Catch up after beck@ fixed autoconfiguration:

* Say more precisely what OPENSSL_config(3) and OPENSSL_no_config(3) do.
* Revert the deprecation notice for them, nothing wrong with them.
* Document OPENSSL_INIT_LOAD_CONFIG.
* Deprecate OpenSSL_add_all_algorithms(3), it's now automatic.
* Add OpenSSL_add_all_algorithms(3) HISTORY.
Substantial feedback and OK beck@.

3 files changed, 55 insertions, 62 deletions

diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3
index 6e2a1ef56f..cdfdb3fea4 100644
--- a/src/lib/libcrypto/man/OPENSSL_config.3
+++ b/src/lib/libcrypto/man/OPENSSL_config.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OPENSSL_config.3,v 1.8 2018/03/17 20:18:44 schwarze Exp $
+.\" $OpenBSD: OPENSSL_config.3,v 1.9 2018/03/21 22:08:04 schwarze Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,13 +65,13 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 17 2018 $
+.Dd $Mdocdate: March 21 2018 $
 .Dt OPENSSL_CONFIG 3
 .Os
 .Sh NAME
 .Nm OPENSSL_config ,
 .Nm OPENSSL_no_config
-.Nd old style crypto and ssl library initialization
+.Nd simple crypto and ssl library configuration
 .Sh SYNOPSIS
 .In openssl/conf.h
 .Ft void
@@ -81,25 +81,12 @@
 .Ft void
 .Fn OPENSSL_no_config void
 .Sh DESCRIPTION
-These functions have been deprecated since OpenSSL 1.1.0.
-It is recommended to use
-.Xr CONF_modules_load_file 3
-instead of
-.Fn OPENSSL_config
-or
-.Xr OPENSSL_init_crypto 3
-with
-.Dv OPENSSL_INIT_NO_LOAD_CONFIG
-instead of
-.Fn OPENSSL_no_config .
-Except to disable the standard configuration file, application programs
-do not need to call any library initialization function at all because
-LibreSSL does all the required initialization automatically, and so does
-OpenSSL 1.1.0 and later.
-.Pp
 .Fn OPENSSL_config
-initializes the crypto library, in particular calling
+initializes the crypto library with
 .Xr OPENSSL_init_crypto 3
+and then calls
+.Xr OPENSSL_load_builtin_modules 3 ,
+.Xr ENGINE_load_builtin_engines 3 ,
 and
 .Xr CONF_modules_load_file 3
 with the standard configuration file and the given
@@ -117,10 +104,13 @@ Further calls to
 have no effect.
 .Pp
 .Fn OPENSSL_no_config
-disables configuration.
-If called before
-.Fn OPENSSL_config ,
-no configuration takes place.
+has no effect except that later calls to
+.Fn OPENSSL_config
+will be ignored.
+.Pp
+Calling these functions is optional.
+All required initialization of the crypto libraries happens
+automatically when needed.
 .Pp
 If an application is compiled with the preprocessor symbol
 .Dv OPENSSL_LOAD_CONF
@@ -141,6 +131,7 @@ standard configuration file
 .Xr CONF_modules_free 3 ,
 .Xr CONF_modules_load_file 3 ,
 .Xr OPENSSL_init_crypto 3 ,
+.Xr OPENSSL_load_builtin_modules 3 ,
 .Xr openssl.cnf 5
 .Sh HISTORY
 .Fn OPENSSL_config
diff --git a/src/lib/libcrypto/man/OPENSSL_init_crypto.3 b/src/lib/libcrypto/man/OPENSSL_init_crypto.3
index 27c60561fe..525d748cea 100644
--- a/src/lib/libcrypto/man/OPENSSL_init_crypto.3
+++ b/src/lib/libcrypto/man/OPENSSL_init_crypto.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OPENSSL_init_crypto.3,v 1.1 2018/03/17 18:52:42 schwarze Exp $
+.\" $OpenBSD: OPENSSL_init_crypto.3,v 1.2 2018/03/21 22:08:04 schwarze Exp $
 .\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 17 2018 $
+.Dd $Mdocdate: March 21 2018 $
 .Dt OPENSSL_INIT_CRYPTO 3
 .Os
 .Sh NAME
@@ -31,14 +31,21 @@ If
 .Fn OPENSSL_init_crypto
 is called before any other crypto or ssl functions, the crypto
 library is initialised by allocating various internal resources.
-Unless the
-.Dv OPENSSL_INIT_NO_LOAD_CONFIG
-bit is set in the
+.Pp
+The following
 .Fa options
-argument, the default
-.Xr openssl.cnf 5
-configuration file is also loaded as documented in
+are supported:
+.Bl -tag -width Ds
+.It Dv OPENSSL_INIT_LOAD_CONFIG
+At the end of the initialization, call
+.Xr OPENSSL_config 3
+with a
+.Dv NULL
+argument, loading the default configuration file.
+.It Dv OPENSSL_INIT_NO_LOAD_CONFIG
+Ignore any later calls to
 .Xr OPENSSL_config 3 .
+.El
 .Pp
 The other
 .Fa options
@@ -61,7 +68,9 @@ the first one have any effect.
 is intended to return 1 on success or 0 on error.
 .Sh SEE ALSO
 .Xr CONF_modules_load_file 3 ,
+.Xr OPENSSL_config 3 ,
 .Xr OPENSSL_init_ssl 3 ,
+.Xr OPENSSL_load_builtin_modules 3 ,
 .Xr openssl.cnf 5
 .Sh HISTORY
 .Fn OPENSSL_init_crypto
diff --git a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index 270298cb85..329fef8130 100644
--- a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -1,5 +1,5 @@
-.\"     $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.4 2016/11/28 16:40:27 schwarze Exp $
-.\"     OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.5 2018/03/21 22:08:04 schwarze Exp $
+.\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2000, 2003, 2013 The OpenSSL Project.  All rights reserved.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 28 2016 $
+.Dd $Mdocdate: March 21 2018 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
@@ -68,6 +68,11 @@
 .Ft void
 .Fn EVP_cleanup void
 .Sh DESCRIPTION
+These functions are deprecated.
+It is never useful for any application program
+to call any of them explicitly.
+The library automatically calls them internally whenever needed.
+.Pp
 OpenSSL keeps an internal table of digest algorithms and ciphers.
 It uses this table to look up ciphers via functions such as
 .Xr EVP_get_cipherbyname 3 .
@@ -82,38 +87,26 @@ adds all digest algorithms to the table.
 adds all encryption algorithms to the table including password based
 encryption algorithms.
 .Pp
-.Fn EVP_cleanup
-removes all ciphers and digests from the table.
+If any of the above functions is called more than once,
+only the first call has an effect.
 .Pp
-A typical application will call
-.Fn OpenSSL_add_all_algorithms
-initially and
 .Fn EVP_cleanup
-before exiting.
-.Pp
-An application does not need to add algorithms to use them explicitly,
-for example by
-.Xr EVP_sha1 3 .
-It just needs to add them if it (or any of the functions it calls) needs
-to look up algorithms.
-.Pp
-The cipher and digest lookup functions are used in many parts of the
-library.
-If the table is not initialized, several functions will misbehave and
-complain they cannot find algorithms.
-This includes the PEM, PKCS#12, SSL and S/MIME libraries.
-This is a common query in the OpenSSL mailing lists.
-.Pp
-Calling
-.Fn OpenSSL_add_all_algorithms
-links in all algorithms: as a result a statically linked executable can
-be quite large.
-If this is important, it is possible to just add the required ciphers and
-digests.
+removes all ciphers and digests from the table.
 .Sh SEE ALSO
 .Xr evp 3 ,
 .Xr EVP_DigestInit 3 ,
-.Xr EVP_EncryptInit 3
+.Xr EVP_EncryptInit 3 ,
+.Xr OPENSSL_config 3 ,
+.Xr OPENSSL_init_crypto 3
+.Sh HISTORY
+.Fn EVP_cleanup
+and precursor functions
+.Fn SSLeay_add_all_algorithms ,
+.Fn SSLeay_add_all_ciphers ,
+and
+.Fn SSLeay_add_all_digests
+appeared in SSLeay 0.8.1b or earlier and have been available since
+.Ox 2.4 .
 .Sh BUGS
 Although the functions do not return error codes, it is possible for them
 to fail.