diff options
| author | schwarze <> | 2018-03-21 22:08:04 +0000 | 
|---|---|---|
| committer | schwarze <> | 2018-03-21 22:08:04 +0000 | 
| commit | f33d843633a582f202f684491254bada42a8ec30 (patch) | |
| tree | c98fb17ad7143964c99a5e0a0e600ecd5d16e061 /src/lib/libc | |
| parent | 9c91ba61c8e2a34c61d2447cf6b9fd0b1476a394 (diff) | |
| download | openbsd-f33d843633a582f202f684491254bada42a8ec30.tar.gz openbsd-f33d843633a582f202f684491254bada42a8ec30.tar.bz2 openbsd-f33d843633a582f202f684491254bada42a8ec30.zip | |
Catch up after beck@ fixed autoconfiguration:
* Say more precisely what OPENSSL_config(3) and OPENSSL_no_config(3) do.
* Revert the deprecation notice for them, nothing wrong with them.
* Document OPENSSL_INIT_LOAD_CONFIG.
* Deprecate OpenSSL_add_all_algorithms(3), it's now automatic.
* Add OpenSSL_add_all_algorithms(3) HISTORY.
Substantial feedback and OK beck@.
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/man/OPENSSL_config.3 | 39 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/OPENSSL_init_crypto.3 | 25 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | 53 | 
3 files changed, 55 insertions, 62 deletions
| diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3 index 6e2a1ef56f..cdfdb3fea4 100644 --- a/src/lib/libcrypto/man/OPENSSL_config.3 +++ b/src/lib/libcrypto/man/OPENSSL_config.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: OPENSSL_config.3,v 1.8 2018/03/17 20:18:44 schwarze Exp $ | 1 | .\" $OpenBSD: OPENSSL_config.3,v 1.9 2018/03/21 22:08:04 schwarze Exp $ | 
| 2 | .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 | 2 | .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 | 
| 3 | .\" | 3 | .\" | 
| 4 | .\" This file is a derived work. | 4 | .\" This file is a derived work. | 
| @@ -65,13 +65,13 @@ | |||
| 65 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 65 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 
| 66 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 66 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 
| 67 | .\" | 67 | .\" | 
| 68 | .Dd $Mdocdate: March 17 2018 $ | 68 | .Dd $Mdocdate: March 21 2018 $ | 
| 69 | .Dt OPENSSL_CONFIG 3 | 69 | .Dt OPENSSL_CONFIG 3 | 
| 70 | .Os | 70 | .Os | 
| 71 | .Sh NAME | 71 | .Sh NAME | 
| 72 | .Nm OPENSSL_config , | 72 | .Nm OPENSSL_config , | 
| 73 | .Nm OPENSSL_no_config | 73 | .Nm OPENSSL_no_config | 
| 74 | .Nd old style crypto and ssl library initialization | 74 | .Nd simple crypto and ssl library configuration | 
| 75 | .Sh SYNOPSIS | 75 | .Sh SYNOPSIS | 
| 76 | .In openssl/conf.h | 76 | .In openssl/conf.h | 
| 77 | .Ft void | 77 | .Ft void | 
| @@ -81,25 +81,12 @@ | |||
| 81 | .Ft void | 81 | .Ft void | 
| 82 | .Fn OPENSSL_no_config void | 82 | .Fn OPENSSL_no_config void | 
| 83 | .Sh DESCRIPTION | 83 | .Sh DESCRIPTION | 
| 84 | These functions have been deprecated since OpenSSL 1.1.0. | ||
| 85 | It is recommended to use | ||
| 86 | .Xr CONF_modules_load_file 3 | ||
| 87 | instead of | ||
| 88 | .Fn OPENSSL_config | ||
| 89 | or | ||
| 90 | .Xr OPENSSL_init_crypto 3 | ||
| 91 | with | ||
| 92 | .Dv OPENSSL_INIT_NO_LOAD_CONFIG | ||
| 93 | instead of | ||
| 94 | .Fn OPENSSL_no_config . | ||
| 95 | Except to disable the standard configuration file, application programs | ||
| 96 | do not need to call any library initialization function at all because | ||
| 97 | LibreSSL does all the required initialization automatically, and so does | ||
| 98 | OpenSSL 1.1.0 and later. | ||
| 99 | .Pp | ||
| 100 | .Fn OPENSSL_config | 84 | .Fn OPENSSL_config | 
| 101 | initializes the crypto library, in particular calling | 85 | initializes the crypto library with | 
| 102 | .Xr OPENSSL_init_crypto 3 | 86 | .Xr OPENSSL_init_crypto 3 | 
| 87 | and then calls | ||
| 88 | .Xr OPENSSL_load_builtin_modules 3 , | ||
| 89 | .Xr ENGINE_load_builtin_engines 3 , | ||
| 103 | and | 90 | and | 
| 104 | .Xr CONF_modules_load_file 3 | 91 | .Xr CONF_modules_load_file 3 | 
| 105 | with the standard configuration file and the given | 92 | with the standard configuration file and the given | 
| @@ -117,10 +104,13 @@ Further calls to | |||
| 117 | have no effect. | 104 | have no effect. | 
| 118 | .Pp | 105 | .Pp | 
| 119 | .Fn OPENSSL_no_config | 106 | .Fn OPENSSL_no_config | 
| 120 | disables configuration. | 107 | has no effect except that later calls to | 
| 121 | If called before | 108 | .Fn OPENSSL_config | 
| 122 | .Fn OPENSSL_config , | 109 | will be ignored. | 
| 123 | no configuration takes place. | 110 | .Pp | 
| 111 | Calling these functions is optional. | ||
| 112 | All required initialization of the crypto libraries happens | ||
| 113 | automatically when needed. | ||
| 124 | .Pp | 114 | .Pp | 
| 125 | If an application is compiled with the preprocessor symbol | 115 | If an application is compiled with the preprocessor symbol | 
| 126 | .Dv OPENSSL_LOAD_CONF | 116 | .Dv OPENSSL_LOAD_CONF | 
| @@ -141,6 +131,7 @@ standard configuration file | |||
| 141 | .Xr CONF_modules_free 3 , | 131 | .Xr CONF_modules_free 3 , | 
| 142 | .Xr CONF_modules_load_file 3 , | 132 | .Xr CONF_modules_load_file 3 , | 
| 143 | .Xr OPENSSL_init_crypto 3 , | 133 | .Xr OPENSSL_init_crypto 3 , | 
| 134 | .Xr OPENSSL_load_builtin_modules 3 , | ||
| 144 | .Xr openssl.cnf 5 | 135 | .Xr openssl.cnf 5 | 
| 145 | .Sh HISTORY | 136 | .Sh HISTORY | 
| 146 | .Fn OPENSSL_config | 137 | .Fn OPENSSL_config | 
| diff --git a/src/lib/libcrypto/man/OPENSSL_init_crypto.3 b/src/lib/libcrypto/man/OPENSSL_init_crypto.3 index 27c60561fe..525d748cea 100644 --- a/src/lib/libcrypto/man/OPENSSL_init_crypto.3 +++ b/src/lib/libcrypto/man/OPENSSL_init_crypto.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: OPENSSL_init_crypto.3,v 1.1 2018/03/17 18:52:42 schwarze Exp $ | 1 | .\" $OpenBSD: OPENSSL_init_crypto.3,v 1.2 2018/03/21 22:08:04 schwarze Exp $ | 
| 2 | .\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org> | 2 | .\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org> | 
| 3 | .\" | 3 | .\" | 
| 4 | .\" Permission to use, copy, modify, and distribute this software for any | 4 | .\" Permission to use, copy, modify, and distribute this software for any | 
| @@ -13,7 +13,7 @@ | |||
| 13 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 13 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 
| 14 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 
| 15 | .\" | 15 | .\" | 
| 16 | .Dd $Mdocdate: March 17 2018 $ | 16 | .Dd $Mdocdate: March 21 2018 $ | 
| 17 | .Dt OPENSSL_INIT_CRYPTO 3 | 17 | .Dt OPENSSL_INIT_CRYPTO 3 | 
| 18 | .Os | 18 | .Os | 
| 19 | .Sh NAME | 19 | .Sh NAME | 
| @@ -31,14 +31,21 @@ If | |||
| 31 | .Fn OPENSSL_init_crypto | 31 | .Fn OPENSSL_init_crypto | 
| 32 | is called before any other crypto or ssl functions, the crypto | 32 | is called before any other crypto or ssl functions, the crypto | 
| 33 | library is initialised by allocating various internal resources. | 33 | library is initialised by allocating various internal resources. | 
| 34 | Unless the | 34 | .Pp | 
| 35 | .Dv OPENSSL_INIT_NO_LOAD_CONFIG | 35 | The following | 
| 36 | bit is set in the | ||
| 37 | .Fa options | 36 | .Fa options | 
| 38 | argument, the default | 37 | are supported: | 
| 39 | .Xr openssl.cnf 5 | 38 | .Bl -tag -width Ds | 
| 40 | configuration file is also loaded as documented in | 39 | .It Dv OPENSSL_INIT_LOAD_CONFIG | 
| 40 | At the end of the initialization, call | ||
| 41 | .Xr OPENSSL_config 3 | ||
| 42 | with a | ||
| 43 | .Dv NULL | ||
| 44 | argument, loading the default configuration file. | ||
| 45 | .It Dv OPENSSL_INIT_NO_LOAD_CONFIG | ||
| 46 | Ignore any later calls to | ||
| 41 | .Xr OPENSSL_config 3 . | 47 | .Xr OPENSSL_config 3 . | 
| 48 | .El | ||
| 42 | .Pp | 49 | .Pp | 
| 43 | The other | 50 | The other | 
| 44 | .Fa options | 51 | .Fa options | 
| @@ -61,7 +68,9 @@ the first one have any effect. | |||
| 61 | is intended to return 1 on success or 0 on error. | 68 | is intended to return 1 on success or 0 on error. | 
| 62 | .Sh SEE ALSO | 69 | .Sh SEE ALSO | 
| 63 | .Xr CONF_modules_load_file 3 , | 70 | .Xr CONF_modules_load_file 3 , | 
| 71 | .Xr OPENSSL_config 3 , | ||
| 64 | .Xr OPENSSL_init_ssl 3 , | 72 | .Xr OPENSSL_init_ssl 3 , | 
| 73 | .Xr OPENSSL_load_builtin_modules 3 , | ||
| 65 | .Xr openssl.cnf 5 | 74 | .Xr openssl.cnf 5 | 
| 66 | .Sh HISTORY | 75 | .Sh HISTORY | 
| 67 | .Fn OPENSSL_init_crypto | 76 | .Fn OPENSSL_init_crypto | 
| diff --git a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 270298cb85..329fef8130 100644 --- a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.4 2016/11/28 16:40:27 schwarze Exp $ | 1 | .\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.5 2018/03/21 22:08:04 schwarze Exp $ | 
| 2 | .\" OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 | 2 | .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 | 
| 3 | .\" | 3 | .\" | 
| 4 | .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. | 4 | .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. | 
| 5 | .\" Copyright (c) 2000, 2003, 2013 The OpenSSL Project. All rights reserved. | 5 | .\" Copyright (c) 2000, 2003, 2013 The OpenSSL Project. All rights reserved. | 
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 
| 50 | .\" | 50 | .\" | 
| 51 | .Dd $Mdocdate: November 28 2016 $ | 51 | .Dd $Mdocdate: March 21 2018 $ | 
| 52 | .Dt OPENSSL_ADD_ALL_ALGORITHMS 3 | 52 | .Dt OPENSSL_ADD_ALL_ALGORITHMS 3 | 
| 53 | .Os | 53 | .Os | 
| 54 | .Sh NAME | 54 | .Sh NAME | 
| @@ -68,6 +68,11 @@ | |||
| 68 | .Ft void | 68 | .Ft void | 
| 69 | .Fn EVP_cleanup void | 69 | .Fn EVP_cleanup void | 
| 70 | .Sh DESCRIPTION | 70 | .Sh DESCRIPTION | 
| 71 | These functions are deprecated. | ||
| 72 | It is never useful for any application program | ||
| 73 | to call any of them explicitly. | ||
| 74 | The library automatically calls them internally whenever needed. | ||
| 75 | .Pp | ||
| 71 | OpenSSL keeps an internal table of digest algorithms and ciphers. | 76 | OpenSSL keeps an internal table of digest algorithms and ciphers. | 
| 72 | It uses this table to look up ciphers via functions such as | 77 | It uses this table to look up ciphers via functions such as | 
| 73 | .Xr EVP_get_cipherbyname 3 . | 78 | .Xr EVP_get_cipherbyname 3 . | 
| @@ -82,38 +87,26 @@ adds all digest algorithms to the table. | |||
| 82 | adds all encryption algorithms to the table including password based | 87 | adds all encryption algorithms to the table including password based | 
| 83 | encryption algorithms. | 88 | encryption algorithms. | 
| 84 | .Pp | 89 | .Pp | 
| 85 | .Fn EVP_cleanup | 90 | If any of the above functions is called more than once, | 
| 86 | removes all ciphers and digests from the table. | 91 | only the first call has an effect. | 
| 87 | .Pp | 92 | .Pp | 
| 88 | A typical application will call | ||
| 89 | .Fn OpenSSL_add_all_algorithms | ||
| 90 | initially and | ||
| 91 | .Fn EVP_cleanup | 93 | .Fn EVP_cleanup | 
| 92 | before exiting. | 94 | removes all ciphers and digests from the table. | 
| 93 | .Pp | ||
| 94 | An application does not need to add algorithms to use them explicitly, | ||
| 95 | for example by | ||
| 96 | .Xr EVP_sha1 3 . | ||
| 97 | It just needs to add them if it (or any of the functions it calls) needs | ||
| 98 | to look up algorithms. | ||
| 99 | .Pp | ||
| 100 | The cipher and digest lookup functions are used in many parts of the | ||
| 101 | library. | ||
| 102 | If the table is not initialized, several functions will misbehave and | ||
| 103 | complain they cannot find algorithms. | ||
| 104 | This includes the PEM, PKCS#12, SSL and S/MIME libraries. | ||
| 105 | This is a common query in the OpenSSL mailing lists. | ||
| 106 | .Pp | ||
| 107 | Calling | ||
| 108 | .Fn OpenSSL_add_all_algorithms | ||
| 109 | links in all algorithms: as a result a statically linked executable can | ||
| 110 | be quite large. | ||
| 111 | If this is important, it is possible to just add the required ciphers and | ||
| 112 | digests. | ||
| 113 | .Sh SEE ALSO | 95 | .Sh SEE ALSO | 
| 114 | .Xr evp 3 , | 96 | .Xr evp 3 , | 
| 115 | .Xr EVP_DigestInit 3 , | 97 | .Xr EVP_DigestInit 3 , | 
| 116 | .Xr EVP_EncryptInit 3 | 98 | .Xr EVP_EncryptInit 3 , | 
| 99 | .Xr OPENSSL_config 3 , | ||
| 100 | .Xr OPENSSL_init_crypto 3 | ||
| 101 | .Sh HISTORY | ||
| 102 | .Fn EVP_cleanup | ||
| 103 | and precursor functions | ||
| 104 | .Fn SSLeay_add_all_algorithms , | ||
| 105 | .Fn SSLeay_add_all_ciphers , | ||
| 106 | and | ||
| 107 | .Fn SSLeay_add_all_digests | ||
| 108 | appeared in SSLeay 0.8.1b or earlier and have been available since | ||
| 109 | .Ox 2.4 . | ||
| 117 | .Sh BUGS | 110 | .Sh BUGS | 
| 118 | Although the functions do not return error codes, it is possible for them | 111 | Although the functions do not return error codes, it is possible for them | 
| 119 | to fail. | 112 | to fail. | 
