mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
b536880c45
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
100 lines
3.0 KiB
Plaintext
100 lines
3.0 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
EVP_PBE_CipherInit, EVP_PBE_CipherInit_ex,
|
|
EVP_PBE_find, EVP_PBE_find_ex - Password based encryption routines
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
|
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
|
|
int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
|
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de,
|
|
OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
|
|
EVP_PBE_KEYGEN **pkeygen);
|
|
int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid,
|
|
EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **keygen_ex);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
=head2 PBE operations
|
|
|
|
EVP_PBE_CipherInit() and EVP_PBE_CipherInit_ex() initialise an B<EVP_CIPHER_CTX>
|
|
I<ctx> for encryption (I<en_de>=1) or decryption (I<en_de>=0) using the password
|
|
I<pass> of length I<passlen>. The PBE algorithm type and parameters are extracted
|
|
from an OID I<pbe_obj> and parameters I<param>.
|
|
|
|
EVP_PBE_CipherInit_ex() also allows the application to specify a library context
|
|
I<libctx> and property query I<propq> to select appropriate algorithm
|
|
implementations.
|
|
|
|
=head2 PBE algorithm search
|
|
|
|
EVP_PBE_find() and EVP_PBE_find_ex() search for a matching algorithm using two parameters:
|
|
|
|
1. An algorithm type I<type> which can be:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
EVP_PBE_TYPE_OUTER - A PBE algorithm
|
|
|
|
=item *
|
|
|
|
EVP_PBE_TYPE_PRF - A pseudo-random function
|
|
|
|
=item *
|
|
|
|
EVP_PBE_TYPE_KDF - A key derivation function
|
|
|
|
=back
|
|
|
|
2. A I<pbe_nid> which can represent the algorithm identifier with parameters e.g.
|
|
B<NID_pbeWithSHA1AndRC2_CBC> or an algorithm class e.g. B<NID_pbes2>.
|
|
|
|
They return the algorithm's cipher ID I<pcnid>, digest ID I<pmnid> and a key
|
|
generation function for the algorithm I<pkeygen>. EVP_PBE_CipherInit_ex() also
|
|
returns an extended key generation function I<keygen_ex> which takes a library
|
|
context and property query.
|
|
|
|
If a NULL is supplied for any of I<pcnid>, I<pmnid>, I<pkeygen> or I<pkeygen_ex>
|
|
then this parameter is not returned.
|
|
|
|
=head1 NOTES
|
|
|
|
The arguments I<pbe_obj> and I<param> to EVP_PBE_CipherInit() and EVP_PBE_CipherInit_ex()
|
|
together form an B<X509_ALGOR> and can often be extracted directly from this structure.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
Return value is 1 for success and 0 if an error occurred.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<PKCS5_PBE_keyivgen(3)>,
|
|
L<PKCS12_PBE_keyivgen_ex(3)>,
|
|
L<PKCS5_v2_PBE_keyivgen_ex(3)>,
|
|
L<PKCS12_pbe_crypt_ex(3)>,
|
|
L<PKCS12_create_ex(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
EVP_PBE_CipherInit_ex() and EVP_PBE_find_ex() were added in OpenSSL 3.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|