6 files changed, 638 insertions, 5 deletions
diff --git a/src/lib/libcrypto/man/CONF_modules_free.3 b/src/lib/libcrypto/man/CONF_modules_free.3
new file mode 100644
index 0000000000..b09989d664
--- /dev/null
+++ b/src/lib/libcrypto/man/CONF_modules_free.3
@@ -0,0 +1,56 @@
+.Dd $Mdocdate: November 11 2015 $
+.Dt CONF_MODULES_FREE 3
+.Os
+.Sh NAME
+.Nm CONF_modules_free ,
+.Nm CONF_modules_finish ,
+.Nm CONF_modules_unload
+.Nd OpenSSL configuration cleanup functions
+.Sh SYNOPSIS
+.In openssl/conf.h
+.Ft void
+.Fo CONF_modules_free
+.Fa void
+.Fc
+.Ft void
+.Fo CONF_modules_finish
+.Fa void
+.Fc
+.Ft void
+.Fo CONF_modules_unload
+.Fa "int all"
+.Fc
+.Sh DESCRIPTION
+.Fn CONF_modules_free
+closes down and frees up all memory allocated by all configuration
+modules.
+.Pp
+.Fn CONF_modules_finish
+calls the configuration
+.Sy finish
+handler of each configuration module to free up any configuration
+that module may have performed.
+.Pp
+.Fn CONF_modules_unload
+finishes and unloads configuration modules.
+If
+.Fa all
+is set to 0, only modules loaded from DSOs will be unloaded.
+If
+.Fa all
+is 1, all modules, including builtin modules, will be unloaded.
+.Sh NOTES
+Normally applications will only call
+.Fn CONF_modules_free
+at application to tidy up any configuration performed.
+.Sh RETURN VALUE
+None of the functions return a value.
+.Sh SEE ALSO
+.Xr CONF_modules_load_file 3 ,
+.Xr OPENSSL_config 3
+.Sh HISTORY
+.Fn CONF_modules_free ,
+.Fn CONF_modules_unload ,
+and
+.Fn CONF_modules_finish
+first appeared in OpenSSL 0.9.7.
diff --git a/src/lib/libcrypto/man/CONF_modules_load_file.3 b/src/lib/libcrypto/man/CONF_modules_load_file.3
new file mode 100644
index 0000000000..b5de94411d
--- /dev/null
+++ b/src/lib/libcrypto/man/CONF_modules_load_file.3
@@ -0,0 +1,82 @@
+.Dd $Mdocdate: November 11 2015 $
+.Dt CONF_MODULES_LOAD_FILE 3
+.Os
+.Sh NAME
+.Nm CONF_modules_load_file ,
+.Nm CONF_modules_load
+.Nd OpenSSL configuration functions
+.Sh SYNOPSIS
+.In openssl/conf.h
+.Ft int
+.Fo CONF_modules_load_file
+.Fa "const char *filename"
+.Fa "const char *appname"
+.Fa "unsigned long flags"
+.Fc
+.Ft int
+.Fo CONF_modules_load
+.Fa "const CONF *cnf"
+.Fa "const char *appname"
+.Fa "unsigned long flags"
+.Fc
+.Sh DESCRIPTION
+The function
+.Fn CONF_modules_load_file
+configures OpenSSL using file
+.Fa filename
+and application name
+.Fa appname .
+If
+.Fa filename
+is
+.Dv NULL ,
+the standard OpenSSL configuration file is used.
+If
+.Fa appname
+is
+.Dv NULL ,
+the standard OpenSSL application name
+.Qq openssl_conf
+is used.
+The behaviour can be cutomized using
+.Fa flags .
+.Pp
+.Fn CONF_modules_load
+is idential to
+.Fn CONF_modules_load_file
+except it reads configuration information from
+.Fa cnf .
+.Pp
+The following
+.Fa flags
+are currently recognized:
+.Bl -tag -width Ds
+.It Dv CONF_MFLAGS_IGNORE_ERRORS
+Ignore errors returned by individual configuration modules.
+By default, the first module error is considered fatal and no further
+modules are loaded.
+.It Dv CONF_MFLAGS_SILENT
+Do not add any error information.
+By default, all module errors add error information to the error queue.
+.It Dv CONF_MFLAGS_NO_DSO
+Disable loading of configuration modules from DSOs.
+.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
+Let
+.Fn CONF_modules_load_file
+ignore missing configuration files.
+By default, a missing configuration file returns an error.
+.El
+.Sh RETURN VALUES
+These functions return 1 for success and zero or a negative value for
+failure.
+If module errors are not ignored, the return code will reflect the return
+value of the failing module (this will always be zero or negative).
+.Sh SEE ALSO
+.Xr CONF_free 3 ,
+.Xr ERR 3 ,
+.Xr OPENSSL_config 3
+.Sh HISTORY
+.Fn CONF_modules_load_file
+and
+.Fn CONF_modules_load
+first appeared in OpenSSL 0.9.7.
diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
new file mode 100644
index 0000000000..1be42dedd9
--- /dev/null
+++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -0,0 +1,70 @@
+.Dd $Mdocdate: November 11 2015 $
+.Dt CRYPTO_SET_EX_DATA 3
+.Os
+.Sh NAME
+.Nm CRYPTO_set_ex_data ,
+.Nm CRYPTO_get_ex_data
+.Nd internal application specific data functions
+.Sh SYNOPSIS
+.In openssl/crypto.h
+.Ft int
+.Fo CRYPTO_set_ex_data
+.Fa "CRYPTO_EX_DATA *r"
+.Fa "int idx"
+.Fa "void *arg"
+.Fc
+.Ft void *
+.Fo CRYPTO_get_ex_data
+.Fa "CRYPTO_EX_DATA *r"
+.Fa "int idx"
+.Fc
+.Sh DESCRIPTION
+Several OpenSSL structures can have application specific data attached
+to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+.Pp
+These functions should only be used by applications to manipulate
+.Vt CRYPTO_EX_DATA
+structures passed to the
+.Fn new_func ,
+.Fn free_func ,
+and
+.Fn dup_func
+callbacks: as passed to
+.Xr RSA_get_ex_new_index 3
+for example.
+.Pp
+.Fn CRYPTO_set_ex_data
+is used to set application specific data, the data is supplied in the
+.Fa arg
+parameter and its precise meaning is up to the application.
+.Pp
+.Fn CRYPTO_get_ex_data
+is used to retrieve application specific data.
+The data is returned to the application, this will be the same value as
+supplied to a previous
+.Fn CRYPTO_set_ex_data
+call.
+.Sh RETURN VALUES
+.Fn CRYPTO_set_ex_data
+returns 1 on success or 0 on failure.
+.Pp
+.Fn CRYPTO_get_ex_data
+returns the application data or 0 on failure.
+0 may also be valid application data but currently it can only fail if
+given an invalid
+.Fa idx
+parameter.
+.Pp
+On failure an error code can be obtained from
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr DH_get_ex_new_index 3 ,
+.Xr DSA_get_ex_new_index 3 ,
+.Xr RSA_get_ex_new_index 3
+.Sh HISTORY
+.Fn CRYPTO_set_ex_data
+and
+.Fn CRYPTO_get_ex_data
+have been available since SSLeay 0.9.0.
diff --git a/src/lib/libcrypto/man/CRYPTO_set_locking_callback.3 b/src/lib/libcrypto/man/CRYPTO_set_locking_callback.3
new file mode 100644
index 0000000000..d6290852b5
--- /dev/null
+++ b/src/lib/libcrypto/man/CRYPTO_set_locking_callback.3
@@ -0,0 +1,321 @@
+.Dd $Mdocdate: November 11 2015 $
+.Dt CRYPTO_SET_LOCKING_CALLBACK 3
+.Os
+.Sh NAME
+.Nm CRYPTO_THREADID_set_callback ,
+.Nm CRYPTO_THREADID_get_callback ,
+.Nm CRYPTO_THREADID_current ,
+.Nm CRYPTO_THREADID_cmp ,
+.Nm CRYPTO_THREADID_cpy ,
+.Nm CRYPTO_THREADID_hash ,
+.Nm CRYPTO_set_locking_callback ,
+.Nm CRYPTO_num_locks ,
+.Nm CRYPTO_set_dynlock_create_callback ,
+.Nm CRYPTO_set_dynlock_lock_callback ,
+.Nm CRYPTO_set_dynlock_destroy_callback ,
+.Nm CRYPTO_get_new_dynlockid ,
+.Nm CRYPTO_destroy_dynlockid ,
+.Nm CRYPTO_lock
+.Nd OpenSSL thread support
+.Sh SYNOPSIS
+.In openssl/crypto.h
+.Bd -literal
+/* Don't use this structure directly. */
+typedef struct crypto_threadid_st {
+        void *ptr;
+        unsigned long val;
+} CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+.Ed
+.Pp
+.Ft void
+.Fo CRYPTO_THREADID_set_numeric
+.Fa "CRYPTO_THREADID *id"
+.Fa "unsigned long val"
+.Fc
+.Ft void
+.Fo CRYPTO_THREADID_set_pointer
+.Fa "CRYPTO_THREADID *id"
+.Fa "void *ptr"
+.Fc
+.Ft int
+.Fo CRYPTO_THREADID_set_callback
+.Fa "void (*threadid_func)(CRYPTO_THREADID *)"
+.Fc
+.Ft void
+.Fo "(*CRYPTO_THREADID_get_callback(void))"
+.Fa "CRYPTO_THREADID *"
+.Fc
+.Ft void
+.Fo CRYPTO_THREADID_current
+.Fa "CRYPTO_THREADID *id"
+.Fc
+.Ft int
+.Fo CRYPTO_THREADID_cmp
+.Fa "const CRYPTO_THREADID *a"
+.Fa "const CRYPTO_THREADID *b"
+.Fc
+.Ft void
+.Fo CRYPTO_THREADID_cpy
+.Fa "CRYPTO_THREADID *dest"
+.Fa "const CRYPTO_THREADID *src"
+.Fc
+.Ft unsigned long
+.Fo CRYPTO_THREADID_hash
+.Fa "const CRYPTO_THREADID *id"
+.Fc
+.Ft int
+.Fo CRYPTO_num_locks
+.Fa void
+.Fc
+.Bd -literal
+/* struct CRYPTO_dynlock_value needs to be defined by the user */
+struct CRYPTO_dynlock_value;
+.Ed
+.Pp
+.Ft void
+.Fo CRYPTO_set_dynlock_create_callback
+.Fa "struct CRYPTO_dynlock_value *"
+.Fa "(*dyn_create_function)(char *file, int line)"
+.Fc
+.Ft void
+.Fo CRYPTO_set_dynlock_lock_callback
+.Fa "void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l,\
+ const char *file, int line)"
+.Fc
+.Ft void
+.Fo CRYPTO_set_dynlock_destroy_callback
+.Fa "void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l,\
+ const char *file, int line)"
+.Fc
+.Ft int
+.Fo CRYPTO_get_new_dynlockid
+.Fa void
+.Fc
+.Ft void
+.Fo CRYPTO_destroy_dynlockid
+.Fa "int i"
+.Fc
+.Ft void
+.Fo CRYPTO_lock
+.Fa "int mode"
+.Fa "int n"
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+.Bd -literal
+#define CRYPTO_w_lock(type) \e
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE, type, __FILE__, __LINE__)
+#define CRYPTO_w_unlock(type) \e
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE, type, __FILE__, __LINE__)
+#define CRYPTO_r_lock(type) \e
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ, type, __FILE__, __LINE__)
+#define CRYPTO_r_unlock(type) \e
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ, type, __FILE__, __LINE__)
+#define CRYPTO_add(addr,amount,type) \e
+        CRYPTO_add_lock(addr, amount, type, __FILE__, __LINE__)
+.Ed
+.Sh DESCRIPTION
+OpenSSL can safely be used in multi-threaded applications provided that
+at least two callback functions are set,
+.Fn locking_function
+and
+.Fn threadid_func .
+.Pp
+.Fo locking_function
+.Fa "int mode"
+.Fa "int n"
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+is needed to perform locking on shared data structures.
+Note that OpenSSL uses a number of global data structures that will be
+implicitly shared whenever multiple threads use OpenSSL.
+Multi-threaded applications will crash at random if it is not set.
+.Pp
+.Fn locking_function
+must be able to handle up to
+.Fn CRYPTO_num_locks
+different mutex locks.
+It sets the
+.Fa n Ns -th
+lock if
+.Fa mode
+includes
+.Dv CRYPTO_LOCK ,
+and releases it otherwise.
+.Pp
+.Fa file
+and
+.Fa line
+are the file number of the function setting the lock.
+They can be useful for debugging.
+.Pp
+.Fo threadid_func
+.Fa "CRYPTO_THREADID *id"
+.Fc
+is needed to record the currently-executing thread's identifier into
+.Fa id .
+The implementation of this callback should not fill in
+.Fa id
+directly, but should use
+.Fn CRYPTO_THREADID_set_numeric
+if thread IDs are numeric, or
+.Fn CRYPTO_THREADID_set_pointer
+if they are pointer-based.
+If the application does not register such a callback using
+.Fn CRYPTO_THREADID_set_callback ,
+then a default implementation is used - on Windows and BeOS this uses
+the system's default thread identifying APIs, and on all other platforms
+it uses the address of
+.Va errno .
+The latter is satisfactory for thread-safety if and only if the platform
+has a thread-local error number facility.
+.Pp
+Once
+.Fn threadid_func
+is registered, or if the built-in default implementation is to be used,
+.Bl -bullet
+.It
+.Fn CRYPTO_THREADID_current
+records the currently-executing thread ID into the given
+.Fa id
+object.
+.It
+.Fn CRYPTO_THREADID_cmp
+compares two thread IDs (returning zero for equality, i.e. the same
+semantics as
+.Xr memcmp 3 ) .
+.It
+.Fn CRYPTO_THREADID_cpy
+duplicates a thread ID value.
+.It
+.Fn CRYPTO_THREADID_hash
+returns a numeric value usable as a hash-table key.
+This is usually the exact numeric or pointer-based thread ID used
+internally, however this also handles the unusual case where pointers
+are larger than
+.Vt long
+variables and the platform's thread IDs are pointer-based \(em in
+this case, mixing is done to attempt to produce a unique numeric
+value even though it is not as wide as the platform's true thread
+IDs.
+.El
+.Pp
+Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
+of OpenSSL need it for better performance.
+To enable this, the following is required:
+.Bl -bullet
+.It
+Three additional callback functions,
+.Fn dyn_create_function ,
+.Fn dyn_lock_function ,
+and
+.Fn dyn_destroy_function .
+.It
+A structure defined with the data that each lock needs to handle.
+.El
+.Pp
+.Vt struct CRYPTO_dynlock_value
+has to be defined to contain whatever structure is needed to handle locks.
+.Pp
+.Fo dyn_create_function
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+is needed to create a lock.
+Multi-threaded applications might crash at random if it is not set.
+.Pp
+.Fo dyn_lock_function
+.Fa "int mode"
+.Fa "CRYPTO_dynlock *l"
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+is needed to perform locking off dynamic lock numbered n.
+Multi-threaded applications might crash at random if it is not set.
+.Pp
+.Fo dyn_destroy_function
+.Fa "CRYPTO_dynlock *l"
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+is needed to destroy the lock
+.Fa l .
+Multi-threaded applications might crash at random if it is not set.
+.Pp
+.Fn CRYPTO_get_new_dynlockid
+is used to create locks.
+It will call
+.Fn dyn_create_function
+for the actual creation.
+.Pp
+.Fn CRYPTO_destroy_dynlockid
+is used to destroy locks.
+It will call
+.Fn dyn_destroy_function
+for the actual destruction.
+.Pp
+.Fn CRYPTO_lock
+is used to lock and unlock the locks.
+.Fa mode
+is a bitfield describing what should be done with the lock.
+.Fa n
+is the number of the lock as returned from
+.Fn CRYPTO_get_new_dynlockid .
+.Fa mode
+can be combined from the following values.
+These values are pairwise exclusive, with undefined behaviour if misused
+(for example,
+.Dv CRYPTO_READ
+and
+.Dv CRYPTO_WRITE
+should not be used together):
+.Bd -literal -offset indent
+CRYPTO_LOCK     0x01
+CRYPTO_UNLOCK   0x02
+CRYPTO_READ     0x04
+CRYPTO_WRITE    0x08
+.Ed
+.Sh RETURN VALUES
+.Fn CRYPTO_num_locks
+returns the required number of locks.
+.Pp
+.Fn CRYPTO_get_new_dynlockid
+returns the index to the newly created lock.
+.Pp
+The other functions return no values.
+.Sh NOTES
+You can find out if OpenSSL was configured with thread support:
+.Bd -literal -offset indent
+#define OPENSSL_THREAD_DEFINES
+#include <openssl/opensslconf.h>
+#if defined(OPENSSL_THREADS)
+        /* thread support enabled */
+#else
+        /* no thread support */
+#endif
+.Ed
+.Pp
+Also, dynamic locks are currently not used internally by OpenSSL, but
+may do so in the future.
+.Sh EXAMPLES
+.Pa crypto/threads/mttest.c
+shows examples of the callback functions on Solaris, Irix and Win32.
+.Sh SEE ALSO
+.Xr crypto 3
+.Sh HISTORY
+.Fn CRYPTO_set_locking_callback
+is available in all versions of SSLeay and OpenSSL.
+.Fn CRYPTO_num_locks
+was added in OpenSSL 0.9.4.
+All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
+.Vt CRYPTO_THREADID
+and associated functions were introduced in OpenSSL 1.0.0 to replace
+(actually, deprecate) the previous
+.Fn CRYPTO_set_id_callback ,
+.Fn CRYPTO_get_id_callback ,
+and
+.Fn CRYPTO_thread_id
+functions which assumed thread IDs to always be represented by
+.Vt unsigned long .
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 2c5ffbb8e4..ef5c1f9727 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.26 2015/11/11 18:36:48 schwarze Exp $
+# $OpenBSD: Makefile,v 1.27 2015/11/11 21:15:15 schwarze Exp $
 .include <bsd.own.mk>           # for NOMAN
@@ -69,13 +69,14 @@ MAN=	\
        CMS_uncompress.3 \
        CMS_verify.3 \
        CMS_verify_receipt.3 \
-        EVP_AEAD_CTX_init.3 \
-GENMAN= \
        CONF_modules_free.3 \
        CONF_modules_load_file.3 \
        CRYPTO_set_ex_data.3 \
        CRYPTO_set_locking_callback.3 \
+        EVP_AEAD_CTX_init.3 \
+        crypto.3 \
+GENMAN= \
        DES_set_key.3 \
        DH_generate_key.3 \
        DH_generate_parameters.3 \
@@ -188,7 +189,6 @@ GENMAN= \
        X509_verify_cert.3 \
        bn.3 \
        bn_internal.3 \
-        crypto.3 \
        d2i_ASN1_OBJECT.3 \
        d2i_DHparams.3 \
        d2i_DSAPublicKey.3 \
diff --git a/src/lib/libcrypto/man/crypto.3 b/src/lib/libcrypto/man/crypto.3
new file mode 100644
index 0000000000..24d4ed1979
--- /dev/null
+++ b/src/lib/libcrypto/man/crypto.3
@@ -0,0 +1,104 @@
+.Dd $Mdocdate: November 11 2015 $
+.Dt CRYPTO 3
+.Os
+.Sh NAME
+.Nm crypto
+.Nd OpenSSL cryptographic library
+.Sh DESCRIPTION
+The OpenSSL crypto library implements a wide range of cryptographic
+algorithms used in various Internet standards.
+The services provided by this library are used by the OpenSSL
+implementations of SSL, TLS and S/MIME, and they have also been used to
+implement SSH, OpenPGP, and other cryptographic standards.
+.Sh OVERVIEW
+.Sy libcrypto
+consists of a number of sub-libraries that implement the individual
+algorithms.
+.Pp
+The functionality includes symmetric encryption, public key cryptography
+and key agreement, certificate handling, cryptographic hash functions
+and a cryptographic pseudo-random number generator.
+.Bl -tag -width Ds
+.It SYMMETRIC CIPHERS
+.Xr blowfish 3 ,
+cast,
+.Xr des 3 ,
+idea,
+rc2,
+.Xr rc4 3 ,
+rc5
+.It PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
+.Xr dsa 3 ,
+.Xr dh 3 ,
+.Xr rsa 3
+.It CERTIFICATES
+.Xr x509 3 ,
+x509v3
+.It AUTHENTICATION CODES, HASH FUNCTIONS
+.Xr hmac 3 ,
+.Xr MD2 3 ,
+.Xr MD4 3 ,
+.Xr MD5 3 ,
+.Xr ripemd 3 ,
+.Xr sha 3
+.It AUXILIARY FUNCTIONS
+.Xr ERR 3 ,
+.Xr threads 3 ,
+.Xr rand 3 ,
+.Xr OPENSSL_VERSION_NUMBER 3
+.It INPUT/OUTPUT, DATA ENCODING
+asn1,
+.Xr bio 3 ,
+.Xr evp 3 ,
+.Xr pem 3 ,
+pkcs7,
+pkcs12
+.It INTERNAL FUNCTIONS
+.Xr bn 3 ,
+.Xr buffer 3 ,
+.Xr ec 3 ,
+.Xr lhash 3 ,
+objects,
+stack,
+txt_db
+.El
+.Sh NOTES
+Some of the newer functions follow a naming convention using the numbers
+.Sq 0
+and
+.Sq 1 .
+For example the functions:
+.Pp
+.Ft int
+.Fo X509_CRL_add0_revoked
+.Fa "X509_CRL *crl"
+.Fa "X509_REVOKED *rev"
+.Fc
+.br
+.Ft int
+.Fo X509_add1_trust_object
+.Fa "X509 *x"
+.Fa "ASN1_OBJECT *obj"
+.Fc
+.Pp
+The
+.Sq 0
+version uses the supplied structure pointer directly in the parent and
+it will be freed up when the parent is freed.
+In the above example
+.Fa crl
+would be freed but
+.Fa rev
+would not.
+.Pp
+The
+.Sq 1
+function uses a copy of the supplied structure pointer (or in some cases
+increases its link count) in the parent and so both
+.Pf ( Fa x
+and
+.Fa obj
+above) should be freed up.
+.Sh SEE ALSO
+.Xr openssl 1 ,
+.Xr ssl 3

diff --git a/src/lib/libcrypto/man/CONF_modules_free.3 b/src/lib/libcrypto/man/CONF_modules_free.3 new file mode 100644 index 0000000000..b09989d664 --- /dev/null +++ b/src/lib/libcrypto/man/CONF_modules_free.3
@@ -0,0 +1,56 @@
		1	.Dd $Mdocdate: November 11 2015 $
		2	.Dt CONF_MODULES_FREE 3
		3	.Os
		4	.Sh NAME
		5	.Nm CONF_modules_free ,
		6	.Nm CONF_modules_finish ,
		7	.Nm CONF_modules_unload
		8	.Nd OpenSSL configuration cleanup functions
		9	.Sh SYNOPSIS
		10	.In openssl/conf.h
		11	.Ft void
		12	.Fo CONF_modules_free
		13	.Fa void
		14	.Fc
		15	.Ft void
		16	.Fo CONF_modules_finish
		17	.Fa void
		18	.Fc
		19	.Ft void
		20	.Fo CONF_modules_unload
		21	.Fa "int all"
		22	.Fc
		23	.Sh DESCRIPTION
		24	.Fn CONF_modules_free
		25	closes down and frees up all memory allocated by all configuration
		26	modules.
		27	.Pp
		28	.Fn CONF_modules_finish
		29	calls the configuration
		30	.Sy finish
		31	handler of each configuration module to free up any configuration
		32	that module may have performed.
		33	.Pp
		34	.Fn CONF_modules_unload
		35	finishes and unloads configuration modules.
		36	If
		37	.Fa all
		38	is set to 0, only modules loaded from DSOs will be unloaded.
		39	If
		40	.Fa all
		41	is 1, all modules, including builtin modules, will be unloaded.
		42	.Sh NOTES
		43	Normally applications will only call
		44	.Fn CONF_modules_free
		45	at application to tidy up any configuration performed.
		46	.Sh RETURN VALUE
		47	None of the functions return a value.
		48	.Sh SEE ALSO
		49	.Xr CONF_modules_load_file 3 ,
		50	.Xr OPENSSL_config 3
		51	.Sh HISTORY
		52	.Fn CONF_modules_free ,
		53	.Fn CONF_modules_unload ,
		54	and
		55	.Fn CONF_modules_finish
		56	first appeared in OpenSSL 0.9.7.


diff --git a/src/lib/libcrypto/man/CONF_modules_load_file.3 b/src/lib/libcrypto/man/CONF_modules_load_file.3 new file mode 100644 index 0000000000..b5de94411d --- /dev/null +++ b/src/lib/libcrypto/man/CONF_modules_load_file.3
@@ -0,0 +1,82 @@
		1	.Dd $Mdocdate: November 11 2015 $
		2	.Dt CONF_MODULES_LOAD_FILE 3
		3	.Os
		4	.Sh NAME
		5	.Nm CONF_modules_load_file ,
		6	.Nm CONF_modules_load
		7	.Nd OpenSSL configuration functions
		8	.Sh SYNOPSIS
		9	.In openssl/conf.h
		10	.Ft int
		11	.Fo CONF_modules_load_file
		12	.Fa "const char *filename"
		13	.Fa "const char *appname"
		14	.Fa "unsigned long flags"
		15	.Fc
		16	.Ft int
		17	.Fo CONF_modules_load
		18	.Fa "const CONF *cnf"
		19	.Fa "const char *appname"
		20	.Fa "unsigned long flags"
		21	.Fc
		22	.Sh DESCRIPTION
		23	The function
		24	.Fn CONF_modules_load_file
		25	configures OpenSSL using file
		26	.Fa filename
		27	and application name
		28	.Fa appname .
		29	If
		30	.Fa filename
		31	is
		32	.Dv NULL ,
		33	the standard OpenSSL configuration file is used.
		34	If
		35	.Fa appname
		36	is
		37	.Dv NULL ,
		38	the standard OpenSSL application name
		39	.Qq openssl_conf
		40	is used.
		41	The behaviour can be cutomized using
		42	.Fa flags .
		43	.Pp
		44	.Fn CONF_modules_load
		45	is idential to
		46	.Fn CONF_modules_load_file
		47	except it reads configuration information from
		48	.Fa cnf .
		49	.Pp
		50	The following
		51	.Fa flags
		52	are currently recognized:
		53	.Bl -tag -width Ds
		54	.It Dv CONF_MFLAGS_IGNORE_ERRORS
		55	Ignore errors returned by individual configuration modules.
		56	By default, the first module error is considered fatal and no further
		57	modules are loaded.
		58	.It Dv CONF_MFLAGS_SILENT
		59	Do not add any error information.
		60	By default, all module errors add error information to the error queue.
		61	.It Dv CONF_MFLAGS_NO_DSO
		62	Disable loading of configuration modules from DSOs.
		63	.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
		64	Let
		65	.Fn CONF_modules_load_file
		66	ignore missing configuration files.
		67	By default, a missing configuration file returns an error.
		68	.El
		69	.Sh RETURN VALUES
		70	These functions return 1 for success and zero or a negative value for
		71	failure.
		72	If module errors are not ignored, the return code will reflect the return
		73	value of the failing module (this will always be zero or negative).
		74	.Sh SEE ALSO
		75	.Xr CONF_free 3 ,
		76	.Xr ERR 3 ,
		77	.Xr OPENSSL_config 3
		78	.Sh HISTORY
		79	.Fn CONF_modules_load_file
		80	and
		81	.Fn CONF_modules_load
		82	first appeared in OpenSSL 0.9.7.


diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 new file mode 100644 index 0000000000..1be42dedd9 --- /dev/null +++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -0,0 +1,70 @@
		1	.Dd $Mdocdate: November 11 2015 $
		2	.Dt CRYPTO_SET_EX_DATA 3
		3	.Os
		4	.Sh NAME
		5	.Nm CRYPTO_set_ex_data ,
		6	.Nm CRYPTO_get_ex_data
		7	.Nd internal application specific data functions
		8	.Sh SYNOPSIS
		9	.In openssl/crypto.h
		10	.Ft int
		11	.Fo CRYPTO_set_ex_data
		12	.Fa "CRYPTO_EX_DATA *r"
		13	.Fa "int idx"
		14	.Fa "void *arg"
		15	.Fc
		16	.Ft void *
		17	.Fo CRYPTO_get_ex_data
		18	.Fa "CRYPTO_EX_DATA *r"
		19	.Fa "int idx"
		20	.Fc
		21	.Sh DESCRIPTION
		22	Several OpenSSL structures can have application specific data attached
		23	to them.
		24	These functions are used internally by OpenSSL to manipulate application
		25	specific data attached to a specific structure.
		26	.Pp
		27	These functions should only be used by applications to manipulate
		28	.Vt CRYPTO_EX_DATA
		29	structures passed to the
		30	.Fn new_func ,
		31	.Fn free_func ,
		32	and
		33	.Fn dup_func
		34	callbacks: as passed to
		35	.Xr RSA_get_ex_new_index 3
		36	for example.
		37	.Pp
		38	.Fn CRYPTO_set_ex_data
		39	is used to set application specific data, the data is supplied in the
		40	.Fa arg
		41	parameter and its precise meaning is up to the application.
		42	.Pp
		43	.Fn CRYPTO_get_ex_data
		44	is used to retrieve application specific data.
		45	The data is returned to the application, this will be the same value as
		46	supplied to a previous
		47	.Fn CRYPTO_set_ex_data
		48	call.
		49	.Sh RETURN VALUES
		50	.Fn CRYPTO_set_ex_data
		51	returns 1 on success or 0 on failure.
		52	.Pp
		53	.Fn CRYPTO_get_ex_data
		54	returns the application data or 0 on failure.
		55	0 may also be valid application data but currently it can only fail if
		56	given an invalid
		57	.Fa idx
		58	parameter.
		59	.Pp
		60	On failure an error code can be obtained from
		61	.Xr ERR_get_error 3 .
		62	.Sh SEE ALSO
		63	.Xr DH_get_ex_new_index 3 ,
		64	.Xr DSA_get_ex_new_index 3 ,
		65	.Xr RSA_get_ex_new_index 3
		66	.Sh HISTORY
		67	.Fn CRYPTO_set_ex_data
		68	and
		69	.Fn CRYPTO_get_ex_data
		70	have been available since SSLeay 0.9.0.


diff --git a/src/lib/libcrypto/man/CRYPTO_set_locking_callback.3 b/src/lib/libcrypto/man/CRYPTO_set_locking_callback.3 new file mode 100644 index 0000000000..d6290852b5 --- /dev/null +++ b/src/lib/libcrypto/man/CRYPTO_set_locking_callback.3
@@ -0,0 +1,321 @@
		1	.Dd $Mdocdate: November 11 2015 $
		2	.Dt CRYPTO_SET_LOCKING_CALLBACK 3
		3	.Os
		4	.Sh NAME
		5	.Nm CRYPTO_THREADID_set_callback ,
		6	.Nm CRYPTO_THREADID_get_callback ,
		7	.Nm CRYPTO_THREADID_current ,
		8	.Nm CRYPTO_THREADID_cmp ,
		9	.Nm CRYPTO_THREADID_cpy ,
		10	.Nm CRYPTO_THREADID_hash ,
		11	.Nm CRYPTO_set_locking_callback ,
		12	.Nm CRYPTO_num_locks ,
		13	.Nm CRYPTO_set_dynlock_create_callback ,
		14	.Nm CRYPTO_set_dynlock_lock_callback ,
		15	.Nm CRYPTO_set_dynlock_destroy_callback ,
		16	.Nm CRYPTO_get_new_dynlockid ,
		17	.Nm CRYPTO_destroy_dynlockid ,
		18	.Nm CRYPTO_lock
		19	.Nd OpenSSL thread support
		20	.Sh SYNOPSIS
		21	.In openssl/crypto.h
		22	.Bd -literal
		23	/* Don't use this structure directly. */
		24	typedef struct crypto_threadid_st {
		25	void *ptr;
		26	unsigned long val;
		27	} CRYPTO_THREADID;
		28	/* Only use CRYPTO_THREADID_set_[numeric\|pointer]() within callbacks */
		29	.Ed
		30	.Pp
		31	.Ft void
		32	.Fo CRYPTO_THREADID_set_numeric
		33	.Fa "CRYPTO_THREADID *id"
		34	.Fa "unsigned long val"
		35	.Fc
		36	.Ft void
		37	.Fo CRYPTO_THREADID_set_pointer
		38	.Fa "CRYPTO_THREADID *id"
		39	.Fa "void *ptr"
		40	.Fc
		41	.Ft int
		42	.Fo CRYPTO_THREADID_set_callback
		43	.Fa "void (threadid_func)(CRYPTO_THREADID )"
		44	.Fc
		45	.Ft void
		46	.Fo "(*CRYPTO_THREADID_get_callback(void))"
		47	.Fa "CRYPTO_THREADID *"
		48	.Fc
		49	.Ft void
		50	.Fo CRYPTO_THREADID_current
		51	.Fa "CRYPTO_THREADID *id"
		52	.Fc
		53	.Ft int
		54	.Fo CRYPTO_THREADID_cmp
		55	.Fa "const CRYPTO_THREADID *a"
		56	.Fa "const CRYPTO_THREADID *b"
		57	.Fc
		58	.Ft void
		59	.Fo CRYPTO_THREADID_cpy
		60	.Fa "CRYPTO_THREADID *dest"
		61	.Fa "const CRYPTO_THREADID *src"
		62	.Fc
		63	.Ft unsigned long
		64	.Fo CRYPTO_THREADID_hash
		65	.Fa "const CRYPTO_THREADID *id"
		66	.Fc
		67	.Ft int
		68	.Fo CRYPTO_num_locks
		69	.Fa void
		70	.Fc
		71	.Bd -literal
		72	/* struct CRYPTO_dynlock_value needs to be defined by the user */
		73	struct CRYPTO_dynlock_value;
		74	.Ed
		75	.Pp
		76	.Ft void
		77	.Fo CRYPTO_set_dynlock_create_callback
		78	.Fa "struct CRYPTO_dynlock_value *"
		79	.Fa "(dyn_create_function)(char file, int line)"
		80	.Fc
		81	.Ft void
		82	.Fo CRYPTO_set_dynlock_lock_callback
		83	.Fa "void (dyn_lock_function)(int mode, struct CRYPTO_dynlock_value l,\
		84	const char *file, int line)"
		85	.Fc
		86	.Ft void
		87	.Fo CRYPTO_set_dynlock_destroy_callback
		88	.Fa "void (dyn_destroy_function)(struct CRYPTO_dynlock_value l,\
		89	const char *file, int line)"
		90	.Fc
		91	.Ft int
		92	.Fo CRYPTO_get_new_dynlockid
		93	.Fa void
		94	.Fc
		95	.Ft void
		96	.Fo CRYPTO_destroy_dynlockid
		97	.Fa "int i"
		98	.Fc
		99	.Ft void
		100	.Fo CRYPTO_lock
		101	.Fa "int mode"
		102	.Fa "int n"
		103	.Fa "const char *file"
		104	.Fa "int line"
		105	.Fc
		106	.Bd -literal
		107	#define CRYPTO_w_lock(type) \e
		108	CRYPTO_lock(CRYPTO_LOCK\|CRYPTO_WRITE, type, __FILE__, __LINE__)
		109	#define CRYPTO_w_unlock(type) \e
		110	CRYPTO_lock(CRYPTO_UNLOCK\|CRYPTO_WRITE, type, __FILE__, __LINE__)
		111	#define CRYPTO_r_lock(type) \e
		112	CRYPTO_lock(CRYPTO_LOCK\|CRYPTO_READ, type, __FILE__, __LINE__)
		113	#define CRYPTO_r_unlock(type) \e
		114	CRYPTO_lock(CRYPTO_UNLOCK\|CRYPTO_READ, type, __FILE__, __LINE__)
		115	#define CRYPTO_add(addr,amount,type) \e
		116	CRYPTO_add_lock(addr, amount, type, __FILE__, __LINE__)
		117	.Ed
		118	.Sh DESCRIPTION
		119	OpenSSL can safely be used in multi-threaded applications provided that
		120	at least two callback functions are set,
		121	.Fn locking_function
		122	and
		123	.Fn threadid_func .
		124	.Pp
		125	.Fo locking_function
		126	.Fa "int mode"
		127	.Fa "int n"
		128	.Fa "const char *file"
		129	.Fa "int line"
		130	.Fc
		131	is needed to perform locking on shared data structures.
		132	Note that OpenSSL uses a number of global data structures that will be
		133	implicitly shared whenever multiple threads use OpenSSL.
		134	Multi-threaded applications will crash at random if it is not set.
		135	.Pp
		136	.Fn locking_function
		137	must be able to handle up to
		138	.Fn CRYPTO_num_locks
		139	different mutex locks.
		140	It sets the
		141	.Fa n Ns -th
		142	lock if
		143	.Fa mode
		144	includes
		145	.Dv CRYPTO_LOCK ,
		146	and releases it otherwise.
		147	.Pp
		148	.Fa file
		149	and
		150	.Fa line
		151	are the file number of the function setting the lock.
		152	They can be useful for debugging.
		153	.Pp
		154	.Fo threadid_func
		155	.Fa "CRYPTO_THREADID *id"
		156	.Fc
		157	is needed to record the currently-executing thread's identifier into
		158	.Fa id .
		159	The implementation of this callback should not fill in
		160	.Fa id
		161	directly, but should use
		162	.Fn CRYPTO_THREADID_set_numeric
		163	if thread IDs are numeric, or
		164	.Fn CRYPTO_THREADID_set_pointer
		165	if they are pointer-based.
		166	If the application does not register such a callback using
		167	.Fn CRYPTO_THREADID_set_callback ,
		168	then a default implementation is used - on Windows and BeOS this uses
		169	the system's default thread identifying APIs, and on all other platforms
		170	it uses the address of
		171	.Va errno .
		172	The latter is satisfactory for thread-safety if and only if the platform
		173	has a thread-local error number facility.
		174	.Pp
		175	Once
		176	.Fn threadid_func
		177	is registered, or if the built-in default implementation is to be used,
		178	.Bl -bullet
		179	.It
		180	.Fn CRYPTO_THREADID_current
		181	records the currently-executing thread ID into the given
		182	.Fa id
		183	object.
		184	.It
		185	.Fn CRYPTO_THREADID_cmp
		186	compares two thread IDs (returning zero for equality, i.e. the same
		187	semantics as
		188	.Xr memcmp 3 ) .
		189	.It
		190	.Fn CRYPTO_THREADID_cpy
		191	duplicates a thread ID value.
		192	.It
		193	.Fn CRYPTO_THREADID_hash
		194	returns a numeric value usable as a hash-table key.
		195	This is usually the exact numeric or pointer-based thread ID used
		196	internally, however this also handles the unusual case where pointers
		197	are larger than
		198	.Vt long
		199	variables and the platform's thread IDs are pointer-based \(em in
		200	this case, mixing is done to attempt to produce a unique numeric
		201	value even though it is not as wide as the platform's true thread
		202	IDs.
		203	.El
		204	.Pp
		205	Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
		206	of OpenSSL need it for better performance.
		207	To enable this, the following is required:
		208	.Bl -bullet
		209	.It
		210	Three additional callback functions,
		211	.Fn dyn_create_function ,
		212	.Fn dyn_lock_function ,
		213	and
		214	.Fn dyn_destroy_function .
		215	.It
		216	A structure defined with the data that each lock needs to handle.
		217	.El
		218	.Pp
		219	.Vt struct CRYPTO_dynlock_value
		220	has to be defined to contain whatever structure is needed to handle locks.
		221	.Pp
		222	.Fo dyn_create_function
		223	.Fa "const char *file"
		224	.Fa "int line"
		225	.Fc
		226	is needed to create a lock.
		227	Multi-threaded applications might crash at random if it is not set.
		228	.Pp
		229	.Fo dyn_lock_function
		230	.Fa "int mode"
		231	.Fa "CRYPTO_dynlock *l"
		232	.Fa "const char *file"
		233	.Fa "int line"
		234	.Fc
		235	is needed to perform locking off dynamic lock numbered n.
		236	Multi-threaded applications might crash at random if it is not set.
		237	.Pp
		238	.Fo dyn_destroy_function
		239	.Fa "CRYPTO_dynlock *l"
		240	.Fa "const char *file"
		241	.Fa "int line"
		242	.Fc
		243	is needed to destroy the lock
		244	.Fa l .
		245	Multi-threaded applications might crash at random if it is not set.
		246	.Pp
		247	.Fn CRYPTO_get_new_dynlockid
		248	is used to create locks.
		249	It will call
		250	.Fn dyn_create_function
		251	for the actual creation.
		252	.Pp
		253	.Fn CRYPTO_destroy_dynlockid
		254	is used to destroy locks.
		255	It will call
		256	.Fn dyn_destroy_function
		257	for the actual destruction.
		258	.Pp
		259	.Fn CRYPTO_lock
		260	is used to lock and unlock the locks.
		261	.Fa mode
		262	is a bitfield describing what should be done with the lock.
		263	.Fa n
		264	is the number of the lock as returned from
		265	.Fn CRYPTO_get_new_dynlockid .
		266	.Fa mode
		267	can be combined from the following values.
		268	These values are pairwise exclusive, with undefined behaviour if misused
		269	(for example,
		270	.Dv CRYPTO_READ
		271	and
		272	.Dv CRYPTO_WRITE
		273	should not be used together):
		274	.Bd -literal -offset indent
		275	CRYPTO_LOCK 0x01
		276	CRYPTO_UNLOCK 0x02
		277	CRYPTO_READ 0x04
		278	CRYPTO_WRITE 0x08
		279	.Ed
		280	.Sh RETURN VALUES
		281	.Fn CRYPTO_num_locks
		282	returns the required number of locks.
		283	.Pp
		284	.Fn CRYPTO_get_new_dynlockid
		285	returns the index to the newly created lock.
		286	.Pp
		287	The other functions return no values.
		288	.Sh NOTES
		289	You can find out if OpenSSL was configured with thread support:
		290	.Bd -literal -offset indent
		291	#define OPENSSL_THREAD_DEFINES
		292	#include <openssl/opensslconf.h>
		293	#if defined(OPENSSL_THREADS)
		294	/* thread support enabled */
		295	#else
		296	/* no thread support */
		297	#endif
		298	.Ed
		299	.Pp
		300	Also, dynamic locks are currently not used internally by OpenSSL, but
		301	may do so in the future.
		302	.Sh EXAMPLES
		303	.Pa crypto/threads/mttest.c
		304	shows examples of the callback functions on Solaris, Irix and Win32.
		305	.Sh SEE ALSO
		306	.Xr crypto 3
		307	.Sh HISTORY
		308	.Fn CRYPTO_set_locking_callback
		309	is available in all versions of SSLeay and OpenSSL.
		310	.Fn CRYPTO_num_locks
		311	was added in OpenSSL 0.9.4.
		312	All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
		313	.Vt CRYPTO_THREADID
		314	and associated functions were introduced in OpenSSL 1.0.0 to replace
		315	(actually, deprecate) the previous
		316	.Fn CRYPTO_set_id_callback ,
		317	.Fn CRYPTO_get_id_callback ,
		318	and
		319	.Fn CRYPTO_thread_id
		320	functions which assumed thread IDs to always be represented by
		321	.Vt unsigned long .


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 2c5ffbb8e4..ef5c1f9727 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.26 2015/11/11 18:36:48 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.27 2015/11/11 21:15:15 schwarze Exp $
2		2
3	.include <bsd.own.mk> # for NOMAN	3	.include <bsd.own.mk> # for NOMAN
4		4
@@ -69,13 +69,14 @@ MAN= \
69	CMS_uncompress.3 \	69	CMS_uncompress.3 \
70	CMS_verify.3 \	70	CMS_verify.3 \
71	CMS_verify_receipt.3 \	71	CMS_verify_receipt.3 \
72	EVP_AEAD_CTX_init.3 \
73
74	GENMAN= \
75	CONF_modules_free.3 \	72	CONF_modules_free.3 \
76	CONF_modules_load_file.3 \	73	CONF_modules_load_file.3 \
77	CRYPTO_set_ex_data.3 \	74	CRYPTO_set_ex_data.3 \
78	CRYPTO_set_locking_callback.3 \	75	CRYPTO_set_locking_callback.3 \
		76	EVP_AEAD_CTX_init.3 \
		77	crypto.3 \
		78
		79	GENMAN= \
79	DES_set_key.3 \	80	DES_set_key.3 \
80	DH_generate_key.3 \	81	DH_generate_key.3 \
81	DH_generate_parameters.3 \	82	DH_generate_parameters.3 \
@@ -188,7 +189,6 @@ GENMAN= \
188	X509_verify_cert.3 \	189	X509_verify_cert.3 \
189	bn.3 \	190	bn.3 \
190	bn_internal.3 \	191	bn_internal.3 \
191	crypto.3 \
192	d2i_ASN1_OBJECT.3 \	192	d2i_ASN1_OBJECT.3 \
193	d2i_DHparams.3 \	193	d2i_DHparams.3 \
194	d2i_DSAPublicKey.3 \	194	d2i_DSAPublicKey.3 \


diff --git a/src/lib/libcrypto/man/crypto.3 b/src/lib/libcrypto/man/crypto.3 new file mode 100644 index 0000000000..24d4ed1979 --- /dev/null +++ b/src/lib/libcrypto/man/crypto.3
@@ -0,0 +1,104 @@
		1	.Dd $Mdocdate: November 11 2015 $
		2	.Dt CRYPTO 3
		3	.Os
		4	.Sh NAME
		5	.Nm crypto
		6	.Nd OpenSSL cryptographic library
		7	.Sh DESCRIPTION
		8	The OpenSSL crypto library implements a wide range of cryptographic
		9	algorithms used in various Internet standards.
		10	The services provided by this library are used by the OpenSSL
		11	implementations of SSL, TLS and S/MIME, and they have also been used to
		12	implement SSH, OpenPGP, and other cryptographic standards.
		13	.Sh OVERVIEW
		14	.Sy libcrypto
		15	consists of a number of sub-libraries that implement the individual
		16	algorithms.
		17	.Pp
		18	The functionality includes symmetric encryption, public key cryptography
		19	and key agreement, certificate handling, cryptographic hash functions
		20	and a cryptographic pseudo-random number generator.
		21	.Bl -tag -width Ds
		22	.It SYMMETRIC CIPHERS
		23	.Xr blowfish 3 ,
		24	cast,
		25	.Xr des 3 ,
		26	idea,
		27	rc2,
		28	.Xr rc4 3 ,
		29	rc5
		30	.It PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
		31	.Xr dsa 3 ,
		32	.Xr dh 3 ,
		33	.Xr rsa 3
		34	.It CERTIFICATES
		35	.Xr x509 3 ,
		36	x509v3
		37	.It AUTHENTICATION CODES, HASH FUNCTIONS
		38	.Xr hmac 3 ,
		39	.Xr MD2 3 ,
		40	.Xr MD4 3 ,
		41	.Xr MD5 3 ,
		42	.Xr ripemd 3 ,
		43	.Xr sha 3
		44	.It AUXILIARY FUNCTIONS
		45	.Xr ERR 3 ,
		46	.Xr threads 3 ,
		47	.Xr rand 3 ,
		48	.Xr OPENSSL_VERSION_NUMBER 3
		49	.It INPUT/OUTPUT, DATA ENCODING
		50	asn1,
		51	.Xr bio 3 ,
		52	.Xr evp 3 ,
		53	.Xr pem 3 ,
		54	pkcs7,
		55	pkcs12
		56	.It INTERNAL FUNCTIONS
		57	.Xr bn 3 ,
		58	.Xr buffer 3 ,
		59	.Xr ec 3 ,
		60	.Xr lhash 3 ,
		61	objects,
		62	stack,
		63	txt_db
		64	.El
		65	.Sh NOTES
		66	Some of the newer functions follow a naming convention using the numbers
		67	.Sq 0
		68	and
		69	.Sq 1 .
		70	For example the functions:
		71	.Pp
		72	.Ft int
		73	.Fo X509_CRL_add0_revoked
		74	.Fa "X509_CRL *crl"
		75	.Fa "X509_REVOKED *rev"
		76	.Fc
		77	.br
		78	.Ft int
		79	.Fo X509_add1_trust_object
		80	.Fa "X509 *x"
		81	.Fa "ASN1_OBJECT *obj"
		82	.Fc
		83	.Pp
		84	The
		85	.Sq 0
		86	version uses the supplied structure pointer directly in the parent and
		87	it will be freed up when the parent is freed.
		88	In the above example
		89	.Fa crl
		90	would be freed but
		91	.Fa rev
		92	would not.
		93	.Pp
		94	The
		95	.Sq 1
		96	function uses a copy of the supplied structure pointer (or in some cases
		97	increases its link count) in the parent and so both
		98	.Pf ( Fa x
		99	and
		100	.Fa obj
		101	above) should be freed up.
		102	.Sh SEE ALSO
		103	.Xr openssl 1 ,
		104	.Xr ssl 3