1 files changed, 106 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
new file mode 100644
index 0000000000..333e45250e
--- /dev/null
+++ b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
@@ -0,0 +1,106 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt PKCS5_PBKDF2_HMAC 3
+.Os
+.Sh NAME
+.Nm PKCS5_PBKDF2_HMAC ,
+.Nm PKCS5_PBKDF2_HMAC_SHA1
+.Nd password based derivation routines with salt and iteration count
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo PKCS5_PBKDF2_HMAC
+.Fa "const char *pass"
+.Fa "int passlen"
+.Fa "const unsigned char *salt"
+.Fa "int saltlen"
+.Fa "int iter"
+.Fa "const EVP_MD *digest"
+.Fa "int keylen"
+.Fa "unsigned char *out"
+.Fc
+.Ft int
+.Fo PKCS5_PBKDF2_HMAC_SHA1
+.Fa "const char *pass"
+.Fa "int passlen"
+.Fa "const unsigned char *salt"
+.Fa "int saltlen"
+.Fa "int iter"
+.Fa "int keylen"
+.Fa "unsigned char *out"
+.Fc
+.Sh DESCRIPTION
+.Fn PKCS5_PBKDF2_HMAC
+derives a key from a password using a salt and iteration count as
+specified in RFC 2898.
+.Pp
+.Fa pass
+is the password used in the derivation of length
+.Fa passlen .
+.Fa pass
+is an optional parameter and can be
+.Dv NULL .
+If
+.Fa passlen
+is -1, then the function will calculate the length of
+.Fa pass
+using
+.Xr strlen 3 .
+.Pp
+.Fa salt
+is the salt used in the derivation of length
+.Fa saltlen .
+If the
+.Fa salt
+is
+.Dv NULL ,
+then
+.Fa saltlen
+must be 0.
+The function will not attempt to calculate the length of the
+.Fa salt
+because it is not assumed to be NUL terminated.
+.Pp
+.Fa iter
+is the iteration count and its value should be greater than or equal to 1.
+RFC 2898 suggests an iteration count of at least 1000.
+Any
+.Fa iter
+less than 1 is treated as a single iteration.
+.Pp
+.Fa digest
+is the message digest function used in the derivation.
+Values include any of the EVP_* message digests.
+.Fn PKCS5_PBKDF2_HMAC_SHA1
+calls
+.Fn PKCS5_PBKDF2_HMAC
+with
+.Xr EVP_sha1 3 .
+.Pp
+The derived key will be written to
+.Fa out .
+The size of the
+.Fa out
+buffer is specified via
+.Fa keylen .
+.Pp
+A typical application of this function is to derive keying material for
+an encryption algorithm from a password in the
+.Fa pass ,
+a salt in
+.Fa salt ,
+and an iteration count.
+.Pp
+Increasing the
+.Fa iter
+parameter slows down the algorithm which makes it harder for an attacker
+to perform a brute force attack using a large number of candidate
+passwords.
+.Sh RETURN VALUES
+.Fn PKCS5_PBKDF2_HMAC
+and
+.Fn PBKCS5_PBKDF2_HMAC_SHA1
+return 1 on success or 0 on error.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_BytesToKey 3 ,
+.Xr rand 3

diff --git a/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 new file mode 100644 index 0000000000..333e45250e --- /dev/null +++ b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
@@ -0,0 +1,106 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt PKCS5_PBKDF2_HMAC 3
	3	.Os
	4	.Sh NAME
	5	.Nm PKCS5_PBKDF2_HMAC ,
	6	.Nm PKCS5_PBKDF2_HMAC_SHA1
	7	.Nd password based derivation routines with salt and iteration count
	8	.Sh SYNOPSIS
	9	.In openssl/evp.h
	10	.Ft int
	11	.Fo PKCS5_PBKDF2_HMAC
	12	.Fa "const char *pass"
	13	.Fa "int passlen"
	14	.Fa "const unsigned char *salt"
	15	.Fa "int saltlen"
	16	.Fa "int iter"
	17	.Fa "const EVP_MD *digest"
	18	.Fa "int keylen"
	19	.Fa "unsigned char *out"
	20	.Fc
	21	.Ft int
	22	.Fo PKCS5_PBKDF2_HMAC_SHA1
	23	.Fa "const char *pass"
	24	.Fa "int passlen"
	25	.Fa "const unsigned char *salt"
	26	.Fa "int saltlen"
	27	.Fa "int iter"
	28	.Fa "int keylen"
	29	.Fa "unsigned char *out"
	30	.Fc
	31	.Sh DESCRIPTION
	32	.Fn PKCS5_PBKDF2_HMAC
	33	derives a key from a password using a salt and iteration count as
	34	specified in RFC 2898.
	35	.Pp
	36	.Fa pass
	37	is the password used in the derivation of length
	38	.Fa passlen .
	39	.Fa pass
	40	is an optional parameter and can be
	41	.Dv NULL .
	42	If
	43	.Fa passlen
	44	is -1, then the function will calculate the length of
	45	.Fa pass
	46	using
	47	.Xr strlen 3 .
	48	.Pp
	49	.Fa salt
	50	is the salt used in the derivation of length
	51	.Fa saltlen .
	52	If the
	53	.Fa salt
	54	is
	55	.Dv NULL ,
	56	then
	57	.Fa saltlen
	58	must be 0.
	59	The function will not attempt to calculate the length of the
	60	.Fa salt
	61	because it is not assumed to be NUL terminated.
	62	.Pp
	63	.Fa iter
	64	is the iteration count and its value should be greater than or equal to 1.
	65	RFC 2898 suggests an iteration count of at least 1000.
	66	Any
	67	.Fa iter
	68	less than 1 is treated as a single iteration.
	69	.Pp
	70	.Fa digest
	71	is the message digest function used in the derivation.
	72	Values include any of the EVP_* message digests.
	73	.Fn PKCS5_PBKDF2_HMAC_SHA1
	74	calls
	75	.Fn PKCS5_PBKDF2_HMAC
	76	with
	77	.Xr EVP_sha1 3 .
	78	.Pp
	79	The derived key will be written to
	80	.Fa out .
	81	The size of the
	82	.Fa out
	83	buffer is specified via
	84	.Fa keylen .
	85	.Pp
	86	A typical application of this function is to derive keying material for
	87	an encryption algorithm from a password in the
	88	.Fa pass ,
	89	a salt in
	90	.Fa salt ,
	91	and an iteration count.
	92	.Pp
	93	Increasing the
	94	.Fa iter
	95	parameter slows down the algorithm which makes it harder for an attacker
	96	to perform a brute force attack using a large number of candidate
	97	passwords.
	98	.Sh RETURN VALUES
	99	.Fn PKCS5_PBKDF2_HMAC
	100	and
	101	.Fn PBKCS5_PBKDF2_HMAC_SHA1
	102	return 1 on success or 0 on error.
	103	.Sh SEE ALSO
	104	.Xr evp 3 ,
	105	.Xr EVP_BytesToKey 3 ,
	106	.Xr rand 3