1 files changed, 4 insertions, 54 deletions
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 3e0cec8f9e..8f977b7a2a 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.54 2024/12/08 17:41:23 schwarze Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.55 2024/12/17 18:11:44 schwarze Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 8 2024 $
+.Dd $Mdocdate: December 17 2024 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -600,6 +600,7 @@ Some algorithms are documented in separate manual pages:
 .Bl -column "EVP_camellia_128_cbc(3)" "block size" -compact
 .It manual page               Ta block size Ta Fa key No size Pq in bits
 .It Xr EVP_aes_128_cbc 3      Ta 128        Ta 128, 192, 256
+.It Xr EVP_aes_128_gcm 3      Ta 128        Ta 128, 192, 256
 .It Xr EVP_camellia_128_cbc 3 Ta 128        Ta 128, 192, 256
 .It Xr EVP_chacha20 3         Ta stream     Ta 256
 .It Xr EVP_des_cbc 3          Ta 64         Ta 64
@@ -607,58 +608,6 @@ Some algorithms are documented in separate manual pages:
 .It Xr EVP_rc4 3              Ta stream     Ta variable, default 128
 .It Xr EVP_sm4_cbc 3          Ta 128        Ta 128
 .El
-.Ss GCM mode
-For GCM mode ciphers, the behaviour of the EVP interface
-is subtly altered and several additional ctrl operations are
-supported.
-.Pp
-To specify any additional authenticated data (AAD), a call to
-.Fn EVP_CipherUpdate ,
-.Fn EVP_EncryptUpdate ,
-or
-.Fn EVP_DecryptUpdate
-should be made with the output parameter
-.Fa out
-set to
-.Dv NULL .
-.Pp
-When decrypting, the return value of
-.Fn EVP_DecryptFinal ,
-.Fn EVP_DecryptFinal_ex ,
-.Fn EVP_CipherFinal ,
-or
-.Fn EVP_CipherFinal_ex
-indicates if the operation was successful.
-If it does not indicate success, the authentication operation has
-failed and any output data MUST NOT be used as it is corrupted.
-.Pp
-The following ctrls are supported in GCM mode:
-.Bl -tag -width Ds
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL
-Sets the IV length: this call can only be made before specifying an IV.
-If not called, a default IV length is used.
-For GCM AES the default is 12, i.e. 96 bits.
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag
-Writes
-.Fa taglen
-bytes of the tag value to the buffer indicated by
-.Fa tag .
-This call can only be made when encrypting data and after all data has
-been processed, e.g. after an
-.Fn EVP_EncryptFinal
-or
-.Fn EVP_EncryptFinal_ex
-call.
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag
-Sets the expected tag to
-.Fa taglen
-bytes from
-.Fa tag .
-This call is only legal when decrypting data and must be made before
-any data is processed, e.g. before any
-.Fa EVP_DecryptUpdate
-call.
-.El
 .Ss CCM mode
 The behaviour of CCM mode ciphers is similar to GCM mode, but with
 a few additional requirements and different ctrl values.
@@ -821,6 +770,7 @@ do_crypt(FILE *in_fileptr, FILE *out_fileptr, int do_encrypt)
 .Xr evp 3 ,
 .Xr EVP_AEAD_CTX_init 3 ,
 .Xr EVP_aes_128_cbc 3 ,
+.Xr EVP_aes_128_gcm 3 ,
 .Xr EVP_camellia_128_cbc 3 ,
 .Xr EVP_chacha20 3 ,
 .Xr EVP_CIPHER_CTX_ctrl 3 ,

diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3 index 3e0cec8f9e..8f977b7a2a 100644 --- a/src/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_EncryptInit.3,v 1.54 2024/12/08 17:41:23 schwarze Exp $	1	.\" $OpenBSD: EVP_EncryptInit.3,v 1.55 2024/12/17 18:11:44 schwarze Exp $
2	.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800	2	.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
3	.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod	3	.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
4	.\" 7c6d372a Nov 20 13:20:01 2018 +0000	4	.\" 7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
71	.\"	71	.\"
72	.Dd $Mdocdate: December 8 2024 $	72	.Dd $Mdocdate: December 17 2024 $
73	.Dt EVP_ENCRYPTINIT 3	73	.Dt EVP_ENCRYPTINIT 3
74	.Os	74	.Os
75	.Sh NAME	75	.Sh NAME
@@ -600,6 +600,7 @@ Some algorithms are documented in separate manual pages:
600	.Bl -column "EVP_camellia_128_cbc(3)" "block size" -compact	600	.Bl -column "EVP_camellia_128_cbc(3)" "block size" -compact
601	.It manual page Ta block size Ta Fa key No size Pq in bits	601	.It manual page Ta block size Ta Fa key No size Pq in bits
602	.It Xr EVP_aes_128_cbc 3 Ta 128 Ta 128, 192, 256	602	.It Xr EVP_aes_128_cbc 3 Ta 128 Ta 128, 192, 256
		603	.It Xr EVP_aes_128_gcm 3 Ta 128 Ta 128, 192, 256
603	.It Xr EVP_camellia_128_cbc 3 Ta 128 Ta 128, 192, 256	604	.It Xr EVP_camellia_128_cbc 3 Ta 128 Ta 128, 192, 256
604	.It Xr EVP_chacha20 3 Ta stream Ta 256	605	.It Xr EVP_chacha20 3 Ta stream Ta 256
605	.It Xr EVP_des_cbc 3 Ta 64 Ta 64	606	.It Xr EVP_des_cbc 3 Ta 64 Ta 64
@@ -607,58 +608,6 @@ Some algorithms are documented in separate manual pages:
607	.It Xr EVP_rc4 3 Ta stream Ta variable, default 128	608	.It Xr EVP_rc4 3 Ta stream Ta variable, default 128
608	.It Xr EVP_sm4_cbc 3 Ta 128 Ta 128	609	.It Xr EVP_sm4_cbc 3 Ta 128 Ta 128
609	.El	610	.El
610	.Ss GCM mode
611	For GCM mode ciphers, the behaviour of the EVP interface
612	is subtly altered and several additional ctrl operations are
613	supported.
614	.Pp
615	To specify any additional authenticated data (AAD), a call to
616	.Fn EVP_CipherUpdate ,
617	.Fn EVP_EncryptUpdate ,
618	or
619	.Fn EVP_DecryptUpdate
620	should be made with the output parameter
621	.Fa out
622	set to
623	.Dv NULL .
624	.Pp
625	When decrypting, the return value of
626	.Fn EVP_DecryptFinal ,
627	.Fn EVP_DecryptFinal_ex ,
628	.Fn EVP_CipherFinal ,
629	or
630	.Fn EVP_CipherFinal_ex
631	indicates if the operation was successful.
632	If it does not indicate success, the authentication operation has
633	failed and any output data MUST NOT be used as it is corrupted.
634	.Pp
635	The following ctrls are supported in GCM mode:
636	.Bl -tag -width Ds
637	.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL
638	Sets the IV length: this call can only be made before specifying an IV.
639	If not called, a default IV length is used.
640	For GCM AES the default is 12, i.e. 96 bits.
641	.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag
642	Writes
643	.Fa taglen
644	bytes of the tag value to the buffer indicated by
645	.Fa tag .
646	This call can only be made when encrypting data and after all data has
647	been processed, e.g. after an
648	.Fn EVP_EncryptFinal
649	or
650	.Fn EVP_EncryptFinal_ex
651	call.
652	.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag
653	Sets the expected tag to
654	.Fa taglen
655	bytes from
656	.Fa tag .
657	This call is only legal when decrypting data and must be made before
658	any data is processed, e.g. before any
659	.Fa EVP_DecryptUpdate
660	call.
661	.El
662	.Ss CCM mode	611	.Ss CCM mode
663	The behaviour of CCM mode ciphers is similar to GCM mode, but with	612	The behaviour of CCM mode ciphers is similar to GCM mode, but with
664	a few additional requirements and different ctrl values.	613	a few additional requirements and different ctrl values.
@@ -821,6 +770,7 @@ do_crypt(FILE in_fileptr, FILE out_fileptr, int do_encrypt)
821	.Xr evp 3 ,	770	.Xr evp 3 ,
822	.Xr EVP_AEAD_CTX_init 3 ,	771	.Xr EVP_AEAD_CTX_init 3 ,
823	.Xr EVP_aes_128_cbc 3 ,	772	.Xr EVP_aes_128_cbc 3 ,
		773	.Xr EVP_aes_128_gcm 3 ,
824	.Xr EVP_camellia_128_cbc 3 ,	774	.Xr EVP_camellia_128_cbc 3 ,
825	.Xr EVP_chacha20 3 ,	775	.Xr EVP_chacha20 3 ,
826	.Xr EVP_CIPHER_CTX_ctrl 3 ,	776	.Xr EVP_CIPHER_CTX_ctrl 3 ,