Add Copyright and license.

SSLv2 and export ciphers are no longer supported, delete related text. Sync SSL_CIPHER_description(3) return values with the source code. Wording simplifications from OpenSSL. Delete empty RETURN VALUES section.
author: schwarze <> 2016-11-29 19:18:52 +0000
committer: schwarze <> 2016-11-29 19:18:52 +0000
commit: c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15 (patch)
tree: cc9f9e3cc003c5ad16512d5d267f4162b98f4570 /src
parent: d36c53cde950d0fc4e1cc504b716d94a668c3b48 (diff)
download: openbsd-c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15.tar.gz
openbsd-c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15.tar.bz2
openbsd-c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15.zip
1 files changed, 99 insertions, 67 deletions
diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3
index c4661c8faf..1cd980af78 100644
--- a/src/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/src/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -1,7 +1,55 @@
+.\"     $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2016/11/29 19:18:52 schwarze Exp $
+.\"     OpenSSL 45f55f6a Nov 30 15:35:22 2014 +0100
 .\"
-.\"     $OpenBSD: SSL_CIPHER_get_name.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" Copyright (c) 2000, 2001, 2005, 2009, 2013, 2014 The OpenSSL Project.
+.\" All rights reserved.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 29 2016 $
 .Dt SSL_CIPHER_GET_NAME 3
 .Os
 .Sh NAME
@@ -25,11 +73,11 @@
 returns a pointer to the name of
 .Fa cipher .
 If the
-argument is the
+.Fa cipher
-.Dv NULL
+is
-pointer, a pointer to the constant value
+.Dv NULL ,
-.Qq NONE
+it returns
-is returned.
+.Qq (NONE) .
 .Pp
 .Fn SSL_CIPHER_get_bits
 returns the number of secret bits used for
@@ -50,8 +98,6 @@ is
 returns a string which indicates the SSL/TLS protocol version that first
 defined the cipher.
 This is currently
-.Qq SSLv2
-or
 .Qq TLSv1/SSLv3 .
 In some cases it should possibly return
 .Qq TLSv1.2
@@ -89,87 +135,73 @@ is
 and the allocation fails, a pointer to the string
 .Qq Buffer too small
 is returned.
-.Sh NOTES
-The number of bits processed can be different from the secret bits.
-For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
-The algorithm does use the full 128 bits (which would be returned for
-.Fa alg_bits ) ,
-but 88 bits are fixed.
-The search space is hence only 40 bits.
 .Pp
 The string returned by
 .Fn SSL_CIPHER_description
-in case of success consists
+consists of several fields separated by whitespace:
-of cleartext information separated by one or more blanks in the following
-sequence:
 .Bl -tag -width Ds
 .It Aq Ar ciphername
 Textual representation of the cipher name.
 .It Aq Ar protocol version
 Protocol version:
-.Em SSLv2 ,
+.Sy SSLv3
-.Em SSLv3 ,
+or
-.Em TLSv1.2 .
+.Sy TLSv1.2 .
 The TLSv1.0 ciphers are flagged with SSLv3.
 No new ciphers were added by TLSv1.1.
 .It Kx= Ns Aq Ar key exchange
 Key exchange method:
-.Em RSA
+.Sy DH ,
-(for export ciphers as
+.Sy ECDH ,
-.Em RSA(512)
+.Sy GOST ,
-or
-.Em RSA(1024) ) ,
-.Em DH
-(for export ciphers as
-.Em DH(512)
 or
-.Em DH(1024) ) ,
+.Sy RSA .
-.Em DH/RSA ,
-.Em DH/DSS ,
-.Em Fortezza .
 .It Au= Ns Aq Ar authentication
 Authentication method:
-.Em RSA ,
+.Sy DSS ,
-.Em DSS ,
+.Sy ECDSA ,
-.Em DH ,
+.Sy GOST01 ,
-.Em None .
+.Sy RSA ,
-.Em None
+or
+.Sy None .
+.Sy None
 is the representation of anonymous ciphers.
 .It Enc= Ns Aq Ar symmetric encryption method
 Encryption method with number of secret bits:
-.Em DES(40) ,
+.Sy DES(56) ,
-.Em DES(56) ,
+.Sy 3DES(168) ,
-.Em 3DES(168) ,
+.Sy RC4(64) ,
-.Em RC4(40) ,
+.Sy RC4(128) ,
-.Em RC4(56) ,
+.Sy IDEA(128) ,
-.Em RC4(64) ,
+.Sy AES(128) ,
-.Em RC4(128) ,
+.Sy AES(256) ,
-.Em RC2(40) ,
+.Sy AESCGM(128) ,
-.Em RC2(56) ,
+.Sy AESCGM(256) ,
-.Em RC2(128) ,
+.Sy Camellia(128) ,
-.Em IDEA(128) ,
+.Sy Camellia(256) ,
-.Em Fortezza ,
+.Sy ChaCha20-Poly1305 ,
-.Em None .
+.Sy ChaCha20-Poly1305-Old ,
+.Sy GOST-28178-89-CNT ,
+or
+.Sy None .
 .It Mac= Ns Aq Ar message authentication code
 Message digest:
-.Em MD5 ,
+.Sy MD5 ,
-.Em SHA1 .
+.Sy SHA1 ,
-.It Aq Ar export flag
+.Sy SHA256 ,
-If the cipher is flagged exportable with respect to old US crypto
+.Sy SHA384 ,
-regulations, the word
+.Sy AEAD ,
-.Dq export
+.Sy GOST94 ,
-is printed.
+.Sy GOST89IMIT ,
+.Sy STREEBOG256 ,
+.Sy STREEBOG512 .
 .El
-.Sh RETURN VALUES
-See
-.Sx DESCRIPTION
 .Sh EXAMPLES
-Some examples for the output of
+An example for the output of
 .Fn SSL_CIPHER_description :
-.D1 "EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1"
+.Bd -literal
-.D1 "EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1"
+ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
-.D1 "RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5"
+.Ed
-.D1 "EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export"
 .Pp
 A complete list can be retrieved by invoking the following command:
 .Pp
author	schwarze <>	2016-11-29 19:18:52 +0000
committer	schwarze <>	2016-11-29 19:18:52 +0000
commit	c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15 (patch)
tree	cc9f9e3cc003c5ad16512d5d267f4162b98f4570 /src
parent	d36c53cde950d0fc4e1cc504b716d94a668c3b48 (diff)
download	openbsd-c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15.tar.gz openbsd-c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15.tar.bz2 openbsd-c4fa6d490ce80434c79ecae4e6a6d1c6e83c0b15.zip

diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3 index c4661c8faf..1cd980af78 100644 --- a/src/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/src/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -1,7 +1,55 @@
		1	.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2016/11/29 19:18:52 schwarze Exp $
		2	.\" OpenSSL 45f55f6a Nov 30 15:35:22 2014 +0100
1	.\"	3	.\"
2	.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
		5	.\" Copyright (c) 2000, 2001, 2005, 2009, 2013, 2014 The OpenSSL Project.
		6	.\" All rights reserved.
3	.\"	7	.\"
4	.Dd $Mdocdate: November 5 2016 $	8	.\" Redistribution and use in source and binary forms, with or without
		9	.\" modification, are permitted provided that the following conditions
		10	.\" are met:
		11	.\"
		12	.\" 1. Redistributions of source code must retain the above copyright
		13	.\" notice, this list of conditions and the following disclaimer.
		14	.\"
		15	.\" 2. Redistributions in binary form must reproduce the above copyright
		16	.\" notice, this list of conditions and the following disclaimer in
		17	.\" the documentation and/or other materials provided with the
		18	.\" distribution.
		19	.\"
		20	.\" 3. All advertising materials mentioning features or use of this
		21	.\" software must display the following acknowledgment:
		22	.\" "This product includes software developed by the OpenSSL Project
		23	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		24	.\"
		25	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		26	.\" endorse or promote products derived from this software without
		27	.\" prior written permission. For written permission, please contact
		28	.\" openssl-core@openssl.org.
		29	.\"
		30	.\" 5. Products derived from this software may not be called "OpenSSL"
		31	.\" nor may "OpenSSL" appear in their names without prior written
		32	.\" permission of the OpenSSL Project.
		33	.\"
		34	.\" 6. Redistributions of any form whatsoever must retain the following
		35	.\" acknowledgment:
		36	.\" "This product includes software developed by the OpenSSL Project
		37	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		38	.\"
		39	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		40	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		41	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		42	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		43	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		44	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		45	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		46	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		47	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		48	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		51	.\"
		52	.Dd $Mdocdate: November 29 2016 $
5	.Dt SSL_CIPHER_GET_NAME 3	53	.Dt SSL_CIPHER_GET_NAME 3
6	.Os	54	.Os
7	.Sh NAME	55	.Sh NAME
@@ -25,11 +73,11 @@
25	returns a pointer to the name of	73	returns a pointer to the name of
26	.Fa cipher .	74	.Fa cipher .
27	If the	75	If the
28	argument is the	76	.Fa cipher
29	.Dv NULL	77	is
30	pointer, a pointer to the constant value	78	.Dv NULL ,
31	.Qq NONE	79	it returns
32	is returned.	80	.Qq (NONE) .
33	.Pp	81	.Pp
34	.Fn SSL_CIPHER_get_bits	82	.Fn SSL_CIPHER_get_bits
35	returns the number of secret bits used for	83	returns the number of secret bits used for
@@ -50,8 +98,6 @@ is
50	returns a string which indicates the SSL/TLS protocol version that first	98	returns a string which indicates the SSL/TLS protocol version that first
51	defined the cipher.	99	defined the cipher.
52	This is currently	100	This is currently
53	.Qq SSLv2
54	or
55	.Qq TLSv1/SSLv3 .	101	.Qq TLSv1/SSLv3 .
56	In some cases it should possibly return	102	In some cases it should possibly return
57	.Qq TLSv1.2	103	.Qq TLSv1.2
@@ -89,87 +135,73 @@ is
89	and the allocation fails, a pointer to the string	135	and the allocation fails, a pointer to the string
90	.Qq Buffer too small	136	.Qq Buffer too small
91	is returned.	137	is returned.
92	.Sh NOTES
93	The number of bits processed can be different from the secret bits.
94	For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
95	The algorithm does use the full 128 bits (which would be returned for
96	.Fa alg_bits ) ,
97	but 88 bits are fixed.
98	The search space is hence only 40 bits.
99	.Pp	138	.Pp
100	The string returned by	139	The string returned by
101	.Fn SSL_CIPHER_description	140	.Fn SSL_CIPHER_description
102	in case of success consists	141	consists of several fields separated by whitespace:
103	of cleartext information separated by one or more blanks in the following
104	sequence:
105	.Bl -tag -width Ds	142	.Bl -tag -width Ds
106	.It Aq Ar ciphername	143	.It Aq Ar ciphername
107	Textual representation of the cipher name.	144	Textual representation of the cipher name.
108	.It Aq Ar protocol version	145	.It Aq Ar protocol version
109	Protocol version:	146	Protocol version:
110	.Em SSLv2 ,	147	.Sy SSLv3
111	.Em SSLv3 ,	148	or
112	.Em TLSv1.2 .	149	.Sy TLSv1.2 .
113	The TLSv1.0 ciphers are flagged with SSLv3.	150	The TLSv1.0 ciphers are flagged with SSLv3.
114	No new ciphers were added by TLSv1.1.	151	No new ciphers were added by TLSv1.1.
115	.It Kx= Ns Aq Ar key exchange	152	.It Kx= Ns Aq Ar key exchange
116	Key exchange method:	153	Key exchange method:
117	.Em RSA	154	.Sy DH ,
118	(for export ciphers as	155	.Sy ECDH ,
119	.Em RSA(512)	156	.Sy GOST ,
120	or
121	.Em RSA(1024) ) ,
122	.Em DH
123	(for export ciphers as
124	.Em DH(512)
125	or	157	or
126	.Em DH(1024) ) ,	158	.Sy RSA .
127	.Em DH/RSA ,
128	.Em DH/DSS ,
129	.Em Fortezza .
130	.It Au= Ns Aq Ar authentication	159	.It Au= Ns Aq Ar authentication
131	Authentication method:	160	Authentication method:
132	.Em RSA ,	161	.Sy DSS ,
133	.Em DSS ,	162	.Sy ECDSA ,
134	.Em DH ,	163	.Sy GOST01 ,
135	.Em None .	164	.Sy RSA ,
136	.Em None	165	or
		166	.Sy None .
		167	.Sy None
137	is the representation of anonymous ciphers.	168	is the representation of anonymous ciphers.
138	.It Enc= Ns Aq Ar symmetric encryption method	169	.It Enc= Ns Aq Ar symmetric encryption method
139	Encryption method with number of secret bits:	170	Encryption method with number of secret bits:
140	.Em DES(40) ,	171	.Sy DES(56) ,
141	.Em DES(56) ,	172	.Sy 3DES(168) ,
142	.Em 3DES(168) ,	173	.Sy RC4(64) ,
143	.Em RC4(40) ,	174	.Sy RC4(128) ,
144	.Em RC4(56) ,	175	.Sy IDEA(128) ,
145	.Em RC4(64) ,	176	.Sy AES(128) ,
146	.Em RC4(128) ,	177	.Sy AES(256) ,
147	.Em RC2(40) ,	178	.Sy AESCGM(128) ,
148	.Em RC2(56) ,	179	.Sy AESCGM(256) ,
149	.Em RC2(128) ,	180	.Sy Camellia(128) ,
150	.Em IDEA(128) ,	181	.Sy Camellia(256) ,
151	.Em Fortezza ,	182	.Sy ChaCha20-Poly1305 ,
152	.Em None .	183	.Sy ChaCha20-Poly1305-Old ,
		184	.Sy GOST-28178-89-CNT ,
		185	or
		186	.Sy None .
153	.It Mac= Ns Aq Ar message authentication code	187	.It Mac= Ns Aq Ar message authentication code
154	Message digest:	188	Message digest:
155	.Em MD5 ,	189	.Sy MD5 ,
156	.Em SHA1 .	190	.Sy SHA1 ,
157	.It Aq Ar export flag	191	.Sy SHA256 ,
158	If the cipher is flagged exportable with respect to old US crypto	192	.Sy SHA384 ,
159	regulations, the word	193	.Sy AEAD ,
160	.Dq export	194	.Sy GOST94 ,
161	is printed.	195	.Sy GOST89IMIT ,
		196	.Sy STREEBOG256 ,
		197	.Sy STREEBOG512 .
162	.El	198	.El
163	.Sh RETURN VALUES
164	See
165	.Sx DESCRIPTION
166	.Sh EXAMPLES	199	.Sh EXAMPLES
167	Some examples for the output of	200	An example for the output of
168	.Fn SSL_CIPHER_description :	201	.Fn SSL_CIPHER_description :
169	.D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1"	202	.Bd -literal
170	.D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1"	203	ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
171	.D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5"	204	.Ed
172	.D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export"
173	.Pp	205	.Pp
174	A complete list can be retrieved by invoking the following command:	206	A complete list can be retrieved by invoking the following command:
175	.Pp	207	.Pp