summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* New manual page EVP_aes_128_gcm(3).schwarze2024-12-174-75/+260
| | | | | | | | | | | | The main benefit is moving the cumbersome and error-prone method of using EVP_EncryptInit(3) for AES-GCM out of the important, but obese manual page EVP_EncryptInit(3), and to create a logical place for pointing readers to the safer and more flexible EVP_AEAD_CTX_init(3). As a side benefit, document three control commands that were so far undocumented and make the description of three others more precise. Feedback and OK tb@.
* Improve a rather misleading sentence about EVP_PKEY_new_mac_key(3).schwarze2024-12-101-4/+8
| | | | | | | It does *not* "work in the same way" as EVP_PKEY_new_raw_private_key(3) but merely arrives at the same end result after doing lots of cumbersome and unnecessary work - and on top of that, it only works for EVP_PKEY_HMAC.
* Add a paragraph about HMAC because that algorithm also involvesschwarze2024-12-101-3/+15
| | | | | | | | parameters that can be controlled with EVP_PKEY_CTX_ctrl(3). But rather than providing a detailed despription, instead point to what application programs should use instead and explain why using the control constant directly would be a particularly bad idea in this case.
* insert a forgotten .Dv macroschwarze2024-12-091-3/+3
|
* Mark the constants EVP_PK_*, EVP_PKS_*, and EVP_PKT_* as intentionallyschwarze2024-12-091-2/+7
| | | | | undocumented because they are only used by the function X509_certificate_type() which is deprecated and will eventually be deleted.
* Move the algorithm-specific functions EVP_rc2_*(3) out of EVP_EncryptInit(3)schwarze2024-12-084-55/+214
| | | | | | | | | and document them properly in their own manual page, including the control commands EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS that were so far undocumented. Arguably, the main benefit is another small step making the important, but still obese EVP_EncryptInit(3) manual page more palatable.
* Document the low-level rc2.h API.schwarze2024-12-072-2/+198
| | | | | Not that this would be particularly important, but i had to look at the code anyway while completing the EVP documentation.
* Adjust the return type and value of EVP_MD_CTX_init(3)schwarze2024-12-062-7/+12
| | | | | and EVP_CIPHER_CTX_init(3) after tb@ changed these to OpenSSL 1.1 semantics in evp.h rev. 1.124 on March 2 this year.
* Delete the manual pages EVP_PKEY_meth_new(3) and EVP_PKEY_meth_get0_info(3)schwarze2024-12-0618-776/+60
| | | | | | | | because tb@ deleted almost all functions documented there from the API in evp.h 1.127 on March 2 this year, but move the functions EVP_PKEY_CTX_set_data(3) and EVP_PKEY_CTX_get_data(3) that we still support to EVP_PKEY_keygen(3), because that page already documents EVP_PKEY_CTX_set_app_data(3) and EVP_PKEY_CTX_get_app_data(3).
* Delete the manual page EVP_PKEY_check(3).schwarze2024-12-065-158/+5
| | | | | All three functions documented in this page were deleted from the API by tb@ in evp.h rev. 1.136 on August 31 this year.
* Delete the manual page EVP_PKEY_asn1_new(3).schwarze2024-12-0614-566/+30
| | | | | All the functions documented in this page were deleted from the API by tb@ in evp.h rev. 1.126 on March 2 this year.
* Explain what "EVP" is supposed to mean.schwarze2024-12-061-2/+16
| | | | | | It's so non-obvious that even i had to do some research to find out. Source: The file "doc/ssleay.doc" from SSLeay 0.8.1b, see for example OpenSSL commit d02b48c6 on Dec 21, 1998.
* document the #define'd constant PKCS5_SALT_LENschwarze2024-12-051-4/+6
|
* drop comments asking for documentation of three ASN1_PKEY_CTRL_CMS_*schwarze2024-12-051-5/+2
| | | | | constants after these have been marked as intentionally undocumented; they are internal to the library and unused in the wild
* Meant to split the sentence in twotb2024-11-301-3/+3
|
* Be a bit more precise on the error conditions of CMS_get1_{certs,crls}()tb2024-11-301-3/+4
|
* Explain how to free the stack returned by CMS_get1_{certs,crls}()tb2024-11-301-2/+9
| | | | with job
* Provide an example of signing with HMAC-SHA256 or Ed25519schwarze2024-11-291-3/+67
| | | | | | because that makes it easier to see the big picture of how EVP_PKEY_new_raw_private_key(3) is supposed to be used. Feedback and OK tb@.
* Fix some inaccuracies and gaps in the paragraph i wrote about CMACschwarze2024-11-241-18/+47
| | | | | | | | | such that it becomes intelligible but not too long or prominent. In particular, don't talk about EVP_PKEY_CTX_new(3), don't forget to mention EVP_PKEY_keygen(3), mention EVP_PKEY_OP_KEYGEN, and mention how to proceed once you have the desired EVP_PKEY object in hand. Substantial feedback and OK tb@.
* Use a better curve and a better hash for the ECDSA_do_sign() exampletb2024-11-151-9/+9
| | | | (Many examples in this directory are really bad. This is no exception.)
* Link the new manual page EVP_PKEY_new_CMAC_key(3) to the buildschwarze2024-11-122-29/+5
| | | | | and purge the superseded information from the algorithm-independent page EVP_PKEY_new(3).
* Document EVP_PKEY_new_CMAC_key(3) in sufficient detail such that readersschwarze2024-11-121-0/+159
| | | | | | | | | | | | | | | | | | | | | stand a chance of using the API correctly. Admittedly, having so much text below EXAMPLES is somewhat unusual. While all that information is required to use the function correctly, strictly speaking, it is not part of the specification of what EVP_PKEY_new_CMAC_key(3) does, so it woundn't really belong in the DESCRIPTION. Now, designing an API function in such a way that using it correctly requires lots of information about *other* functions and such that all that additional information does not belong into the manual pages of those other functions (both because that would cause distractions in various other manual pages and because it would scatter required information around lots of different pages) is certainly not stellar API design. But we can't help that because these APIs were all originally designed by OpenSSL. Significant feedback and OK tb@.
* Fix a brainfart that happened to me in 2020:schwarze2024-11-121-9/+7
| | | | | | | | | | It is impossible to use EVP_DigestInit_ex(3) for CMAC. Besides, EVP_PKEY_CTX_new_id(3) does not produce an EVP_MD_CTX object. Instead, mention the easiest way to actually get the job done using EVP_PKEY_new_CMAC_key(3) and EVP_DigestSignInit(3). OK tb@
* Mention the key lengths of some encryption algorithms.schwarze2024-11-094-21/+47
| | | | | | | | This is relevant because EVP_EncryptInit(3) takes a "key" argument, and users need to consider the size of that argument. While here, also mention whether ciphers are stream ciphers or block ciphers and what the block size is.
* Weed out the last remaining refences to the obsoleteschwarze2024-11-084-67/+77
| | | | | | | | function EVP_MD_CTX_init(3) and talk about EVP_MD_CTX_new(3) instead. This is similar in spirit to OpenSSL commit 25191fff (Dec 1, 2015), but i'm also mentioning EVP_MD_CTX_reset(3), slightly reordering some sentences in a more systematic way, and improving some related wordings to be more precise and read better.
* List CMAC_CTX_copy(3) in the SYNOPSIS. It was alreadyschwarze2024-11-081-2/+7
| | | | mentioned in NAME and described in DESCRIPTION and RETURN VALUES.
* document EVP_PKEY_CTRL_SET_MAC_KEY for CMACschwarze2024-11-071-2/+16
|
* document EVP_PKEY_CTRL_CIPHER, providing a bit of contextschwarze2024-11-061-2/+33
|
* About a year ago, the obsolete function EVP_Cipher(3) was moved out ofschwarze2024-11-061-5/+5
| | | | | the important manual page EVP_EncryptInit(3). Belatedly adjust some cross references.
* Fix argument names: des_in -> der_in and des_out -> der_outtb2024-10-242-19/+19
|
* remove duplicate X509v3_asid_add_id_or_range.3 linejsg2024-10-221-2/+1
|
* X509V3_EXT_get_nid.3: indicate what nid meanstb2024-10-031-3/+3
|
* Adjust documentation to work without X509_LOOKUP_by_subject()tb2024-09-061-52/+5
| | | | | X509_LOOKUP_by_subject() was made internal a while back. Its documentation was very detailed, so this was a bit of a tangle to undo.
* Remove X509_check_trust documentationtb2024-09-027-226/+11
|
* The X509at_* manuals are no longer neededtb2024-09-024-299/+4
|
* Also remove .Xr to X509at_*tb2024-09-021-4/+2
|
* Excise X509at_* from X509_REQ_* documentationtb2024-09-021-22/+10
|
* Rename lastpos to start_after to match other, similar manualstb2024-09-021-13/+13
|
* More X509at_* removaltb2024-09-021-8/+4
|
* Remove mention of the no longer public X509at_* functionstb2024-09-021-23/+12
|
* Adjust function signatures for const X509_LOOKUP_METHODtb2024-09-022-8/+8
|
* Remove cross references to whirlpooltb2024-08-302-6/+4
|
* Remove documentation of EVP_whirlpooltb2024-08-292-85/+1
|
* Remove documentation of ERR_add_error_{,v}data()tb2024-08-292-41/+8
|
* HMAC_Init() is dead. Long live HMAC_Init_ex()tb2024-08-291-17/+2
|
* Remove documentation of (caveat on) X509_TRUST_DEFAULTtb2024-08-291-12/+2
| | | | Sadly, it's going to go away before ever having become the default.
* Document X509_get0_signature_info()tb2024-08-281-3/+70
| | | | | | | | Loosely based on the OpenSSL 1.1 documentation but extended quite a bit to explain what the flags mean and what info they do (and do not) convey. With the usual valuable feedback from jmc. ok jmc
* More precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare.tb2024-08-241-7/+14
| | | | The existing description was lacking and incorrect, respectively.
* X509at_get_attr: zap trailing comma.tb2024-08-241-2/+2
| | | | reminded by mandoc -Tlint
* LibreSSL no longer supports adding X.501 attributes to an EVP_PKEYtb2024-08-247-206/+11
| | | | Remove the corresponding documentation.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 12:09:12 +0000