1 files changed, 0 insertions, 307 deletions
diff --git a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 b/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3
deleted file mode 100644
index 5c4def1740..0000000000
--- a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3
+++ /dev/null
@@ -1,307 +0,0 @@
-.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.9 2019/06/06 01:06:58 schwarze Exp $
-.\"
-.\" Copyright (c) 2014, Google Inc.
-.\" Parts of the text were written by Adam Langley and David Benjamin.
-.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 6 2019 $
-.Dt EVP_AEAD_CTX_INIT 3
-.Os
-.Sh NAME
-.Nm EVP_AEAD_CTX_init ,
-.Nm EVP_AEAD_CTX_cleanup ,
-.Nm EVP_AEAD_CTX_open ,
-.Nm EVP_AEAD_CTX_seal ,
-.Nm EVP_AEAD_key_length ,
-.Nm EVP_AEAD_max_overhead ,
-.Nm EVP_AEAD_max_tag_len ,
-.Nm EVP_AEAD_nonce_length ,
-.Nm EVP_aead_aes_128_gcm ,
-.Nm EVP_aead_aes_256_gcm ,
-.Nm EVP_aead_chacha20_poly1305 ,
-.Nm EVP_aead_xchacha20_poly1305
-.Nd authenticated encryption with additional data
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft int
-.Fo EVP_AEAD_CTX_init
-.Fa "EVP_AEAD_CTX *ctx"
-.Fa "const EVP_AEAD *aead"
-.Fa "const unsigned char *key"
-.Fa "size_t key_len"
-.Fa "size_t tag_len"
-.Fa "ENGINE *impl"
-.Fc
-.Ft void
-.Fo EVP_AEAD_CTX_cleanup
-.Fa "EVP_AEAD_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_AEAD_CTX_open
-.Fa "const EVP_AEAD_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "size_t *out_len"
-.Fa "size_t max_out_len"
-.Fa "const unsigned char *nonce"
-.Fa "size_t nonce_len"
-.Fa "const unsigned char *in"
-.Fa "size_t in_len"
-.Fa "const unsigned char *ad"
-.Fa "size_t ad_len"
-.Fc
-.Ft int
-.Fo EVP_AEAD_CTX_seal
-.Fa "const EVP_AEAD_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "size_t *out_len"
-.Fa "size_t max_out_len"
-.Fa "const unsigned char *nonce"
-.Fa "size_t nonce_len"
-.Fa "const unsigned char *in"
-.Fa "size_t in_len"
-.Fa "const unsigned char *ad"
-.Fa "size_t ad_len"
-.Fc
-.Ft size_t
-.Fo EVP_AEAD_key_length
-.Fa "const EVP_AEAD *aead"
-.Fc
-.Ft size_t
-.Fo EVP_AEAD_max_overhead
-.Fa "const EVP_AEAD *aead"
-.Fc
-.Ft size_t
-.Fo EVP_AEAD_max_tag_len
-.Fa "const EVP_AEAD *aead"
-.Fc
-.Ft size_t
-.Fo EVP_AEAD_nonce_length
-.Fa "const EVP_AEAD *aead"
-.Fc
-.Ft const EVP_AEAD *
-.Fo EVP_aead_aes_128_gcm
-.Fa void
-.Fc
-.Ft const EVP_AEAD *
-.Fo EVP_aead_aes_256_gcm
-.Fa void
-.Fc
-.Ft const EVP_AEAD *
-.Fo EVP_aead_chacha20_poly1305
-.Fa void
-.Fc
-.Ft const EVP_AEAD *
-.Fo EVP_aead_xchacha20_poly1305
-.Fa void
-.Fc
-.Sh DESCRIPTION
-AEAD (Authenticated Encryption with Additional Data) couples
-confidentiality and integrity in a single primitive.
-AEAD algorithms take a key and can then seal and open individual
-messages.
-Each message has a unique, per-message nonce and, optionally, additional
-data which is authenticated but not included in the output.
-.Pp
-.Fn EVP_AEAD_CTX_init
-initializes the context
-.Fa ctx
-for the given AEAD algorithm
-.Fa aead .
-The
-.Fa impl
-argument must be
-.Dv NULL
-for the default implementation;
-other values are currently not supported.
-Authentication tags may be truncated by passing a tag length.
-A tag length of zero indicates the default tag length should be used.
-.Pp
-.Fn EVP_AEAD_CTX_cleanup
-frees any data allocated for the context
-.Fa ctx .
-.Pp
-.Fn EVP_AEAD_CTX_open
-authenticates the input
-.Fa in
-and optional additional data
-.Fa ad ,
-decrypting the input and writing it as output
-.Fa out .
-This function may be called (with the same
-.Vt EVP_AEAD_CTX )
-concurrently with itself or with
-.Fn EVP_AEAD_CTX_seal .
-At most the number of input bytes are written as output.
-In order to ensure success,
-.Fa max_out_len
-should be at least the same as the input length
-.Fa in_len .
-On successful return
-.Fa out_len
-is set to the actual number of bytes written.
-The length of the
-.Fa nonce
-specified with
-.Fa nonce_len
-must be equal to the result of EVP_AEAD_nonce_length for this AEAD.
-.Fn EVP_AEAD_CTX_open
-never results in partial output.
-If
-.Fa max_out_len
-is insufficient, zero will be returned and
-.Fa out_len
-will be set to zero.
-If the input and output are aliased then
-.Fa out
-must be <=
-.Fa in .
-.Pp
-.Fn EVP_AEAD_CTX_seal
-encrypts and authenticates the input and authenticates any additional
-data provided in
-.Fa ad ,
-the encrypted input and authentication tag being written as output
-.Fa out .
-This function may be called (with the same
-.Vt EVP_AEAD_CTX )
-concurrently with itself or with
-.Fn EVP_AEAD_CTX_open .
-At most
-.Fa max_out_len
-bytes are written as output and, in order to ensure success, this value
-should be the
-.Fa in_len
-plus the result of
-.Fn EVP_AEAD_max_overhead .
-On successful return,
-.Fa out_len
-is set to the actual number of bytes written.
-The length of the
-.Fa nonce
-specified with
-.Fa nonce_len
-must be equal to the result of
-.Fn EVP_AEAD_nonce_length
-for this AEAD.
-.Fn EVP_AEAD_CTX_seal
-never results in a partial output.
-If
-.Fa max_out_len
-is insufficient, zero will be returned and
-.Fa out_len
-will be set to zero.
-If the input and output are aliased then
-.Fa out
-must be <=
-.Fa in .
-.Pp
-.Fn EVP_AEAD_key_length ,
-.Fn EVP_AEAD_max_overhead ,
-.Fn EVP_AEAD_max_tag_len ,
-and
-.Fn EVP_AEAD_nonce_length
-provide information about the AEAD algorithm
-.Fa aead .
-.Pp
-All cipher algorithms have a fixed key length unless otherwise stated.
-The following ciphers are available:
-.Bl -tag -width Ds -offset indent
-.It Fn EVP_aead_aes_128_gcm
-AES-128 in Galois Counter Mode.
-.It Fn EVP_aead_aes_256_gcm
-AES-256 in Galois Counter Mode.
-.It Fn EVP_aead_chacha20_poly1305
-ChaCha20 with a Poly1305 authenticator.
-.It Fn EVP_aead_xchacha20_poly1305
-XChaCha20 with a Poly1305 authenticator.
-.El
-.Pp
-Where possible the
-.Sy EVP_AEAD
-interface to AEAD ciphers should be used in preference to the older
-.Sy EVP
-variants or to the low level interfaces.
-This is because the code then becomes transparent to the AEAD cipher
-used and much more flexible.
-It is also safer to use as it prevents common mistakes with the native APIs.
-.Sh RETURN VALUES
-.Fn EVP_AEAD_CTX_init ,
-.Fn EVP_AEAD_CTX_open ,
-and
-.Fn EVP_AEAD_CTX_seal
-return 1 for success or zero for failure.
-.Pp
-.Fn EVP_AEAD_key_length
-returns the length of the key used for this AEAD.
-.Pp
-.Fn EVP_AEAD_max_overhead
-returns the maximum number of additional bytes added by the act of
-sealing data with the AEAD.
-.Pp
-.Fn EVP_AEAD_max_tag_len
-returns the maximum tag length when using this AEAD.
-This is the largest value that can be passed as a tag length to
-.Fn EVP_AEAD_CTX_init .
-.Pp
-.Fn EVP_AEAD_nonce_length
-returns the length of the per-message nonce.
-.Sh EXAMPLES
-Encrypt a string using ChaCha20-Poly1305:
-.Bd -literal -offset indent
-const EVP_AEAD *aead = EVP_aead_chacha20_poly1305();
-static const unsigned char nonce[32] = {0};
-size_t buf_len, nonce_len;
-EVP_AEAD_CTX ctx;
-EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead),
-    EVP_AEAD_DEFAULT_TAG_LENGTH, NULL);
-nonce_len = EVP_AEAD_nonce_length(aead);
-EVP_AEAD_CTX_seal(&ctx, out, &out_len, BUFSIZE, nonce,
-    nonce_len, in, in_len, NULL, 0);
-EVP_AEAD_CTX_cleanup(&ctx);
-.Ed
-.Sh SEE ALSO
-.Xr evp 3 ,
-.Xr EVP_EncryptInit 3
-.Sh STANDARDS
-.Rs
-.%A A. Langley
-.%A W. Chang
-.%D November 2013
-.%R draft-agl-tls-chacha20poly1305-04
-.%T ChaCha20 and Poly1305 based Cipher Suites for TLS
-.Re
-.Pp
-.Rs
-.%A Y. Nir
-.%A A. Langley
-.%D May 2015
-.%R RFC 7539
-.%T ChaCha20 and Poly1305 for IETF Protocols
-.Re
-.Pp
-.Rs
-.%A S. Arciszewski
-.%D October 2018
-.%R draft-arciszewski-xchacha-02
-.%T XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
-.Re
-.Sh HISTORY
-AEAD is based on the implementation by
-.An Adam Langley
-for Chromium/BoringSSL and first appeared in
-.Ox 5.6 .

diff --git a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 b/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 deleted file mode 100644 index 5c4def1740..0000000000 --- a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 +++ /dev/null
@@ -1,307 +0,0 @@
1	.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.9 2019/06/06 01:06:58 schwarze Exp $
2	.\"
3	.\" Copyright (c) 2014, Google Inc.
4	.\" Parts of the text were written by Adam Langley and David Benjamin.
5	.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
6	.\"
7	.\" Permission to use, copy, modify, and/or distribute this software for any
8	.\" purpose with or without fee is hereby granted, provided that the above
9	.\" copyright notice and this permission notice appear in all copies.
10	.\"
11	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18	.\"
19	.Dd $Mdocdate: June 6 2019 $
20	.Dt EVP_AEAD_CTX_INIT 3
21	.Os
22	.Sh NAME
23	.Nm EVP_AEAD_CTX_init ,
24	.Nm EVP_AEAD_CTX_cleanup ,
25	.Nm EVP_AEAD_CTX_open ,
26	.Nm EVP_AEAD_CTX_seal ,
27	.Nm EVP_AEAD_key_length ,
28	.Nm EVP_AEAD_max_overhead ,
29	.Nm EVP_AEAD_max_tag_len ,
30	.Nm EVP_AEAD_nonce_length ,
31	.Nm EVP_aead_aes_128_gcm ,
32	.Nm EVP_aead_aes_256_gcm ,
33	.Nm EVP_aead_chacha20_poly1305 ,
34	.Nm EVP_aead_xchacha20_poly1305
35	.Nd authenticated encryption with additional data
36	.Sh SYNOPSIS
37	.In openssl/evp.h
38	.Ft int
39	.Fo EVP_AEAD_CTX_init
40	.Fa "EVP_AEAD_CTX *ctx"
41	.Fa "const EVP_AEAD *aead"
42	.Fa "const unsigned char *key"
43	.Fa "size_t key_len"
44	.Fa "size_t tag_len"
45	.Fa "ENGINE *impl"
46	.Fc
47	.Ft void
48	.Fo EVP_AEAD_CTX_cleanup
49	.Fa "EVP_AEAD_CTX *ctx"
50	.Fc
51	.Ft int
52	.Fo EVP_AEAD_CTX_open
53	.Fa "const EVP_AEAD_CTX *ctx"
54	.Fa "unsigned char *out"
55	.Fa "size_t *out_len"
56	.Fa "size_t max_out_len"
57	.Fa "const unsigned char *nonce"
58	.Fa "size_t nonce_len"
59	.Fa "const unsigned char *in"
60	.Fa "size_t in_len"
61	.Fa "const unsigned char *ad"
62	.Fa "size_t ad_len"
63	.Fc
64	.Ft int
65	.Fo EVP_AEAD_CTX_seal
66	.Fa "const EVP_AEAD_CTX *ctx"
67	.Fa "unsigned char *out"
68	.Fa "size_t *out_len"
69	.Fa "size_t max_out_len"
70	.Fa "const unsigned char *nonce"
71	.Fa "size_t nonce_len"
72	.Fa "const unsigned char *in"
73	.Fa "size_t in_len"
74	.Fa "const unsigned char *ad"
75	.Fa "size_t ad_len"
76	.Fc
77	.Ft size_t
78	.Fo EVP_AEAD_key_length
79	.Fa "const EVP_AEAD *aead"
80	.Fc
81	.Ft size_t
82	.Fo EVP_AEAD_max_overhead
83	.Fa "const EVP_AEAD *aead"
84	.Fc
85	.Ft size_t
86	.Fo EVP_AEAD_max_tag_len
87	.Fa "const EVP_AEAD *aead"
88	.Fc
89	.Ft size_t
90	.Fo EVP_AEAD_nonce_length
91	.Fa "const EVP_AEAD *aead"
92	.Fc
93	.Ft const EVP_AEAD *
94	.Fo EVP_aead_aes_128_gcm
95	.Fa void
96	.Fc
97	.Ft const EVP_AEAD *
98	.Fo EVP_aead_aes_256_gcm
99	.Fa void
100	.Fc
101	.Ft const EVP_AEAD *
102	.Fo EVP_aead_chacha20_poly1305
103	.Fa void
104	.Fc
105	.Ft const EVP_AEAD *
106	.Fo EVP_aead_xchacha20_poly1305
107	.Fa void
108	.Fc
109	.Sh DESCRIPTION
110	AEAD (Authenticated Encryption with Additional Data) couples
111	confidentiality and integrity in a single primitive.
112	AEAD algorithms take a key and can then seal and open individual
113	messages.
114	Each message has a unique, per-message nonce and, optionally, additional
115	data which is authenticated but not included in the output.
116	.Pp
117	.Fn EVP_AEAD_CTX_init
118	initializes the context
119	.Fa ctx
120	for the given AEAD algorithm
121	.Fa aead .
122	The
123	.Fa impl
124	argument must be
125	.Dv NULL
126	for the default implementation;
127	other values are currently not supported.
128	Authentication tags may be truncated by passing a tag length.
129	A tag length of zero indicates the default tag length should be used.
130	.Pp
131	.Fn EVP_AEAD_CTX_cleanup
132	frees any data allocated for the context
133	.Fa ctx .
134	.Pp
135	.Fn EVP_AEAD_CTX_open
136	authenticates the input
137	.Fa in
138	and optional additional data
139	.Fa ad ,
140	decrypting the input and writing it as output
141	.Fa out .
142	This function may be called (with the same
143	.Vt EVP_AEAD_CTX )
144	concurrently with itself or with
145	.Fn EVP_AEAD_CTX_seal .
146	At most the number of input bytes are written as output.
147	In order to ensure success,
148	.Fa max_out_len
149	should be at least the same as the input length
150	.Fa in_len .
151	On successful return
152	.Fa out_len
153	is set to the actual number of bytes written.
154	The length of the
155	.Fa nonce
156	specified with
157	.Fa nonce_len
158	must be equal to the result of EVP_AEAD_nonce_length for this AEAD.
159	.Fn EVP_AEAD_CTX_open
160	never results in partial output.
161	If
162	.Fa max_out_len
163	is insufficient, zero will be returned and
164	.Fa out_len
165	will be set to zero.
166	If the input and output are aliased then
167	.Fa out
168	must be <=
169	.Fa in .
170	.Pp
171	.Fn EVP_AEAD_CTX_seal
172	encrypts and authenticates the input and authenticates any additional
173	data provided in
174	.Fa ad ,
175	the encrypted input and authentication tag being written as output
176	.Fa out .
177	This function may be called (with the same
178	.Vt EVP_AEAD_CTX )
179	concurrently with itself or with
180	.Fn EVP_AEAD_CTX_open .
181	At most
182	.Fa max_out_len
183	bytes are written as output and, in order to ensure success, this value
184	should be the
185	.Fa in_len
186	plus the result of
187	.Fn EVP_AEAD_max_overhead .
188	On successful return,
189	.Fa out_len
190	is set to the actual number of bytes written.
191	The length of the
192	.Fa nonce
193	specified with
194	.Fa nonce_len
195	must be equal to the result of
196	.Fn EVP_AEAD_nonce_length
197	for this AEAD.
198	.Fn EVP_AEAD_CTX_seal
199	never results in a partial output.
200	If
201	.Fa max_out_len
202	is insufficient, zero will be returned and
203	.Fa out_len
204	will be set to zero.
205	If the input and output are aliased then
206	.Fa out
207	must be <=
208	.Fa in .
209	.Pp
210	.Fn EVP_AEAD_key_length ,
211	.Fn EVP_AEAD_max_overhead ,
212	.Fn EVP_AEAD_max_tag_len ,
213	and
214	.Fn EVP_AEAD_nonce_length
215	provide information about the AEAD algorithm
216	.Fa aead .
217	.Pp
218	All cipher algorithms have a fixed key length unless otherwise stated.
219	The following ciphers are available:
220	.Bl -tag -width Ds -offset indent
221	.It Fn EVP_aead_aes_128_gcm
222	AES-128 in Galois Counter Mode.
223	.It Fn EVP_aead_aes_256_gcm
224	AES-256 in Galois Counter Mode.
225	.It Fn EVP_aead_chacha20_poly1305
226	ChaCha20 with a Poly1305 authenticator.
227	.It Fn EVP_aead_xchacha20_poly1305
228	XChaCha20 with a Poly1305 authenticator.
229	.El
230	.Pp
231	Where possible the
232	.Sy EVP_AEAD
233	interface to AEAD ciphers should be used in preference to the older
234	.Sy EVP
235	variants or to the low level interfaces.
236	This is because the code then becomes transparent to the AEAD cipher
237	used and much more flexible.
238	It is also safer to use as it prevents common mistakes with the native APIs.
239	.Sh RETURN VALUES
240	.Fn EVP_AEAD_CTX_init ,
241	.Fn EVP_AEAD_CTX_open ,
242	and
243	.Fn EVP_AEAD_CTX_seal
244	return 1 for success or zero for failure.
245	.Pp
246	.Fn EVP_AEAD_key_length
247	returns the length of the key used for this AEAD.
248	.Pp
249	.Fn EVP_AEAD_max_overhead
250	returns the maximum number of additional bytes added by the act of
251	sealing data with the AEAD.
252	.Pp
253	.Fn EVP_AEAD_max_tag_len
254	returns the maximum tag length when using this AEAD.
255	This is the largest value that can be passed as a tag length to
256	.Fn EVP_AEAD_CTX_init .
257	.Pp
258	.Fn EVP_AEAD_nonce_length
259	returns the length of the per-message nonce.
260	.Sh EXAMPLES
261	Encrypt a string using ChaCha20-Poly1305:
262	.Bd -literal -offset indent
263	const EVP_AEAD *aead = EVP_aead_chacha20_poly1305();
264	static const unsigned char nonce[32] = {0};
265	size_t buf_len, nonce_len;
266	EVP_AEAD_CTX ctx;
267
268	EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead),
269	EVP_AEAD_DEFAULT_TAG_LENGTH, NULL);
270	nonce_len = EVP_AEAD_nonce_length(aead);
271
272	EVP_AEAD_CTX_seal(&ctx, out, &out_len, BUFSIZE, nonce,
273	nonce_len, in, in_len, NULL, 0);
274
275	EVP_AEAD_CTX_cleanup(&ctx);
276	.Ed
277	.Sh SEE ALSO
278	.Xr evp 3 ,
279	.Xr EVP_EncryptInit 3
280	.Sh STANDARDS
281	.Rs
282	.%A A. Langley
283	.%A W. Chang
284	.%D November 2013
285	.%R draft-agl-tls-chacha20poly1305-04
286	.%T ChaCha20 and Poly1305 based Cipher Suites for TLS
287	.Re
288	.Pp
289	.Rs
290	.%A Y. Nir
291	.%A A. Langley
292	.%D May 2015
293	.%R RFC 7539
294	.%T ChaCha20 and Poly1305 for IETF Protocols
295	.Re
296	.Pp
297	.Rs
298	.%A S. Arciszewski
299	.%D October 2018
300	.%R draft-arciszewski-xchacha-02
301	.%T XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
302	.Re
303	.Sh HISTORY
304	AEAD is based on the implementation by
305	.An Adam Langley
306	for Chromium/BoringSSL and first appeared in
307	.Ox 5.6 .