1 files changed, 0 insertions, 316 deletions
diff --git a/src/lib/libressl/ressl_init.3 b/src/lib/libressl/ressl_init.3
deleted file mode 100644
index 81a32350ee..0000000000
--- a/src/lib/libressl/ressl_init.3
+++ /dev/null
@@ -1,316 +0,0 @@
-.\" $OpenBSD: ressl_init.3,v 1.9 2014/10/16 12:46:35 tedu Exp $
-.\"
-.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: October 16 2014 $
-.Dt RESSL 3
-.Os
-.Sh NAME
-.Nm ressl_init ,
-.Nm ressl_error ,
-.Nm ressl_config_new ,
-.Nm ressl_config_free ,
-.Nm ressl_config_set_ca_file ,
-.Nm ressl_config_set_ca_path ,
-.Nm ressl_config_set_cert_file ,
-.Nm ressl_config_set_cert_mem ,
-.Nm ressl_config_set_ciphers ,
-.Nm ressl_config_set_ecdhcurve ,
-.Nm ressl_config_set_key_file ,
-.Nm ressl_config_set_key_mem ,
-.Nm ressl_config_set_protocols ,
-.Nm ressl_config_set_verify_depth ,
-.Nm ressl_config_clear_keys ,
-.Nm ressl_config_insecure_noverifyhost ,
-.Nm ressl_config_insecure_noverifycert ,
-.Nm ressl_config_verify ,
-.Nm ressl_client ,
-.Nm ressl_server ,
-.Nm ressl_configure ,
-.Nm ressl_reset ,
-.Nm ressl_close ,
-.Nm ressl_free ,
-.Nm ressl_connect ,
-.Nm ressl_connect_socket ,
-.Nm ressl_read ,
-.Nm ressl_write ,
-.Nd ressl TLS client and server API
-.Sh SYNOPSIS
-.In ressl.h
-.Ft "int"
-.Fn ressl_init "void"
-.Ft "const char *"
-.Fn ressl_error "struct ressl *ctx"
-.Ft "struct ressl_config *"
-.Fn ressl_config_new "void"
-.Ft "void"
-.Fn ressl_config_free "struct ressl_config *config"
-.Ft "int"
-.Fn ressl_config_set_ca_file "struct ressl_config *config" "const char *ca_file"
-.Ft "int"
-.Fn ressl_config_set_ca_path "struct ressl_config *config" "const char *ca_path"
-.Ft "int"
-.Fn ressl_config_set_cert_file "struct ressl_config *config" "const char *cert_file"
-.Ft "int"
-.Fn ressl_config_set_cert_mem  "struct ressl_config *config" "const uint8_t *cert" "size_t len"
-.Ft "int"
-.Fn ressl_config_set_ciphers "struct ressl_config *config" "const char *ciphers"
-.Ft "int"
-.Fn ressl_config_set_ecdhcurve "struct ressl_config *config" "const char *name"
-.Ft "int"
-.Fn ressl_config_set_key_file "struct ressl_config *config" "const char *key_file"
-.Ft "int"
-.Fn ressl_config_set_key_mem "struct ressl_config *config" "const uint8_t *key" "size_t len"
-.Ft "int"
-.Fn ressl_config_set_protocols "struct ressl_config *config" "uint32_t protocols"
-.Ft "int"
-.Fn ressl_config_set_verify_depth "struct ressl_config *config" "int verify_depth"
-.Ft "void"
-.Fn ressl_config_clear_keys "struct ressl_config *config"
-.Ft "void"
-.Fn ressl_config_insecure_noverifyhost "struct ressl_config *config"
-.Ft "void"
-.Fn ressl_config_insecure_noverifycert "struct ressl_config *config"
-.Ft "void"
-.Fn ressl_config_verify "struct ressl_config *config"
-.Ft "struct ressl *"
-.Fn ressl_client void
-.Ft "struct ressl *"
-.Fn ressl_server void
-.Ft "int"
-.Fn ressl_configure "struct ressl *ctx" "struct ressl_config *config"
-.Ft "void"
-.Fn ressl_reset "struct ressl *ctx"
-.Ft "int"
-.Fn ressl_close "struct ressl *ctx"
-.Ft "void"
-.Fn ressl_free "struct ressl *ctx"
-.Ft "int"
-.Fn ressl_connect "struct ressl *ctx" "const char *host" "const char *port"
-.Ft "int"
-.Fn ressl_connect_socket "struct ressl *ctx" "int s" "const char *hostname"
-.Ft "int"
-.Fn ressl_read "struct ressl *ctx" "void *buf" "size_t buflen" "size_t *outlen"
-.Ft "int"
-.Fn ressl_write "struct ressl *ctx" "const void *buf" "size_t buflen"
-.Sh DESCRIPTION
-The
-.Nm ressl
-family of functions establishes a secure communications channel
-using the TLS socket protocol.
-Both clients and servers are supported.
-.Pp
-The
-.Fn ressl_init
-function should be called once before any function is used.
-.Pp
-Before a connection is created, a configuration must be created.
-The
-.Fn ressl_config_new
-function returns a new default configuration that can be used for future
-connections.
-Several functions exist to change the options of the configuration; see below.
-.Pp
-A
-.Em ressl
-connection is represented as a
-.Em context .
-A new
-.Em context
-is created by either the
-.Fn ressl_client
-or
-.Fn ressl_server
-functions.
-The context can then be configured with the function
-.Fn ressl_configure .
-The same
-.Em ressl_config
-object can be used to configure multiple contexts.
-.Pp
-A client connection is initiated after configuration by calling
-.Fn ressl_connect .
-This function will create a new socket, connect to the specified host and
-port, and then establish a secure connection.
-An already existing socket can be upgraded to a secure connection by calling
-.Fn ressl_connect_socket .
-.Pp
-Two functions are provided for input and output,
-.Fn ressl_read
-and
-.Fn ressl_write .
-.Pp
-After use, a ressl
-.Em context
-should be closed with
-.Fn ressl_close ,
-and then freed by calling
-.Fn ressl_free .
-When no more contexts are to be created, the
-.Em ressl_config
-object should be freed by calling
-.Fn ressl_config_free .
-.Sh FUNCTIONS
-The
-.Fn ressl_init
-function initializes global data structures.
-It should be called once before any other functions.
-.Pp
-The following functions create and free configuration objects.
-.Bl -bullet -offset four
-.It
-.Fn ressl_config_new
-allocates a new default configuration object.
-.It
-.Fn ressl_config_free
-frees a configuration object.
-.El
-.Pp
-The following functions modify a configuration by setting parameters.
-Configuration options may apply to only clients or only servers or both.
-.Bl -bullet -offset four
-.It
-.Fn ressl_config_set_ca_file
-sets the filename used to load a file
-containing the root certificates.
-.Em (Client)
-.It
-.Fn ressl_config_set_ca_path
-sets the path (directory) which should be searched for root
-certificates.
-.Em (Client)
-.It
-.Fn ressl_config_set_cert_file
-sets file from which the public certificate will be read.
-.Em (Client and server)
-.It
-.Fn ressl_config_set_cert_mem
-sets the public certificate directly from memory.
-.Em (Client and server)
-.It
-.Fn ressl_config_set_ciphers
-sets the list of ciphers that may be used.
-.Em (Client and server)
-.It
-.Fn ressl_config_set_key_file
-sets the file from which the private key will be read.
-.Em (Server)
-.It
-.Fn ressl_config_set_key_mem
-directly sets the private key from memory.
-.Em (Server)
-.It
-.Fn ressl_config_set_protocols
-sets which versions of the protocol may be used.
-Possible values are the bitwise OR of:
-.Pp
-.Bl -tag -width "RESSL_PROTOCOL_TLSv1_2" -offset indent -compact
-.It Dv RESSL_PROTOCOL_TLSv1_0
-.It Dv RESSL_PROTOCOL_TLSv1_1
-.It Dv RESSL_PROTOCOL_TLSv1_2
-.El
-.Pp
-Additionally, the values
-.Dv RESSL_PROTOCOL_TLSv1
-(all TLS versions) and
-.Dv RESSL_PROTOCOLS_DEFAULT
-(currently all TLS versions) may be used.
-.Em (Client and server)
-.It
-.Fn ressl_config_clear_keys
-clears any secret keys from memory.
-.Em (Server)
-.It
-.Fn ressl_config_insecure_noverifyhost
-disables hostname verification.
-Be careful when using this option.
-.Em (Client)
-.It
-.Fn ressl_config_insecure_noverifycert
-disables certificate verification.
-Be extremely careful when using this option.
-.Em (Client)
-.It
-.Fn ressl_config_verify
-reenables hostname and certificate verification.
-.Em (Client)
-.El
-.Pp
-The following functions create, prepare, and free a connection context.
-.Bl -bullet -offset four
-.It
-.Fn ressl_client
-creates a new ressl context for client connections.
-.It
-.Fn ressl_server
-creates a new ressl context for server connections.
-.It
-.Fn ressl_configure
-readies a ressl context for use by applying the configuration
-options.
-.It
-.Fn ressl_close
-closes a connection after use.
-.It
-.Fn ressl_free
-frees a ressl context after use.
-.El
-.Pp
-The following functions initiate a connection and perform input and output
-operations.
-.Bl -bullet -offset four
-.It
-.Fn ressl_connect
-connects a client context to the server named by
-.Fa host .
-The
-.Fa port
-may be numeric or a service name.
-If it is NULL then a host of the format "hostname:port" is permitted.
-.It
-.Fn ressl_connect_socket
-connects a client context to an already established socket connection.
-.It
-.Fn ressl_read
-reads
-.Fa buflen
-bytes of data from the socket into
-.Fa buf .
-The amount of data read is returned in
-.Fa outlen .
-.It
-.Fn ressl_write
-writes
-.Fa buflen
-bytes of data from
-.Fa buf
-to the socket.
-The amount of data written is returned in
-.Fa outlen .
-.El
-.Sh RETURN VALUES
-Functions that return
-.Vt int
-will return 0 on success and -1 on error.
-Functions that return a pointer will return NULL on error.
-.\" .Sh ERRORS
-.\" .Sh SEE ALSO
-.Sh HISTORY
-The
-.Nm ressl
-API first appeared in
-.Ox 5.6
-as a response to the unnecessary challenges other APIs present in
-order to use them safely.

diff --git a/src/lib/libressl/ressl_init.3 b/src/lib/libressl/ressl_init.3 deleted file mode 100644 index 81a32350ee..0000000000 --- a/src/lib/libressl/ressl_init.3 +++ /dev/null
@@ -1,316 +0,0 @@
1	.\" $OpenBSD: ressl_init.3,v 1.9 2014/10/16 12:46:35 tedu Exp $
2	.\"
3	.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: October 16 2014 $
18	.Dt RESSL 3
19	.Os
20	.Sh NAME
21	.Nm ressl_init ,
22	.Nm ressl_error ,
23	.Nm ressl_config_new ,
24	.Nm ressl_config_free ,
25	.Nm ressl_config_set_ca_file ,
26	.Nm ressl_config_set_ca_path ,
27	.Nm ressl_config_set_cert_file ,
28	.Nm ressl_config_set_cert_mem ,
29	.Nm ressl_config_set_ciphers ,
30	.Nm ressl_config_set_ecdhcurve ,
31	.Nm ressl_config_set_key_file ,
32	.Nm ressl_config_set_key_mem ,
33	.Nm ressl_config_set_protocols ,
34	.Nm ressl_config_set_verify_depth ,
35	.Nm ressl_config_clear_keys ,
36	.Nm ressl_config_insecure_noverifyhost ,
37	.Nm ressl_config_insecure_noverifycert ,
38	.Nm ressl_config_verify ,
39	.Nm ressl_client ,
40	.Nm ressl_server ,
41	.Nm ressl_configure ,
42	.Nm ressl_reset ,
43	.Nm ressl_close ,
44	.Nm ressl_free ,
45	.Nm ressl_connect ,
46	.Nm ressl_connect_socket ,
47	.Nm ressl_read ,
48	.Nm ressl_write ,
49	.Nd ressl TLS client and server API
50	.Sh SYNOPSIS
51	.In ressl.h
52	.Ft "int"
53	.Fn ressl_init "void"
54	.Ft "const char *"
55	.Fn ressl_error "struct ressl *ctx"
56	.Ft "struct ressl_config *"
57	.Fn ressl_config_new "void"
58	.Ft "void"
59	.Fn ressl_config_free "struct ressl_config *config"
60	.Ft "int"
61	.Fn ressl_config_set_ca_file "struct ressl_config config" "const char ca_file"
62	.Ft "int"
63	.Fn ressl_config_set_ca_path "struct ressl_config config" "const char ca_path"
64	.Ft "int"
65	.Fn ressl_config_set_cert_file "struct ressl_config config" "const char cert_file"
66	.Ft "int"
67	.Fn ressl_config_set_cert_mem "struct ressl_config config" "const uint8_t cert" "size_t len"
68	.Ft "int"
69	.Fn ressl_config_set_ciphers "struct ressl_config config" "const char ciphers"
70	.Ft "int"
71	.Fn ressl_config_set_ecdhcurve "struct ressl_config config" "const char name"
72	.Ft "int"
73	.Fn ressl_config_set_key_file "struct ressl_config config" "const char key_file"
74	.Ft "int"
75	.Fn ressl_config_set_key_mem "struct ressl_config config" "const uint8_t key" "size_t len"
76	.Ft "int"
77	.Fn ressl_config_set_protocols "struct ressl_config *config" "uint32_t protocols"
78	.Ft "int"
79	.Fn ressl_config_set_verify_depth "struct ressl_config *config" "int verify_depth"
80	.Ft "void"
81	.Fn ressl_config_clear_keys "struct ressl_config *config"
82	.Ft "void"
83	.Fn ressl_config_insecure_noverifyhost "struct ressl_config *config"
84	.Ft "void"
85	.Fn ressl_config_insecure_noverifycert "struct ressl_config *config"
86	.Ft "void"
87	.Fn ressl_config_verify "struct ressl_config *config"
88	.Ft "struct ressl *"
89	.Fn ressl_client void
90	.Ft "struct ressl *"
91	.Fn ressl_server void
92	.Ft "int"
93	.Fn ressl_configure "struct ressl ctx" "struct ressl_config config"
94	.Ft "void"
95	.Fn ressl_reset "struct ressl *ctx"
96	.Ft "int"
97	.Fn ressl_close "struct ressl *ctx"
98	.Ft "void"
99	.Fn ressl_free "struct ressl *ctx"
100	.Ft "int"
101	.Fn ressl_connect "struct ressl ctx" "const char host" "const char *port"
102	.Ft "int"
103	.Fn ressl_connect_socket "struct ressl ctx" "int s" "const char hostname"
104	.Ft "int"
105	.Fn ressl_read "struct ressl ctx" "void buf" "size_t buflen" "size_t *outlen"
106	.Ft "int"
107	.Fn ressl_write "struct ressl ctx" "const void buf" "size_t buflen"
108	.Sh DESCRIPTION
109	The
110	.Nm ressl
111	family of functions establishes a secure communications channel
112	using the TLS socket protocol.
113	Both clients and servers are supported.
114	.Pp
115	The
116	.Fn ressl_init
117	function should be called once before any function is used.
118	.Pp
119	Before a connection is created, a configuration must be created.
120	The
121	.Fn ressl_config_new
122	function returns a new default configuration that can be used for future
123	connections.
124	Several functions exist to change the options of the configuration; see below.
125	.Pp
126	A
127	.Em ressl
128	connection is represented as a
129	.Em context .
130	A new
131	.Em context
132	is created by either the
133	.Fn ressl_client
134	or
135	.Fn ressl_server
136	functions.
137	The context can then be configured with the function
138	.Fn ressl_configure .
139	The same
140	.Em ressl_config
141	object can be used to configure multiple contexts.
142	.Pp
143	A client connection is initiated after configuration by calling
144	.Fn ressl_connect .
145	This function will create a new socket, connect to the specified host and
146	port, and then establish a secure connection.
147	An already existing socket can be upgraded to a secure connection by calling
148	.Fn ressl_connect_socket .
149	.Pp
150	Two functions are provided for input and output,
151	.Fn ressl_read
152	and
153	.Fn ressl_write .
154	.Pp
155	After use, a ressl
156	.Em context
157	should be closed with
158	.Fn ressl_close ,
159	and then freed by calling
160	.Fn ressl_free .
161	When no more contexts are to be created, the
162	.Em ressl_config
163	object should be freed by calling
164	.Fn ressl_config_free .
165	.Sh FUNCTIONS
166	The
167	.Fn ressl_init
168	function initializes global data structures.
169	It should be called once before any other functions.
170	.Pp
171	The following functions create and free configuration objects.
172	.Bl -bullet -offset four
173	.It
174	.Fn ressl_config_new
175	allocates a new default configuration object.
176	.It
177	.Fn ressl_config_free
178	frees a configuration object.
179	.El
180	.Pp
181	The following functions modify a configuration by setting parameters.
182	Configuration options may apply to only clients or only servers or both.
183	.Bl -bullet -offset four
184	.It
185	.Fn ressl_config_set_ca_file
186	sets the filename used to load a file
187	containing the root certificates.
188	.Em (Client)
189	.It
190	.Fn ressl_config_set_ca_path
191	sets the path (directory) which should be searched for root
192	certificates.
193	.Em (Client)
194	.It
195	.Fn ressl_config_set_cert_file
196	sets file from which the public certificate will be read.
197	.Em (Client and server)
198	.It
199	.Fn ressl_config_set_cert_mem
200	sets the public certificate directly from memory.
201	.Em (Client and server)
202	.It
203	.Fn ressl_config_set_ciphers
204	sets the list of ciphers that may be used.
205	.Em (Client and server)
206	.It
207	.Fn ressl_config_set_key_file
208	sets the file from which the private key will be read.
209	.Em (Server)
210	.It
211	.Fn ressl_config_set_key_mem
212	directly sets the private key from memory.
213	.Em (Server)
214	.It
215	.Fn ressl_config_set_protocols
216	sets which versions of the protocol may be used.
217	Possible values are the bitwise OR of:
218	.Pp
219	.Bl -tag -width "RESSL_PROTOCOL_TLSv1_2" -offset indent -compact
220	.It Dv RESSL_PROTOCOL_TLSv1_0
221	.It Dv RESSL_PROTOCOL_TLSv1_1
222	.It Dv RESSL_PROTOCOL_TLSv1_2
223	.El
224	.Pp
225	Additionally, the values
226	.Dv RESSL_PROTOCOL_TLSv1
227	(all TLS versions) and
228	.Dv RESSL_PROTOCOLS_DEFAULT
229	(currently all TLS versions) may be used.
230	.Em (Client and server)
231	.It
232	.Fn ressl_config_clear_keys
233	clears any secret keys from memory.
234	.Em (Server)
235	.It
236	.Fn ressl_config_insecure_noverifyhost
237	disables hostname verification.
238	Be careful when using this option.
239	.Em (Client)
240	.It
241	.Fn ressl_config_insecure_noverifycert
242	disables certificate verification.
243	Be extremely careful when using this option.
244	.Em (Client)
245	.It
246	.Fn ressl_config_verify
247	reenables hostname and certificate verification.
248	.Em (Client)
249	.El
250	.Pp
251	The following functions create, prepare, and free a connection context.
252	.Bl -bullet -offset four
253	.It
254	.Fn ressl_client
255	creates a new ressl context for client connections.
256	.It
257	.Fn ressl_server
258	creates a new ressl context for server connections.
259	.It
260	.Fn ressl_configure
261	readies a ressl context for use by applying the configuration
262	options.
263	.It
264	.Fn ressl_close
265	closes a connection after use.
266	.It
267	.Fn ressl_free
268	frees a ressl context after use.
269	.El
270	.Pp
271	The following functions initiate a connection and perform input and output
272	operations.
273	.Bl -bullet -offset four
274	.It
275	.Fn ressl_connect
276	connects a client context to the server named by
277	.Fa host .
278	The
279	.Fa port
280	may be numeric or a service name.
281	If it is NULL then a host of the format "hostname:port" is permitted.
282	.It
283	.Fn ressl_connect_socket
284	connects a client context to an already established socket connection.
285	.It
286	.Fn ressl_read
287	reads
288	.Fa buflen
289	bytes of data from the socket into
290	.Fa buf .
291	The amount of data read is returned in
292	.Fa outlen .
293	.It
294	.Fn ressl_write
295	writes
296	.Fa buflen
297	bytes of data from
298	.Fa buf
299	to the socket.
300	The amount of data written is returned in
301	.Fa outlen .
302	.El
303	.Sh RETURN VALUES
304	Functions that return
305	.Vt int
306	will return 0 on success and -1 on error.
307	Functions that return a pointer will return NULL on error.
308	.\" .Sh ERRORS
309	.\" .Sh SEE ALSO
310	.Sh HISTORY
311	The
312	.Nm ressl
313	API first appeared in
314	.Ox 5.6
315	as a response to the unnecessary challenges other APIs present in
316	order to use them safely.