1 files changed, 0 insertions, 273 deletions
diff --git a/src/lib/libcrypto/man/CMAC_Init.3 b/src/lib/libcrypto/man/CMAC_Init.3
deleted file mode 100644
index fd32ca085a..0000000000
--- a/src/lib/libcrypto/man/CMAC_Init.3
+++ /dev/null
@@ -1,273 +0,0 @@
-.\" $OpenBSD: CMAC_Init.3,v 1.9 2024/11/12 00:42:28 schwarze Exp $
-.\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 12 2024 $
-.Dt CMAC_INIT 3
-.Os
-.Sh NAME
-.Nm CMAC_CTX_new ,
-.Nm CMAC_Init ,
-.Nm CMAC_Update ,
-.Nm CMAC_Final ,
-.Nm CMAC_CTX_copy ,
-.Nm CMAC_CTX_get0_cipher_ctx ,
-.Nm CMAC_CTX_cleanup ,
-.Nm CMAC_CTX_free
-.Nd Cipher-based message authentication code
-.Sh SYNOPSIS
-.In openssl/cmac.h
-.Ft CMAC_CTX *
-.Fn CMAC_CTX_new void
-.Ft int
-.Fo CMAC_Init
-.Fa "CMAC_CTX *ctx"
-.Fa "const void *key"
-.Fa "size_t key_len"
-.Fa "const EVP_CIPHER *cipher"
-.Fa "ENGINE *engine"
-.Fc
-.Ft int
-.Fo CMAC_Update
-.Fa "CMAC_CTX *ctx"
-.Fa "const void *in_data"
-.Fa "size_t in_len"
-.Fc
-.Ft int
-.Fo CMAC_Final
-.Fa "CMAC_CTX *ctx"
-.Fa "unsigned char *out_mac"
-.Fa "size_t *out_len"
-.Fc
-.Ft int
-.Fo CMAC_CTX_copy
-.Fa "CMAC_CTX *out_ctx"
-.Fa "CMAC_CTX *in_ctx"
-.Fc
-.Ft EVP_CIPHER_CTX *
-.Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx"
-.Ft void
-.Fn CMAC_CTX_cleanup "CMAC_CTX *ctx"
-.Ft void
-.Fn CMAC_CTX_free "CMAC_CTX *ctx"
-.Sh DESCRIPTION
-CMAC is a message authentication code algorithm that can employ an
-arbitrary block cipher using a symmetric key.
-.Pp
-The present manual page describes low-level functions implementing CMAC.
-Instead of using these functions directly,
-application programs normally call
-.Xr EVP_PKEY_new_CMAC_key 3
-and then pass the resulting
-.Vt EVP_PKEY
-object to
-.Xr EVP_DigestSignInit 3 .
-.Pp
-The CMAC API is object-oriented.
-Calculating a message authentication code requires a
-.Vt CMAC_CTX
-object.
-Usually, the functions
-.Fn CMAC_CTX_new ,
-.Fn CMAC_Init ,
-.Fn CMAC_Update ,
-.Fn CMAC_Final ,
-and
-.Fn CMAC_CTX_free
-need to be called in this order.
-.Pp
-.Fn CMAC_CTX_new
-allocates a new
-.Vt CMAC_CTX
-object, initializes the embedded
-.Vt EVP_CIPHER_CTX
-object, and marks the object itself as uninitialized.
-.Pp
-.Fn CMAC_Init
-selects the given block
-.Fa cipher
-for use by
-.Fa ctx .
-Functions to obtain suitable
-.Vt EVP_CIPHER
-objects are listed in the CIPHER LISTING section of the
-.Xr EVP_EncryptInit 3
-manual page.
-Unless
-.Fa key
-is
-.Dv NULL ,
-.Fn CMAC_Init
-also initializes
-.Fa ctx
-for use with the given symmetric
-.Fa key
-that is
-.Fa key_len
-bytes long.
-In particular, it calculates and internally stores the two subkeys
-and initializes
-.Fa ctx
-for subsequently feeding in data with
-.Fn CMAC_Update .
-The
-.Fa engine
-argument is ignored; passing
-.Dv NULL
-is recommended.
-.Pp
-If
-.Fa ctx
-is already initialized,
-.Fn CMAC_Init
-can be called again with
-.Fa key
-and
-.Fa cipher
-both set to
-.Dv NULL
-and
-.Fa key_len
-set to 0.
-In that case, any data already processed is discarded and
-.Fa ctx
-is re-initialized to start reading data anew.
-.Pp
-.Fn CMAC_Update
-processes
-.Fa in_len
-bytes of input data pointed to by
-.Fa in_data .
-Depending on the number of input bytes already cached in
-.Fa ctx ,
-on
-.Fa in_len ,
-and on the block size, this may encrypt zero or more blocks.
-Unless
-.Fa in_len
-is zero, this function leaves at least one byte and at most one
-block of input cached but unprocessed inside the
-.Fa ctx
-object.
-.Fn CMAC_Update
-can be called multiple times
-to concatenate several chunks of input data of varying sizes.
-.Pp
-.Fn CMAC_Final
-stores the length of the message authentication code in bytes,
-which equals the cipher block size, into
-.Pf * Fa out_len .
-Unless
-.Fa out_mac
-is
-.Dv NULL ,
-it encrypts the last block, padding it if required, and copies the
-resulting message authentication code to
-.Fa out_mac .
-The caller is responsible for providing a buffer of sufficient size.
-.Pp
-.Fn CMAC_CTX_copy
-performs a deep copy of the already initialized
-.Fa in_ctx
-into
-.Fa out_ctx .
-.Pp
-.Fn CMAC_CTX_cleanup
-zeros out both subkeys and all temporary data in
-.Fa ctx
-and in the embedded
-.Vt EVP_CIPHER_CTX
-object, frees all allocated memory associated with it,
-except for
-.Fa ctx
-itself, and marks it as uninitialized,
-such that it can be reused for subsequent
-.Fn CMAC_Init .
-.Pp
-.Fn CMAC_CTX_free
-calls
-.Fn CMAC_CTX_cleanup ,
-then frees
-.Fa ctx
-itself.
-If
-.Fa ctx
-is
-.Dv NULL ,
-no action occurs.
-.Sh RETURN VALUES
-.Fn CMAC_CTX_new
-returns the new context object or
-.Dv NULL
-in case of failure.
-It succeeds unless memory is exhausted.
-.Pp
-.Fn CMAC_Init ,
-.Fn CMAC_Update ,
-.Fn CMAC_Final ,
-and
-.Fn CMAC_CTX_copy
-return 1 on success or 0 on failure.
-.Fn CMAC_Init
-fails if initializing the embedded
-.Vt EVP_CIPHER_CTX
-object fails.
-The others fail if
-.Fa in_ctx
-is uninitialized.
-.Fn CMAC_Update
-and
-.Fn CMAC_Final
-also fail if encrypting a block fails, and
-.Fn CMAC_CTX_copy
-if copying the embedded
-.Vt EVP_CIPHER_CTX
-object fails, which can for example happen when memory is exhausted.
-.Pp
-.Fn CMAC_CTX_get0_cipher_ctx
-returns an internal pointer to the
-.Vt EVP_CIPHER_CTX
-object that is embedded in
-.Fa ctx .
-.Sh ERRORS
-The CMAC code itself does not use the
-.In openssl/err.h
-framework, so in general, the reasons for failure cannot be found out with
-.Xr ERR_get_error 3 .
-However, since the
-.Xr EVP_EncryptInit 3
-functions are used internally, entries may still get pushed onto
-the error stack in some cases of failure.
-.Sh SEE ALSO
-.Xr EVP_aes_128_cbc 3 ,
-.Xr EVP_DigestSignInit 3 ,
-.Xr EVP_EncryptInit 3 ,
-.Xr EVP_PKEY_new_CMAC_key 3 ,
-.Xr HMAC 3
-.Sh STANDARDS
-.Rs
-.%A Morris Dworkin
-.%T "Recommendation for Block Cipher Modes of Operation:\
- The CMAC Mode for Authentication"
-.%I National Institute of Standards and Technology
-.%R NIST Special Publication 800-38B
-.%U https://doi.org/10.6028/NIST.SP.800-38B
-.%C Gaithersburg, Maryland
-.%D May 2005, updated October 6, 2016
-.Re
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.0.1
-and have been available since
-.Ox 5.3 .

diff --git a/src/lib/libcrypto/man/CMAC_Init.3 b/src/lib/libcrypto/man/CMAC_Init.3 deleted file mode 100644 index fd32ca085a..0000000000 --- a/src/lib/libcrypto/man/CMAC_Init.3 +++ /dev/null
@@ -1,273 +0,0 @@
1	.\" $OpenBSD: CMAC_Init.3,v 1.9 2024/11/12 00:42:28 schwarze Exp $
2	.\"
3	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: November 12 2024 $
18	.Dt CMAC_INIT 3
19	.Os
20	.Sh NAME
21	.Nm CMAC_CTX_new ,
22	.Nm CMAC_Init ,
23	.Nm CMAC_Update ,
24	.Nm CMAC_Final ,
25	.Nm CMAC_CTX_copy ,
26	.Nm CMAC_CTX_get0_cipher_ctx ,
27	.Nm CMAC_CTX_cleanup ,
28	.Nm CMAC_CTX_free
29	.Nd Cipher-based message authentication code
30	.Sh SYNOPSIS
31	.In openssl/cmac.h
32	.Ft CMAC_CTX *
33	.Fn CMAC_CTX_new void
34	.Ft int
35	.Fo CMAC_Init
36	.Fa "CMAC_CTX *ctx"
37	.Fa "const void *key"
38	.Fa "size_t key_len"
39	.Fa "const EVP_CIPHER *cipher"
40	.Fa "ENGINE *engine"
41	.Fc
42	.Ft int
43	.Fo CMAC_Update
44	.Fa "CMAC_CTX *ctx"
45	.Fa "const void *in_data"
46	.Fa "size_t in_len"
47	.Fc
48	.Ft int
49	.Fo CMAC_Final
50	.Fa "CMAC_CTX *ctx"
51	.Fa "unsigned char *out_mac"
52	.Fa "size_t *out_len"
53	.Fc
54	.Ft int
55	.Fo CMAC_CTX_copy
56	.Fa "CMAC_CTX *out_ctx"
57	.Fa "CMAC_CTX *in_ctx"
58	.Fc
59	.Ft EVP_CIPHER_CTX *
60	.Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx"
61	.Ft void
62	.Fn CMAC_CTX_cleanup "CMAC_CTX *ctx"
63	.Ft void
64	.Fn CMAC_CTX_free "CMAC_CTX *ctx"
65	.Sh DESCRIPTION
66	CMAC is a message authentication code algorithm that can employ an
67	arbitrary block cipher using a symmetric key.
68	.Pp
69	The present manual page describes low-level functions implementing CMAC.
70	Instead of using these functions directly,
71	application programs normally call
72	.Xr EVP_PKEY_new_CMAC_key 3
73	and then pass the resulting
74	.Vt EVP_PKEY
75	object to
76	.Xr EVP_DigestSignInit 3 .
77	.Pp
78	The CMAC API is object-oriented.
79	Calculating a message authentication code requires a
80	.Vt CMAC_CTX
81	object.
82	Usually, the functions
83	.Fn CMAC_CTX_new ,
84	.Fn CMAC_Init ,
85	.Fn CMAC_Update ,
86	.Fn CMAC_Final ,
87	and
88	.Fn CMAC_CTX_free
89	need to be called in this order.
90	.Pp
91	.Fn CMAC_CTX_new
92	allocates a new
93	.Vt CMAC_CTX
94	object, initializes the embedded
95	.Vt EVP_CIPHER_CTX
96	object, and marks the object itself as uninitialized.
97	.Pp
98	.Fn CMAC_Init
99	selects the given block
100	.Fa cipher
101	for use by
102	.Fa ctx .
103	Functions to obtain suitable
104	.Vt EVP_CIPHER
105	objects are listed in the CIPHER LISTING section of the
106	.Xr EVP_EncryptInit 3
107	manual page.
108	Unless
109	.Fa key
110	is
111	.Dv NULL ,
112	.Fn CMAC_Init
113	also initializes
114	.Fa ctx
115	for use with the given symmetric
116	.Fa key
117	that is
118	.Fa key_len
119	bytes long.
120	In particular, it calculates and internally stores the two subkeys
121	and initializes
122	.Fa ctx
123	for subsequently feeding in data with
124	.Fn CMAC_Update .
125	The
126	.Fa engine
127	argument is ignored; passing
128	.Dv NULL
129	is recommended.
130	.Pp
131	If
132	.Fa ctx
133	is already initialized,
134	.Fn CMAC_Init
135	can be called again with
136	.Fa key
137	and
138	.Fa cipher
139	both set to
140	.Dv NULL
141	and
142	.Fa key_len
143	set to 0.
144	In that case, any data already processed is discarded and
145	.Fa ctx
146	is re-initialized to start reading data anew.
147	.Pp
148	.Fn CMAC_Update
149	processes
150	.Fa in_len
151	bytes of input data pointed to by
152	.Fa in_data .
153	Depending on the number of input bytes already cached in
154	.Fa ctx ,
155	on
156	.Fa in_len ,
157	and on the block size, this may encrypt zero or more blocks.
158	Unless
159	.Fa in_len
160	is zero, this function leaves at least one byte and at most one
161	block of input cached but unprocessed inside the
162	.Fa ctx
163	object.
164	.Fn CMAC_Update
165	can be called multiple times
166	to concatenate several chunks of input data of varying sizes.
167	.Pp
168	.Fn CMAC_Final
169	stores the length of the message authentication code in bytes,
170	which equals the cipher block size, into
171	.Pf * Fa out_len .
172	Unless
173	.Fa out_mac
174	is
175	.Dv NULL ,
176	it encrypts the last block, padding it if required, and copies the
177	resulting message authentication code to
178	.Fa out_mac .
179	The caller is responsible for providing a buffer of sufficient size.
180	.Pp
181	.Fn CMAC_CTX_copy
182	performs a deep copy of the already initialized
183	.Fa in_ctx
184	into
185	.Fa out_ctx .
186	.Pp
187	.Fn CMAC_CTX_cleanup
188	zeros out both subkeys and all temporary data in
189	.Fa ctx
190	and in the embedded
191	.Vt EVP_CIPHER_CTX
192	object, frees all allocated memory associated with it,
193	except for
194	.Fa ctx
195	itself, and marks it as uninitialized,
196	such that it can be reused for subsequent
197	.Fn CMAC_Init .
198	.Pp
199	.Fn CMAC_CTX_free
200	calls
201	.Fn CMAC_CTX_cleanup ,
202	then frees
203	.Fa ctx
204	itself.
205	If
206	.Fa ctx
207	is
208	.Dv NULL ,
209	no action occurs.
210	.Sh RETURN VALUES
211	.Fn CMAC_CTX_new
212	returns the new context object or
213	.Dv NULL
214	in case of failure.
215	It succeeds unless memory is exhausted.
216	.Pp
217	.Fn CMAC_Init ,
218	.Fn CMAC_Update ,
219	.Fn CMAC_Final ,
220	and
221	.Fn CMAC_CTX_copy
222	return 1 on success or 0 on failure.
223	.Fn CMAC_Init
224	fails if initializing the embedded
225	.Vt EVP_CIPHER_CTX
226	object fails.
227	The others fail if
228	.Fa in_ctx
229	is uninitialized.
230	.Fn CMAC_Update
231	and
232	.Fn CMAC_Final
233	also fail if encrypting a block fails, and
234	.Fn CMAC_CTX_copy
235	if copying the embedded
236	.Vt EVP_CIPHER_CTX
237	object fails, which can for example happen when memory is exhausted.
238	.Pp
239	.Fn CMAC_CTX_get0_cipher_ctx
240	returns an internal pointer to the
241	.Vt EVP_CIPHER_CTX
242	object that is embedded in
243	.Fa ctx .
244	.Sh ERRORS
245	The CMAC code itself does not use the
246	.In openssl/err.h
247	framework, so in general, the reasons for failure cannot be found out with
248	.Xr ERR_get_error 3 .
249	However, since the
250	.Xr EVP_EncryptInit 3
251	functions are used internally, entries may still get pushed onto
252	the error stack in some cases of failure.
253	.Sh SEE ALSO
254	.Xr EVP_aes_128_cbc 3 ,
255	.Xr EVP_DigestSignInit 3 ,
256	.Xr EVP_EncryptInit 3 ,
257	.Xr EVP_PKEY_new_CMAC_key 3 ,
258	.Xr HMAC 3
259	.Sh STANDARDS
260	.Rs
261	.%A Morris Dworkin
262	.%T "Recommendation for Block Cipher Modes of Operation:\
263	The CMAC Mode for Authentication"
264	.%I National Institute of Standards and Technology
265	.%R NIST Special Publication 800-38B
266	.%U https://doi.org/10.6028/NIST.SP.800-38B
267	.%C Gaithersburg, Maryland
268	.%D May 2005, updated October 6, 2016
269	.Re
270	.Sh HISTORY
271	These functions first appeared in OpenSSL 1.0.1
272	and have been available since
273	.Ox 5.3 .