diff options
author | nectar <nectar@FreeBSD.org> | 2005-02-25 05:39:05 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2005-02-25 05:39:05 +0000 |
commit | 78a59572b356f941f9bcb853dafb34829ec8e576 (patch) | |
tree | 4a7be4ade5df61ca3631c0937c1fc399944ea1cc /crypto/openssl/doc | |
parent | a55ec1447ad1b73694515ed74d03a045fdf79313 (diff) | |
download | FreeBSD-src-78a59572b356f941f9bcb853dafb34829ec8e576.zip FreeBSD-src-78a59572b356f941f9bcb853dafb34829ec8e576.tar.gz |
Vendor import of OpenSSL 0.9.7e.
Diffstat (limited to 'crypto/openssl/doc')
-rw-r--r-- | crypto/openssl/doc/apps/enc.pod | 2 | ||||
-rw-r--r-- | crypto/openssl/doc/crypto/BN_num_bytes.pod | 26 | ||||
-rw-r--r-- | crypto/openssl/doc/crypto/RSA_public_encrypt.pod | 7 | ||||
-rw-r--r-- | crypto/openssl/doc/crypto/pem.pod | 2 | ||||
-rw-r--r-- | crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod | 3 |
5 files changed, 31 insertions, 9 deletions
diff --git a/crypto/openssl/doc/apps/enc.pod b/crypto/openssl/doc/apps/enc.pod index ddf0816..18fe7c8 100644 --- a/crypto/openssl/doc/apps/enc.pod +++ b/crypto/openssl/doc/apps/enc.pod @@ -86,7 +86,7 @@ versions of OpenSSL. Superseded by the B<-pass> argument. =item B<-kfile filename> read the password to derive the key from the first line of B<filename>. -This is for computability with previous versions of OpenSSL. Superseded by +This is for compatibility with previous versions of OpenSSL. Superseded by the B<-pass> argument. =item B<-S salt> diff --git a/crypto/openssl/doc/crypto/BN_num_bytes.pod b/crypto/openssl/doc/crypto/BN_num_bytes.pod index 61589fb..a6a2e3f 100644 --- a/crypto/openssl/doc/crypto/BN_num_bytes.pod +++ b/crypto/openssl/doc/crypto/BN_num_bytes.pod @@ -16,8 +16,14 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size =head1 DESCRIPTION -These functions return the size of a B<BIGNUM> in bytes or bits, -and the size of an unsigned integer in bits. +BN_num_bytes() returns the size of a B<BIGNUM> in bytes. + +BN_num_bits_word() returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns I<floor(log2(w))+1>. + +BN_num_bits() returns the number of significant bits in a B<BIGNUM>, +following the same principle as BN_num_bits_word(). BN_num_bytes() is a macro. @@ -25,9 +31,23 @@ BN_num_bytes() is a macro. The size. +=head1 NOTES + +Some have tried using BN_num_bits() on individual numbers in RSA keys, +DH keys and DSA keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of I<significant> bits a little lower. If you want to know the "key +size" of such a key, either use functions like RSA_size(), DH_size() +and DSA_size(), or use BN_num_bytes() and multiply with 8 (although +there's no real guarantee that will match the "key size", just a lot +more probability). + =head1 SEE ALSO -L<bn(3)|bn(3)> +L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>, +L<RSA_size(3)|RSA_size(3)> =head1 HISTORY diff --git a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod index d53e19d..ab0fe3b 100644 --- a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod +++ b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod @@ -47,9 +47,10 @@ Encrypting user data directly with RSA is insecure. =back B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 -based padding modes, and less than RSA_size(B<rsa>) - 41 for -RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded -prior to calling RSA_public_encrypt(). +based padding modes, less than RSA_size(B<rsa>) - 41 for +RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING. +The random number generator must be seeded prior to calling +RSA_public_encrypt(). RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the private key B<rsa> and stores the plaintext in B<to>. B<to> must point diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod index 8613114..4f9a27d 100644 --- a/crypto/openssl/doc/crypto/pem.pod +++ b/crypto/openssl/doc/crypto/pem.pod @@ -471,6 +471,6 @@ is guaranteed to work. =head1 RETURN CODES The read routines return either a pointer to the structure read or NULL -is an error occurred. +if an error occurred. The write routines return 1 for success or 0 for failure. diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod index 5949395..58fc685 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod @@ -46,7 +46,8 @@ B<SSL_MAX_SSL_SESSION_ID_LENGTH>. =head1 WARNINGS -If the session id context is not set on an SSL/TLS server, stored sessions +If the session id context is not set on an SSL/TLS server and client +certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail. |