1 files changed, 193 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_CIPHER_get_name.3 b/src/lib/libssl/doc/SSL_CIPHER_get_name.3
new file mode 100644
index 0000000000..0c6cccd1cc
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_CIPHER_get_name.3
@@ -0,0 +1,193 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CIPHER_GET_NAME 3
+.Os
+.Sh NAME
+.Nm SSL_CIPHER_get_name ,
+.Nm SSL_CIPHER_get_bits ,
+.Nm SSL_CIPHER_get_version ,
+.Nm SSL_CIPHER_description
+.Nd get SSL_CIPHER properties
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft const char *
+.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher"
+.Ft int
+.Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits"
+.Ft char *
+.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
+.Ft char *
+.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
+.Sh DESCRIPTION
+.Fn SSL_CIPHER_get_name
+returns a pointer to the name of
+.Fa cipher .
+If the
+argument is the
+.Dv NULL
+pointer, a pointer to the constant value
+.Qq NONE
+is returned.
+.Pp
+.Fn SSL_CIPHER_get_bits
+returns the number of secret bits used for
+.Fa cipher .
+If
+.Fa alg_bits
+is not
+.Dv NULL ,
+it contains the number of bits processed by the
+chosen algorithm.
+If
+.Fa cipher
+is
+.Dv NULL ,
+0 is returned.
+.Pp
+.Fn SSL_CIPHER_get_version
+returns a string which indicates the SSL/TLS protocol version that first
+defined the cipher.
+This is currently
+.Qq SSLv2
+or
+.Qq TLSv1/SSLv3 .
+In some cases it should possibly return
+.Qq TLSv1.2
+but the function does not; use
+.Xr SSL_CIPHER_description 3
+instead.
+If
+.Fa cipher
+is
+.Dv NULL ,
+.Qq (NONE)
+is returned.
+.Pp
+.Fn SSL_CIPHER_description
+returns a textual description of the cipher used into the buffer
+.Fa buf
+of length
+.Fa len
+provided.
+If
+.Fa buf
+is
+.Dv NULL ,
+a buffer is allocated using
+.Xr asprintf 3 ;
+that buffer should be freed using the
+.Xr free 3
+function.
+If
+.Fa len
+is too small, or if
+.Fa buf
+is
+.Dv NULL
+and the allocation fails, a pointer to the string
+.Qq Buffer too small
+is returned.
+.Sh NOTES
+The number of bits processed can be different from the secret bits.
+For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
+The algorithm does use the full 128 bits (which would be returned for
+.Fa alg_bits ) ,
+but 88 bits are fixed.
+The search space is hence only 40 bits.
+.Pp
+The string returned by
+.Fn SSL_CIPHER_description
+in case of success consists
+of cleartext information separated by one or more blanks in the following
+sequence:
+.Bl -tag -width Ds
+.It Aq Ar ciphername
+Textual representation of the cipher name.
+.It Aq Ar protocol version
+Protocol version:
+.Em SSLv2 ,
+.Em SSLv3 ,
+.Em TLSv1.2 .
+The TLSv1.0 ciphers are flagged with SSLv3.
+No new ciphers were added by TLSv1.1.
+.It Kx= Ns Aq Ar key exchange
+Key exchange method:
+.Em RSA
+(for export ciphers as
+.Em RSA(512)
+or
+.Em RSA(1024) ) ,
+.Em DH
+(for export ciphers as
+.Em DH(512)
+or
+.Em DH(1024) ) ,
+.Em DH/RSA ,
+.Em DH/DSS ,
+.Em Fortezza .
+.It Au= Ns Aq Ar authentication
+Authentication method:
+.Em RSA ,
+.Em DSS ,
+.Em DH ,
+.Em None .
+.Em None
+is the representation of anonymous ciphers.
+.It Enc= Ns Aq Ar symmetric encryption method
+Encryption method with number of secret bits:
+.Em DES(40) ,
+.Em DES(56) ,
+.Em 3DES(168) ,
+.Em RC4(40) ,
+.Em RC4(56) ,
+.Em RC4(64) ,
+.Em RC4(128) ,
+.Em RC2(40) ,
+.Em RC2(56) ,
+.Em RC2(128) ,
+.Em IDEA(128) ,
+.Em Fortezza ,
+.Em None .
+.It Mac= Ns Aq Ar message authentication code
+Message digest:
+.Em MD5 ,
+.Em SHA1 .
+.It Aq Ar export flag
+If the cipher is flagged exportable with respect to old US crypto
+regulations, the word
+.Dq export
+is printed.
+.El
+.Sh RETURN VALUES
+See
+.Sx DESCRIPTION
+.Sh EXAMPLES
+Some examples for the output of
+.Fn SSL_CIPHER_description :
+.D1 "EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1"
+.D1 "EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1"
+.D1 "RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5"
+.D1 "EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export"
+.Pp
+A complete list can be retrieved by invoking the following command:
+.Pp
+.Dl $ openssl ciphers -v ALL
+.Sh SEE ALSO
+.Xr ciphers 1 ,
+.Xr ssl 3 ,
+.Xr SSL_get_ciphers 3 ,
+.Xr SSL_get_current_cipher 3
+.Sh BUGS
+If
+.Fn SSL_CIPHER_description
+is called with
+.Fa cipher
+being
+.Dv NULL ,
+the library crashes.
+.Pp
+If
+.Fn SSL_CIPHER_description
+cannot handle a built-in cipher,
+the according description of the cipher property is
+.Qq unknown .
+This case should not occur.

diff --git a/src/lib/libssl/doc/SSL_CIPHER_get_name.3 b/src/lib/libssl/doc/SSL_CIPHER_get_name.3 new file mode 100644 index 0000000000..0c6cccd1cc --- /dev/null +++ b/src/lib/libssl/doc/SSL_CIPHER_get_name.3
@@ -0,0 +1,193 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_CIPHER_GET_NAME 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_CIPHER_get_name ,
	6	.Nm SSL_CIPHER_get_bits ,
	7	.Nm SSL_CIPHER_get_version ,
	8	.Nm SSL_CIPHER_description
	9	.Nd get SSL_CIPHER properties
	10	.Sh SYNOPSIS
	11	.In openssl/ssl.h
	12	.Ft const char *
	13	.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher"
	14	.Ft int
	15	.Fn SSL_CIPHER_get_bits "const SSL_CIPHER cipher" "int alg_bits"
	16	.Ft char *
	17	.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
	18	.Ft char *
	19	.Fn SSL_CIPHER_description "const SSL_CIPHER cipher" "char buf" "int size"
	20	.Sh DESCRIPTION
	21	.Fn SSL_CIPHER_get_name
	22	returns a pointer to the name of
	23	.Fa cipher .
	24	If the
	25	argument is the
	26	.Dv NULL
	27	pointer, a pointer to the constant value
	28	.Qq NONE
	29	is returned.
	30	.Pp
	31	.Fn SSL_CIPHER_get_bits
	32	returns the number of secret bits used for
	33	.Fa cipher .
	34	If
	35	.Fa alg_bits
	36	is not
	37	.Dv NULL ,
	38	it contains the number of bits processed by the
	39	chosen algorithm.
	40	If
	41	.Fa cipher
	42	is
	43	.Dv NULL ,
	44	0 is returned.
	45	.Pp
	46	.Fn SSL_CIPHER_get_version
	47	returns a string which indicates the SSL/TLS protocol version that first
	48	defined the cipher.
	49	This is currently
	50	.Qq SSLv2
	51	or
	52	.Qq TLSv1/SSLv3 .
	53	In some cases it should possibly return
	54	.Qq TLSv1.2
	55	but the function does not; use
	56	.Xr SSL_CIPHER_description 3
	57	instead.
	58	If
	59	.Fa cipher
	60	is
	61	.Dv NULL ,
	62	.Qq (NONE)
	63	is returned.
	64	.Pp
	65	.Fn SSL_CIPHER_description
	66	returns a textual description of the cipher used into the buffer
	67	.Fa buf
	68	of length
	69	.Fa len
	70	provided.
	71	If
	72	.Fa buf
	73	is
	74	.Dv NULL ,
	75	a buffer is allocated using
	76	.Xr asprintf 3 ;
	77	that buffer should be freed using the
	78	.Xr free 3
	79	function.
	80	If
	81	.Fa len
	82	is too small, or if
	83	.Fa buf
	84	is
	85	.Dv NULL
	86	and the allocation fails, a pointer to the string
	87	.Qq Buffer too small
	88	is returned.
	89	.Sh NOTES
	90	The number of bits processed can be different from the secret bits.
	91	For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
	92	The algorithm does use the full 128 bits (which would be returned for
	93	.Fa alg_bits ) ,
	94	but 88 bits are fixed.
	95	The search space is hence only 40 bits.
	96	.Pp
	97	The string returned by
	98	.Fn SSL_CIPHER_description
	99	in case of success consists
	100	of cleartext information separated by one or more blanks in the following
	101	sequence:
	102	.Bl -tag -width Ds
	103	.It Aq Ar ciphername
	104	Textual representation of the cipher name.
	105	.It Aq Ar protocol version
	106	Protocol version:
	107	.Em SSLv2 ,
	108	.Em SSLv3 ,
	109	.Em TLSv1.2 .
	110	The TLSv1.0 ciphers are flagged with SSLv3.
	111	No new ciphers were added by TLSv1.1.
	112	.It Kx= Ns Aq Ar key exchange
	113	Key exchange method:
	114	.Em RSA
	115	(for export ciphers as
	116	.Em RSA(512)
	117	or
	118	.Em RSA(1024) ) ,
	119	.Em DH
	120	(for export ciphers as
	121	.Em DH(512)
	122	or
	123	.Em DH(1024) ) ,
	124	.Em DH/RSA ,
	125	.Em DH/DSS ,
	126	.Em Fortezza .
	127	.It Au= Ns Aq Ar authentication
	128	Authentication method:
	129	.Em RSA ,
	130	.Em DSS ,
	131	.Em DH ,
	132	.Em None .
	133	.Em None
	134	is the representation of anonymous ciphers.
	135	.It Enc= Ns Aq Ar symmetric encryption method
	136	Encryption method with number of secret bits:
	137	.Em DES(40) ,
	138	.Em DES(56) ,
	139	.Em 3DES(168) ,
	140	.Em RC4(40) ,
	141	.Em RC4(56) ,
	142	.Em RC4(64) ,
	143	.Em RC4(128) ,
	144	.Em RC2(40) ,
	145	.Em RC2(56) ,
	146	.Em RC2(128) ,
	147	.Em IDEA(128) ,
	148	.Em Fortezza ,
	149	.Em None .
	150	.It Mac= Ns Aq Ar message authentication code
	151	Message digest:
	152	.Em MD5 ,
	153	.Em SHA1 .
	154	.It Aq Ar export flag
	155	If the cipher is flagged exportable with respect to old US crypto
	156	regulations, the word
	157	.Dq export
	158	is printed.
	159	.El
	160	.Sh RETURN VALUES
	161	See
	162	.Sx DESCRIPTION
	163	.Sh EXAMPLES
	164	Some examples for the output of
	165	.Fn SSL_CIPHER_description :
	166	.D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1"
	167	.D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1"
	168	.D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5"
	169	.D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export"
	170	.Pp
	171	A complete list can be retrieved by invoking the following command:
	172	.Pp
	173	.Dl $ openssl ciphers -v ALL
	174	.Sh SEE ALSO
	175	.Xr ciphers 1 ,
	176	.Xr ssl 3 ,
	177	.Xr SSL_get_ciphers 3 ,
	178	.Xr SSL_get_current_cipher 3
	179	.Sh BUGS
	180	If
	181	.Fn SSL_CIPHER_description
	182	is called with
	183	.Fa cipher
	184	being
	185	.Dv NULL ,
	186	the library crashes.
	187	.Pp
	188	If
	189	.Fn SSL_CIPHER_description
	190	cannot handle a built-in cipher,
	191	the according description of the cipher property is
	192	.Qq unknown .
	193	This case should not occur.