From: Matt Caswell Date: Sat, 26 Apr 2014 20:44:26 +0000 (+0100) Subject: PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton X-Git-Tag: master-post-reformat~850 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6bcc4475fcdb2ea5daae80cbb2a5a5fcf677ac23;p=oweals%2Fopenssl.git PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton --- diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index cd09b68ca8..d07ae6c7b5 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -60,6 +60,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes, or 0 on error. =head1 SEE ALSO L, L, +L, L =head1 HISTORY diff --git a/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/doc/crypto/PKCS5_PBKDF2_HMAC.pod new file mode 100644 index 0000000000..f8914db3e2 --- /dev/null +++ b/doc/crypto/PKCS5_PBKDF2_HMAC.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +PKCS5_PBKDF2_HMAC - password based derivation routine with salt and iteration count + +=head1 SYNOPSIS + + #include + + int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, + int keylen, unsigned char *out); + +=head1 DESCRIPTION + +PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count +as specified in RFC 2898. + +B is the password used in the derivation of length B. B +is an optional parameter and can be NULL. If B is -1, then the +function will calculate the length of B using strlen(). + +B is the salt used in the derivation of length B. If the +B is NULL, then B must be 0. The function will not +attempt to calculate the length of the B because its not assumed to +be NULL terminated. + +B is the iteration count and its value should be greater than or +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any +B less than 1 is treated as a single iteration. + +B is message digest function used in the derivation. Values include +any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls +PKCS5_PBKDF2_HMAC() with EVP_sha1(). + +The derived key will be written to B. The size of the B buffer +is specified via B. + +=head1 NOTES + +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the B, a salt in B, +and an iteration count. + +Increasing the B parameter slows down the algorithm which makes it +harder for an attacker to peform a brute force attack using a large number +of candidate passwords. + +=head1 RETURN VALUES + +PKCS5_PBKDF2_HMAC() returns 1 on success or 0 on error. + +=head1 SEE ALSO + +L, L, +L + +=head1 HISTORY + +=cut