From 324d92fa7f658d01382ff72c596358f190772369 Mon Sep 17 00:00:00 2001 From: miod <> Date: Thu, 10 Jul 2014 13:08:58 +0000 Subject: Attempt to (incompletely) document EVP_aes_*(). When EVP_des_cbc() was suggested, suggest EVP_aes_256_cbc() instead. Remove mention of EVP_des_ede3_cbc() being the algorithm of choice for S/MIME. Don't mention US-export limited RC2 algorithms, you'd better not know about them. --- src/lib/libcrypto/doc/EVP_EncryptInit.pod | 16 ++++++++++++++-- src/lib/libcrypto/doc/EVP_SealInit.pod | 2 +- src/lib/libcrypto/doc/PKCS7_encrypt.pod | 7 ------- 3 files changed, 15 insertions(+), 10 deletions(-) (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod index d42445cf10..a876ac789c 100644 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod @@ -101,7 +101,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B. EVP_EncryptInit_ex() sets up cipher context B for encryption with cipher B from ENGINE B. B must be initialized before calling this function. B is normally supplied -by a function such as EVP_des_cbc(). If B is NULL then the +by a function such as EVP_aes_256_cbc(). If B is NULL then the default implementation is used. B is the symmetric key to use and B is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set @@ -279,10 +279,22 @@ All algorithms have a fixed key length unless otherwise stated. =over 4 -=item EVP_enc_null() +=item EVP_enc_null(void) Null cipher: does nothing. +=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void) + +128-bit AES in CBC, ECB, CFB and OFB modes respectively. + +=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void) + +192-bit AES in CBC, ECB, CFB and OFB modes respectively. + +=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void) + +256-bit AES in CBC, ECB, CFB and OFB modes respectively. + =item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void) DES in CBC, ECB, CFB and OFB modes respectively. diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod index ff73a04fd9..76eebb72a9 100644 --- a/src/lib/libcrypto/doc/EVP_SealInit.pod +++ b/src/lib/libcrypto/doc/EVP_SealInit.pod @@ -25,7 +25,7 @@ encrypted using this key. EVP_SealInit() initializes a cipher context B for encryption with cipher B using a random secret key and IV. B is normally -supplied by a function such as EVP_des_cbc(). The secret key is encrypted +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. B is an array of buffers where the public key encrypted secret key will be written, each buffer diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod index e206684384..8bc77407b9 100644 --- a/src/lib/libcrypto/doc/PKCS7_encrypt.pod +++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod @@ -22,13 +22,6 @@ Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain RSA public keys, though they do not have to be signed using the RSA algorithm. -EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use -because most clients will support it. - -Some old "export grade" clients may only support weak encryption using 40 or 64 -bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() -respectively. - The algorithm passed in the B parameter must support ASN1 encoding of its parameters. -- cgit v1.2.3-55-g6feb