openssl/doc/crypto/PKCS5_PBKDF2_HMAC.pod
Rich Salz 9b86974e0c Fix L<> content in manpages
L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-21 15:11:50 -04:00

67 lines
2.1 KiB
Plaintext

=pod
=head1 NAME
PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count
=head1 SYNOPSIS
#include <openssl/evp.h>
int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
const EVP_MD *digest,
int keylen, unsigned char *out);
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
int keylen, unsigned char *out);
=head1 DESCRIPTION
PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count
as specified in RFC 2898.
B<pass> is the password used in the derivation of length B<passlen>. B<pass>
is an optional parameter and can be NULL. If B<passlen> is -1, then the
function will calculate the length of B<pass> using strlen().
B<salt> is the salt used in the derivation of length B<saltlen>. If the
B<salt> is NULL, then B<saltlen> must be 0. The function will not
attempt to calculate the length of the B<salt> because it is not assumed to
be NULL terminated.
B<iter> is the iteration count and its value should be greater than or
equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
B<iter> less than 1 is treated as a single iteration.
B<digest> is the message digest function used in the derivation. Values include
any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls
PKCS5_PBKDF2_HMAC() with EVP_sha1().
The derived key will be written to B<out>. The size of the B<out> buffer
is specified via B<keylen>.
=head1 NOTES
A typical application of this function is to derive keying material for an
encryption algorithm from a password in the B<pass>, a salt in B<salt>,
and an iteration count.
Increasing the B<iter> parameter slows down the algorithm which makes it
harder for an attacker to perform a brute force attack using a large number
of candidate passwords.
=head1 RETURN VALUES
PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.
=head1 SEE ALSO
L<evp(3)>, L<rand(3)>,
L<EVP_BytesToKey(3)>
=head1 HISTORY
=cut