Split EVP_aes_128_cbc(3) out of EVP_EncryptInit(3):

both resulting pages are still long.

Mention a number of missing functions.
Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page,
which is still under a free license.
Add missing HISTORY information.

Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3)
in evp.h rev. 1.74.

4 files changed, 322 insertions, 74 deletions

diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 704a2016ed..10d30c4cf0 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.27 2019/03/18 05:56:24 schwarze Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.28 2019/03/18 11:38:16 schwarze Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100
 .\"
@@ -138,26 +138,6 @@
 .Nm EVP_cast5_ecb ,
 .Nm EVP_cast5_cfb ,
 .Nm EVP_cast5_ofb ,
-.Nm EVP_aes_128_cbc ,
-.Nm EVP_aes_128_ecb ,
-.Nm EVP_aes_128_cfb ,
-.Nm EVP_aes_128_ofb ,
-.Nm EVP_aes_192_cbc ,
-.Nm EVP_aes_192_ecb ,
-.Nm EVP_aes_192_cfb ,
-.Nm EVP_aes_192_ofb ,
-.Nm EVP_aes_256_cbc ,
-.Nm EVP_aes_256_ecb ,
-.Nm EVP_aes_256_cfb ,
-.Nm EVP_aes_256_ofb ,
-.Nm EVP_aes_128_gcm ,
-.Nm EVP_aes_192_gcm ,
-.Nm EVP_aes_256_gcm ,
-.Nm EVP_aes_128_ccm ,
-.Nm EVP_aes_192_ccm ,
-.Nm EVP_aes_256_ccm ,
-.Nm EVP_aes_128_cbc_hmac_sha1 ,
-.Nm EVP_aes_256_cbc_hmac_sha1 ,
 .Nm EVP_chacha20
 .Nd EVP cipher routines
 .Sh SYNOPSIS
@@ -471,7 +451,7 @@ points to an unused object on the stack, it must be initialized with
 before calling this function.
 .Fa type
 is normally supplied by a function such as
-.Fn EVP_aes_256_cbc .
+.Xr EVP_aes_256_cbc 3 .
 If
 .Fa impl
 is
@@ -905,27 +885,6 @@ All algorithms have a fixed key length unless otherwise stated.
 .It Fn EVP_enc_null
 Null cipher: does nothing.
 .It Xo
-.Fn EVP_aes_128_cbc ,
-.Fn EVP_aes_128_ecb ,
-.Fn EVP_aes_128_cfb ,
-.Fn EVP_aes_128_ofb
-.Xc
-AES with a 128-bit key in CBC, ECB, CFB and OFB modes respectively.
-.It Xo
-.Fn EVP_aes_192_cbc ,
-.Fn EVP_aes_192_ecb ,
-.Fn EVP_aes_192_cfb ,
-.Fn EVP_aes_192_ofb
-.Xc
-AES with a 192-bit key in CBC, ECB, CFB and OFB modes respectively.
-.It Xo
-.Fn EVP_aes_256_cbc ,
-.Fn EVP_aes_256_ecb ,
-.Fn EVP_aes_256_cfb ,
-.Fn EVP_aes_256_ofb
-.Xc
-AES with a 256-bit key in CBC, ECB, CFB and OFB modes respectively.
-.It Xo
 .Fn EVP_des_cbc ,
 .Fn EVP_des_ecb ,
 .Fn EVP_des_cfb ,
@@ -1004,29 +963,13 @@ This is a variable key length cipher.
 .Xc
 CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
 This is a variable key length cipher.
-.It Xo
-.Fn EVP_aes_128_gcm ,
-.Fn EVP_aes_192_gcm ,
-.Fn EVP_aes_256_gcm
-.Xc
-AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
-These ciphers require additional control operations to function
-correctly: see the GCM mode section below for details.
-.It Xo
-.Fn EVP_aes_128_ccm ,
-.Fn EVP_aes_192_ccm ,
-.Fn EVP_aes_256_ccm
-.Xc
-AES Counter with CBC-MAC Mode (CCM) for 128, 192 and 256 bit keys
-respectively.
-These ciphers require additional control operations to function
-correctly: see CCM mode section below for details.
-.It Fn EVP_chacha20
 The ChaCha20 stream cipher.
 The key length is 256 bits, the IV is 96 bits long.
 .El
 .Pp
 See also
+.Xr EVP_aes_128_cbc 3
+and
 .Xr EVP_sm4_cbc 3 .
 .Ss GCM mode
 For GCM mode ciphers, the behaviour of the EVP interface
@@ -1231,6 +1174,7 @@ do_crypt(FILE *in, FILE *out, int do_encrypt)
 .Ed
 .Sh SEE ALSO
 .Xr evp 3 ,
+.Xr EVP_aes_128_cbc 3 ,
 .Xr EVP_sm4_cbc 3
 .Sh HISTORY
 .Fn EVP_EncryptInit ,
@@ -1343,17 +1287,8 @@ first appeared in OpenSSL 0.9.8b.
 These functions have been available since
 .Ox 4.5 .
 .Pp
-.Fn EVP_rc4_hmac_md5 ,
-.Fn EVP_aes_128_gcm ,
-.Fn EVP_aes_192_gcm ,
-.Fn EVP_aes_256_gcm ,
-.Fn EVP_aes_128_ccm ,
-.Fn EVP_aes_192_ccm ,
-.Fn EVP_aes_256_ccm ,
-.Fn EVP_aes_128_cbc_hmac_sha1 ,
-and
-.Fn EVP_aes_256_cbc_hmac_sha1
-first appeared in OpenSSL 1.0.1 and have been available since
+.Fn EVP_rc4_hmac_md5
+first appeared in OpenSSL 1.0.1 and has been available since
 .Ox 5.3 .
 .Pp
 .Fn EVP_CIPHER_CTX_reset
diff --git a/src/lib/libcrypto/man/EVP_aes_128_cbc.3 b/src/lib/libcrypto/man/EVP_aes_128_cbc.3
new file mode 100644
index 0000000000..8c01f07f55
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_aes_128_cbc.3
@@ -0,0 +1,311 @@
+.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.1 2019/03/18 11:38:16 schwarze Exp $
+.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000
+.\"
+.\" This file was written by Ronald Tse <ronald.tse@ribose.com>
+.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: March 18 2019 $
+.Dt EVP_AES_128_CBC 3
+.Os
+.Sh NAME
+.Nm EVP_aes_128_cbc ,
+.Nm EVP_aes_192_cbc ,
+.Nm EVP_aes_256_cbc ,
+.Nm EVP_aes_128_cfb1 ,
+.Nm EVP_aes_192_cfb1 ,
+.Nm EVP_aes_256_cfb1 ,
+.Nm EVP_aes_128_cfb8 ,
+.Nm EVP_aes_192_cfb8 ,
+.Nm EVP_aes_256_cfb8 ,
+.Nm EVP_aes_128_cfb128 ,
+.Nm EVP_aes_192_cfb128 ,
+.Nm EVP_aes_256_cfb128 ,
+.Nm EVP_aes_128_cfb ,
+.Nm EVP_aes_192_cfb ,
+.Nm EVP_aes_256_cfb ,
+.Nm EVP_aes_128_ctr ,
+.Nm EVP_aes_192_ctr ,
+.Nm EVP_aes_256_ctr ,
+.Nm EVP_aes_128_ecb ,
+.Nm EVP_aes_192_ecb ,
+.Nm EVP_aes_256_ecb ,
+.Nm EVP_aes_128_ofb ,
+.Nm EVP_aes_192_ofb ,
+.Nm EVP_aes_256_ofb ,
+.Nm EVP_aes_128_cbc_hmac_sha1 ,
+.Nm EVP_aes_256_cbc_hmac_sha1 ,
+.Nm EVP_aes_128_ccm ,
+.Nm EVP_aes_192_ccm ,
+.Nm EVP_aes_256_ccm ,
+.Nm EVP_aes_128_gcm ,
+.Nm EVP_aes_192_gcm ,
+.Nm EVP_aes_256_gcm ,
+.Nm EVP_aes_128_wrap ,
+.Nm EVP_aes_192_wrap ,
+.Nm EVP_aes_256_wrap ,
+.Nm EVP_aes_128_xts ,
+.Nm EVP_aes_256_xts
+.Nd EVP AES cipher
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_cbc void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_cbc void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_cbc void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_cfb1 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_cfb1 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_cfb1 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_cfb8 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_cfb8 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_cfb8 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_cfb128 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_cfb128 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_cfb128 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_cfb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_cfb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_cfb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_ctr void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_ctr void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_ctr void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_ecb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_ecb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_ecb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_ofb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_ofb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_ofb void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_cbc_hmac_sha1 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_cbc_hmac_sha1 void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_ccm void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_ccm void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_ccm void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_gcm void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_gcm void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_gcm void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_wrap void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_192_wrap void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_wrap void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_128_xts void
+.Ft const EVP_CIPHER *
+.Fn EVP_aes_256_xts void
+.Sh DESCRIPTION
+These functions provide the AES encryption algorithm in the
+.Xr evp 3
+framework.
+.Pp
+.Fn EVP_aes_128_cbc ,
+.Fn EVP_aes_192_cbc ,
+.Fn EVP_aes_256_cbc ,
+.Fn EVP_aes_128_cfb1 ,
+.Fn EVP_aes_192_cfb1 ,
+.Fn EVP_aes_256_cfb1 ,
+.Fn EVP_aes_128_cfb8 ,
+.Fn EVP_aes_192_cfb8 ,
+.Fn EVP_aes_256_cfb8 ,
+.Fn EVP_aes_128_cfb128 ,
+.Fn EVP_aes_192_cfb128 ,
+.Fn EVP_aes_256_cfb128 ,
+.Fn EVP_aes_128_ctr ,
+.Fn EVP_aes_192_ctr ,
+.Fn EVP_aes_256_ctr ,
+.Fn EVP_aes_128_ecb ,
+.Fn EVP_aes_192_ecb ,
+.Fn EVP_aes_256_ecb ,
+.Fn EVP_aes_128_ofb ,
+.Fn EVP_aes_192_ofb ,
+and
+.Fn EVP_aes_256_ofb
+provide AES for 128, 192, and 256 bit keys in the following modes:
+CBC, CFB with 1-bit shift, CFB with 8-bit shift, CFB with 128-bit shift,
+CTR, ECB, and OFB.
+.Pp
+.Fn EVP_aes_128_cfb ,
+.Fn EVP_aes_192_cfb ,
+and
+.Fn EVP_aes_256_cfb
+are aliases for
+.Fn EVP_aes_128_cfb128 ,
+.Fn EVP_aes_192_cfb128 ,
+and
+.Fn EVP_aes_256_cfb128 .
+.Pp
+.Fn EVP_aes_128_cbc_hmac_sha1
+and
+.Fn EVP_aes_256_cbc_hmac_sha1
+provide authenticated encryption with AES in CBC mode using SHA-1 as HMAC,
+with keys of 128 and 256 bits length respectively.
+The authentication tag is 160 bits long.
+This is not intended for usage outside of TLS and requires
+calling of some undocumented control functions.
+These ciphers do not conform to the EVP AEAD interface.
+.Pp
+.Fn EVP_aes_128_ccm ,
+.Fn EVP_aes_192_ccm ,
+.Fn EVP_aes_256_ccm ,
+.Fn EVP_aes_128_gcm ,
+.Fn EVP_aes_192_gcm ,
+and
+.Fn EVP_aes_256_gcm
+provide AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM)
+and Galois Counter Mode (GCM), respectively.
+These ciphers require additional control operations to function
+correctly; see
+.Xr EVP_EncryptInit 3
+for details.
+.Pp
+.Fn EVP_aes_128_wrap ,
+.Fn EVP_aes_192_wrap ,
+and
+.Fn EVP_aes_256_wrap
+provide AES key wrap with 128, 192 and 256 bit keys
+according to RFC 3394 section 2.2.1 ("wrap").
+.Pp
+.Fn EVP_aes_128_xts
+and
+.Fn EVP_aes_256_xts
+provide XEX-based tweaked-codebook mode with ciphertext stealing (XTS-AES)
+as specified in IEEE Std. 1619-2007 and described in NIST SP 800-38E.
+It was designed for encrypting data on a storage device,
+provides confidentiality but not authentication of data,
+and requires a key of double length for protection of a certain key size.
+In particular, XTS-AES-128 takes input of a 256-bit key to achieve
+AES 128-bit security, and XTS-AES-256 takes input of a 512-bit key
+to achieve AES 256-bit security.
+.Sh RETURN VALUES
+These functions return an
+.Vt EVP_CIPHER
+structure that provides the implementation of the symmetric cipher.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_EncryptInit 3
+.Sh HISTORY
+.Fn EVP_aes_128_cbc ,
+.Fn EVP_aes_192_cbc ,
+.Fn EVP_aes_256_cbc ,
+.Fn EVP_aes_128_cfb ,
+.Fn EVP_aes_192_cfb ,
+.Fn EVP_aes_256_cfb ,
+.Fn EVP_aes_128_ebc ,
+.Fn EVP_aes_192_ebc ,
+.Fn EVP_aes_256_ebc ,
+.Fn EVP_aes_128_ofb ,
+.Fn EVP_aes_192_ofb ,
+and
+.Fn EVP_aes_256_ofb
+first appeared in OpenSSL 0.9.7 and have been available since
+.Ox 3.2 .
+.Pp
+.Fn EVP_aes_128_cfb1 ,
+.Fn EVP_aes_192_cfb1 ,
+.Fn EVP_aes_256_cfb1 ,
+.Fn EVP_aes_128_cfb8 ,
+.Fn EVP_aes_192_cfb8 ,
+.Fn EVP_aes_256_cfb8 ,
+.Fn EVP_aes_128_cfb128 ,
+.Fn EVP_aes_192_cfb128 ,
+and
+.Fn EVP_aes_256_cfb128
+first appeared in OpenSSL 0.9.7e and have been available since
+.Ox 3.8 .
+.Pp
+.Fn EVP_aes_128_ctr ,
+.Fn EVP_aes_192_ctr ,
+.Fn EVP_aes_256_ctr ,
+.Fn EVP_aes_128_cbc_hmac_sha1 ,
+.Fn EVP_aes_256_cbc_hmac_sha1 ,
+.Fn EVP_aes_128_ccm ,
+.Fn EVP_aes_192_ccm ,
+.Fn EVP_aes_256_ccm ,
+.Fn EVP_aes_128_gcm ,
+.Fn EVP_aes_192_gcm ,
+.Fn EVP_aes_256_gcm ,
+.Fn EVP_aes_128_xts ,
+and
+.Fn EVP_aes_256_xts
+first appeared in OpenSSL 1.0.1 and have been available since
+.Ox 5.3 .
+.Pp
+.Fn EVP_aes_128_wrap ,
+.Fn EVP_aes_192_wrap ,
+and
+.Fn EVP_aes_256_wrap
+first appeared in OpenSSL 1.0.2 and have been available since
+.Ox 6.5 .
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 79ada9713d..884e5257ef 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.144 2019/03/18 05:56:24 schwarze Exp $
+# $OpenBSD: Makefile,v 1.145 2019/03/18 11:38:16 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -151,6 +151,7 @@ MAN=	\
         EVP_SealInit.3 \
         EVP_SignInit.3 \
         EVP_VerifyInit.3 \
+        EVP_aes_128_cbc.3 \
         EVP_sm4_cbc.3 \
         EXTENDED_KEY_USAGE_new.3 \
         GENERAL_NAME_new.3 \
diff --git a/src/lib/libcrypto/man/evp.3 b/src/lib/libcrypto/man/evp.3
index a5a2a49164..6dbd884c72 100644
--- a/src/lib/libcrypto/man/evp.3
+++ b/src/lib/libcrypto/man/evp.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: evp.3,v 1.6 2019/03/18 05:56:24 schwarze Exp $
+.\"     $OpenBSD: evp.3,v 1.7 2019/03/18 11:38:16 schwarze Exp $
 .\"     OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -182,6 +182,7 @@ operations are more efficient using the high level interfaces.
 .Sh SEE ALSO
 .Xr ENGINE_register_RSA 3 ,
 .Xr EVP_AEAD_CTX_init 3 ,
+.Xr EVP_aes_128_cbc 3 ,
 .Xr EVP_BytesToKey 3 ,
 .Xr EVP_DigestInit 3 ,
 .Xr EVP_DigestSignInit 3 ,