From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/doc/crypto/EVP_SealInit.pod | 90 ++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 openssl-1.1.0h/doc/crypto/EVP_SealInit.pod (limited to 'openssl-1.1.0h/doc/crypto/EVP_SealInit.pod') diff --git a/openssl-1.1.0h/doc/crypto/EVP_SealInit.pod b/openssl-1.1.0h/doc/crypto/EVP_SealInit.pod new file mode 100644 index 0000000..30bd680 --- /dev/null +++ b/openssl-1.1.0h/doc/crypto/EVP_SealInit.pod @@ -0,0 +1,90 @@ +=pod + +=head1 NAME + +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption + +=head1 SYNOPSIS + + #include + + int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); + int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +=head1 DESCRIPTION + +The EVP envelope routines are a high level interface to envelope +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key. + +EVP_SealInit() initializes a cipher context B for encryption +with cipher B using a random secret key and IV. B is normally +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. B is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +B must have room for B bytes. The actual +size of each encrypted secret key is written to the array B. B is +an array of B public keys. + +The B parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type). + +If the cipher does not require an IV then the B parameter is ignored +and can be B. + +EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties +as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as +documented on the L manual +page. + +=head1 RETURN VALUES + +EVP_SealInit() returns 0 on error or B if successful. + +EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for +failure. + +=head1 NOTES + +Because a random secret key is generated the random number generator +must be seeded before calling EVP_SealInit(). + +The public key must be RSA because it is the only OpenSSL public key +algorithm that supports key transport. + +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. + +It is possible to call EVP_SealInit() twice in the same way as +EVP_EncryptInit(). The first call should have B set to 0 +and (after setting any cipher parameters) it should be called again +with B set to NULL. + +=head1 SEE ALSO + +L, L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- cgit v1.2.3