod m (May be NULL for some implementations) */
94	int (bn_mod_exp)(BIGNUM r, BIGNUM a, const BIGNUM p,	95	int (bn_mod_exp)(BIGNUM r, BIGNUM a, const BIGNUM p,
95	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx);	96	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx);
96		97


diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod index 0486c044a6..eb8ba612c4 100644 --- a/src/lib/libcrypto/doc/rsa.pod +++ b/src/lib/libcrypto/doc/rsa.pod
@@ -86,8 +86,9 @@ contain public as well as private RSA keys:
86	In public keys, the private exponent and the related secret values are	86	In public keys, the private exponent and the related secret values are
87	B<NULL>.	87	B<NULL>.
88		88
89	B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private keys, but the	89	B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
90	RSA operations are much faster when these values are available.	90	keys, but the RSA operations are much faster when these values are
		91	available.
91		92
92	=head1 CONFORMING TO	93	=head1 CONFORMING TO
93		94