From 60290a186f3d3268aa2f60c3c42b3793db09edad Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Tue, 29 Nov 2016 19:18:52 +0000
Subject: Add Copyright and license. SSLv2 and export ciphers are no longer
 supported, delete related text. Sync SSL_CIPHER_description(3) return values
 with the source code. Wording simplifications from OpenSSL. Delete empty
 RETURN VALUES section.

---
 src/lib/libssl/man/SSL_CIPHER_get_name.3 | 166 ++++++++++++++++++-------------
 1 file changed, 99 insertions(+), 67 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3
index c4661c8faf..1cd980af78 100644
--- a/src/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/src/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -1,7 +1,55 @@
+.\"	$OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2016/11/29 19:18:52 schwarze Exp $
+.\"	OpenSSL 45f55f6a Nov 30 15:35:22 2014 +0100
 .\"
-.\"	$OpenBSD: SSL_CIPHER_get_name.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" Copyright (c) 2000, 2001, 2005, 2009, 2013, 2014 The OpenSSL Project.
+.\" All rights reserved.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 29 2016 $
 .Dt SSL_CIPHER_GET_NAME 3
 .Os
 .Sh NAME
@@ -25,11 +73,11 @@
 returns a pointer to the name of
 .Fa cipher .
 If the
-argument is the
-.Dv NULL
-pointer, a pointer to the constant value
-.Qq NONE
-is returned.
+.Fa cipher
+is
+.Dv NULL ,
+it returns
+.Qq (NONE) .
 .Pp
 .Fn SSL_CIPHER_get_bits
 returns the number of secret bits used for
@@ -50,8 +98,6 @@ is
 returns a string which indicates the SSL/TLS protocol version that first
 defined the cipher.
 This is currently
-.Qq SSLv2
-or
 .Qq TLSv1/SSLv3 .
 In some cases it should possibly return
 .Qq TLSv1.2
@@ -89,87 +135,73 @@ is
 and the allocation fails, a pointer to the string
 .Qq Buffer too small
 is returned.
-.Sh NOTES
-The number of bits processed can be different from the secret bits.
-For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
-The algorithm does use the full 128 bits (which would be returned for
-.Fa alg_bits ) ,
-but 88 bits are fixed.
-The search space is hence only 40 bits.
 .Pp
 The string returned by
 .Fn SSL_CIPHER_description
-in case of success consists
-of cleartext information separated by one or more blanks in the following
-sequence:
+consists of several fields separated by whitespace:
 .Bl -tag -width Ds
 .It Aq Ar ciphername
 Textual representation of the cipher name.
 .It Aq Ar protocol version
 Protocol version:
-.Em SSLv2 ,
-.Em SSLv3 ,
-.Em TLSv1.2 .
+.Sy SSLv3
+or
+.Sy TLSv1.2 .
 The TLSv1.0 ciphers are flagged with SSLv3.
 No new ciphers were added by TLSv1.1.
 .It Kx= Ns Aq Ar key exchange
 Key exchange method:
-.Em RSA
-(for export ciphers as
-.Em RSA(512)
-or
-.Em RSA(1024) ) ,
-.Em DH
-(for export ciphers as
-.Em DH(512)
+.Sy DH ,
+.Sy ECDH ,
+.Sy GOST ,
 or
-.Em DH(1024) ) ,
-.Em DH/RSA ,
-.Em DH/DSS ,
-.Em Fortezza .
+.Sy RSA .
 .It Au= Ns Aq Ar authentication
 Authentication method:
-.Em RSA ,
-.Em DSS ,
-.Em DH ,
-.Em None .
-.Em None
+.Sy DSS ,
+.Sy ECDSA ,
+.Sy GOST01 ,
+.Sy RSA ,
+or
+.Sy None .
+.Sy None
 is the representation of anonymous ciphers.
 .It Enc= Ns Aq Ar symmetric encryption method
 Encryption method with number of secret bits:
-.Em DES(40) ,
-.Em DES(56) ,
-.Em 3DES(168) ,
-.Em RC4(40) ,
-.Em RC4(56) ,
-.Em RC4(64) ,
-.Em RC4(128) ,
-.Em RC2(40) ,
-.Em RC2(56) ,
-.Em RC2(128) ,
-.Em IDEA(128) ,
-.Em Fortezza ,
-.Em None .
+.Sy DES(56) ,
+.Sy 3DES(168) ,
+.Sy RC4(64) ,
+.Sy RC4(128) ,
+.Sy IDEA(128) ,
+.Sy AES(128) ,
+.Sy AES(256) ,
+.Sy AESCGM(128) ,
+.Sy AESCGM(256) ,
+.Sy Camellia(128) ,
+.Sy Camellia(256) ,
+.Sy ChaCha20-Poly1305 ,
+.Sy ChaCha20-Poly1305-Old ,
+.Sy GOST-28178-89-CNT ,
+or
+.Sy None .
 .It Mac= Ns Aq Ar message authentication code
 Message digest:
-.Em MD5 ,
-.Em SHA1 .
-.It Aq Ar export flag
-If the cipher is flagged exportable with respect to old US crypto
-regulations, the word
-.Dq export
-is printed.
+.Sy MD5 ,
+.Sy SHA1 ,
+.Sy SHA256 ,
+.Sy SHA384 ,
+.Sy AEAD ,
+.Sy GOST94 ,
+.Sy GOST89IMIT ,
+.Sy STREEBOG256 ,
+.Sy STREEBOG512 .
 .El
-.Sh RETURN VALUES
-See
-.Sx DESCRIPTION
 .Sh EXAMPLES
-Some examples for the output of
+An example for the output of
 .Fn SSL_CIPHER_description :
-.D1 "EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1"
-.D1 "EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1"
-.D1 "RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5"
-.D1 "EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export"
+.Bd -literal
+ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
+.Ed
 .Pp
 A complete list can be retrieved by invoking the following command:
 .Pp
-- 
cgit v1.2.3-55-g6feb