aboutsummaryrefslogtreecommitdiffstats
path: root/doc/crypto
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2014-08-07 16:49:55 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2014-08-07 16:49:55 +0000
commitcb6864802ed26a1031701a6a385961592a5cac25 (patch)
tree785ec650cf5f2272f38035e18a3251735344f96d /doc/crypto
parent2e22f5e2e00c1f1f599b03634ca27bb5b9ac471e (diff)
downloadsrc-cb6864802ed26a1031701a6a385961592a5cac25.tar.gz
src-cb6864802ed26a1031701a6a385961592a5cac25.zip
Import OpenSSL 1.0.1i.vendor/openssl/1.0.1i
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=269670 svn path=/vendor-crypto/openssl/1.0.1i/; revision=269671; tag=vendor/openssl/1.0.1i
Diffstat (limited to 'doc/crypto')
-rw-r--r--doc/crypto/ASN1_generate_nconf.pod2
-rw-r--r--doc/crypto/BIO_f_base64.pod15
-rw-r--r--doc/crypto/BIO_push.pod2
-rw-r--r--doc/crypto/ERR_get_error.pod4
-rw-r--r--doc/crypto/EVP_DigestInit.pod5
-rw-r--r--doc/crypto/EVP_EncryptInit.pod5
-rw-r--r--doc/crypto/EVP_SignInit.pod8
-rw-r--r--doc/crypto/RSA_set_method.pod14
-rw-r--r--doc/crypto/RSA_sign.pod4
-rw-r--r--doc/crypto/des.pod7
-rw-r--r--doc/crypto/err.pod1
-rw-r--r--doc/crypto/pem.pod8
-rw-r--r--doc/crypto/ui.pod2
13 files changed, 46 insertions, 31 deletions
diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod
index 542fd1579ab8..bfa0a04ff974 100644
--- a/doc/crypto/ASN1_generate_nconf.pod
+++ b/doc/crypto/ASN1_generate_nconf.pod
@@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must not be present.
=item B<INTEGER>, B<INT>
Encodes an ASN1 B<INTEGER> type. The B<value> string represents
-the value of the integer, it can be preceeded by a minus sign and
+the value of the integer, it can be prefaced by a minus sign and
is normally interpreted as a decimal value unless the prefix B<0x>
is included.
diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod
index 438af3b6b66c..d1d7bf0bd066 100644
--- a/doc/crypto/BIO_f_base64.pod
+++ b/doc/crypto/BIO_f_base64.pod
@@ -46,11 +46,11 @@ to standard output:
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- BIO_write(bio, message, strlen(message));
- BIO_flush(bio);
+ BIO_push(b64, bio);
+ BIO_write(b64, message, strlen(message));
+ BIO_flush(b64);
- BIO_free_all(bio);
+ BIO_free_all(b64);
Read Base64 encoded data from standard input and write the decoded
data to standard output:
@@ -62,11 +62,12 @@ data to standard output:
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512)) > 0)
+ BIO_push(b64, bio);
+ while((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(bio_out, inbuf, inlen);
- BIO_free_all(bio);
+ BIO_flush(bio_out);
+ BIO_free_all(b64);
=head1 BUGS
diff --git a/doc/crypto/BIO_push.pod b/doc/crypto/BIO_push.pod
index 8af1d3c09751..8a2657cd588c 100644
--- a/doc/crypto/BIO_push.pod
+++ b/doc/crypto/BIO_push.pod
@@ -40,7 +40,7 @@ If the call:
BIO_push(b64, f);
-is made then the new chain will be B<b64-chain>. After making the calls
+is made then the new chain will be B<b64-f>. After making the calls
BIO_push(md2, b64);
BIO_push(md1, md2);
diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod
index 828ecf529b2e..01e196c95fda 100644
--- a/doc/crypto/ERR_get_error.pod
+++ b/doc/crypto/ERR_get_error.pod
@@ -49,10 +49,10 @@ additionally store the file name and line number where
the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_get_last_error_line_data() store additional data and flags
+ERR_peek_last_error_line_data() store additional data and flags
associated with the error code in *B<data>
and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true.
An application B<MUST NOT> free the *B<data> pointer (or any other pointers
returned by these functions) with OPENSSL_free() as freeing is handled
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index 367691cc7aed..310c65eb3705 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -161,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
corresponding OBJECT IDENTIFIER or NID_undef if none exists.
-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
-EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
-size in bytes.
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
+EVP_MD_CTX_block_size() return the digest or block size in bytes.
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index 1c4bf184a1b0..d11e054e48b3 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -344,7 +344,10 @@ bits and 12 rounds.
Where possible the B<EVP> interface to symmetric ciphers should be used in
preference to the low level interfaces. This is because the code then becomes
-transparent to the cipher used and much more flexible.
+transparent to the cipher used and much more flexible. Additionally, the
+B<EVP> interface will ensure the use of platform specific cryptographic
+acceleration such as AES-NI (the low level interfaces do not provide the
+guarantee).
PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
length of the encrypted data a multiple of the block size. Padding is always
diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
index 620a623ab620..14ecc775af6a 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -30,9 +30,11 @@ signature context B<ctx>. This function can be called several times on the
same B<ctx> to include additional data.
EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. The number of bytes of data written (i.e. the
-length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written.
+places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
+bytes in size. B<s> is an OUT paramter, and not used as an IN parameter.
+The number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written.
EVP_SignInit() initializes a signing context B<ctx> to use the default
implementation of digest B<type>.
diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
index 2c963d7e5bba..0ef078118651 100644
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
@@ -125,14 +125,18 @@ the default method is used.
/* sign. For backward compatibility, this is used only
* if (flags & RSA_FLAG_SIGN_VER)
*/
- int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
+ int (*rsa_sign)(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
/* verify. For backward compatibility, this is used only
* if (flags & RSA_FLAG_SIGN_VER)
*/
- int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ int (*rsa_verify)(int dtype,
+ const unsigned char *m, unsigned int m_length,
+ const unsigned char *sigbuf, unsigned int siglen,
+ const RSA *rsa);
+ /* keygen. If NULL builtin RSA key generation will be used */
+ int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
} RSA_METHOD;
diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod
index 8553be8e99b6..fc16b1f4f806 100644
--- a/doc/crypto/RSA_sign.pod
+++ b/doc/crypto/RSA_sign.pod
@@ -20,6 +20,10 @@ RSA_sign() signs the message digest B<m> of size B<m_len> using the
private key B<rsa> as specified in PKCS #1 v2.0. It stores the
signature in B<sigret> and the signature size in B<siglen>. B<sigret>
must point to RSA_size(B<rsa>) bytes of memory.
+Note that PKCS #1 adds meta-data, placing limits on the size of the
+key that can be used.
+See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level
+operations.
B<type> denotes the message digest algorithm that was used to generate
B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
index 6f0cf1cc5e5f..e1add56b5e81 100644
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -135,9 +135,8 @@ depend on a global variable.
DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
-is ok. The probability that a randomly generated key is weak is
-1/2^52, so it is not really worth checking for them.
+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
+is ok.
The following routines mostly operate on an input and output stream of
I<DES_cblock>s.
@@ -181,7 +180,7 @@ of 24 bytes. This is much better than CBC DES.
DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
three keys. This means that each DES operation inside the CBC mode is
-really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
index 6f729554d2a9..4a5dc6935cc7 100644
--- a/doc/crypto/err.pod
+++ b/doc/crypto/err.pod
@@ -171,7 +171,6 @@ ERR_get_string_table(void) respectively.
=head1 SEE ALSO
-L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
L<ERR_get_error(3)|ERR_get_error(3)>,
L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
index 54414a3f6f37..21e9fe3b98a9 100644
--- a/doc/crypto/pem.pod
+++ b/doc/crypto/pem.pod
@@ -450,9 +450,9 @@ byte B<salt> encoded as a set of hexadecimal digits.
After this is the base64 encoded encrypted data.
-The encryption key is determined using EVP_bytestokey(), using B<salt> and an
+The encryption key is determined using EVP_BytesToKey(), using B<salt> and an
iteration count of 1. The IV used is the value of B<salt> and *not* the IV
-returned by EVP_bytestokey().
+returned by EVP_BytesToKey().
=head1 BUGS
@@ -474,3 +474,7 @@ The read routines return either a pointer to the structure read or NULL
if an error occurred.
The write routines return 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_get_cipherbyname(3)|EVP_get_cipherbyname>, L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>
diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod
index 6df68d604a82..04f8e9c360a8 100644
--- a/doc/crypto/ui.pod
+++ b/doc/crypto/ui.pod
@@ -119,7 +119,7 @@ verification will fail.
UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
in a boolean way, with a single character for yes and a different character
for no. A set of characters that can be used to cancel the prompt is given
-as well. The prompt itself is really divided in two, one part being the
+as well. The prompt itself is divided in two, one part being the
descriptive text (given through the I<prompt> argument) and one describing
the possible answers (given through the I<action_desc> argument).