diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod | 101 | ||||
| -rw-r--r-- | src/lib/libcrypto/doc/OPENSSL_config.pod | 82 | ||||
| -rw-r--r-- | src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod | 51 | ||||
| -rw-r--r-- | src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod | 66 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/Makefile | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 96 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/OPENSSL_config.3 | 115 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 | 53 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | 71 | 
9 files changed, 340 insertions, 305 deletions
| diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod deleted file mode 100644 index 2f63a18a71..0000000000 --- a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod +++ /dev/null | |||
| @@ -1,101 +0,0 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/opensslv.h> | ||
| 10 | #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL | ||
| 11 | |||
| 12 | #include <openssl/crypto.h> | ||
| 13 | long SSLeay(void); | ||
| 14 | const char *SSLeay_version(int t); | ||
| 15 | |||
| 16 | =head1 DESCRIPTION | ||
| 17 | |||
| 18 | OPENSSL_VERSION_NUMBER is a numeric release version identifier: | ||
| 19 | |||
| 20 | MMNNFFPPS: major minor fix patch status | ||
| 21 | |||
| 22 | The status nibble has one of the values 0 for development, 1 to e for betas | ||
| 23 | 1 to 14, and f for release. | ||
| 24 | |||
| 25 | for example | ||
| 26 | |||
| 27 | 0x000906000 == 0.9.6 dev | ||
| 28 | 0x000906023 == 0.9.6b beta 3 | ||
| 29 | 0x00090605f == 0.9.6e release | ||
| 30 | |||
| 31 | Versions prior to 0.9.3 have identifiers E<lt> 0x0930. | ||
| 32 | Versions between 0.9.3 and 0.9.5 had a version identifier with this | ||
| 33 | interpretation: | ||
| 34 | |||
| 35 | MMNNFFRBB major minor fix final beta/patch | ||
| 36 | |||
| 37 | for example | ||
| 38 | |||
| 39 | 0x000904100 == 0.9.4 release | ||
| 40 | 0x000905000 == 0.9.5 dev | ||
| 41 | |||
| 42 | Version 0.9.5a had an interim interpretation that is like the current one, | ||
| 43 | except the patch level got the highest bit set, to keep continuity. The | ||
| 44 | number was therefore 0x0090581f. | ||
| 45 | |||
| 46 | |||
| 47 | For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. | ||
| 48 | |||
| 49 | SSLeay() returns this number. The return value can be compared to the | ||
| 50 | macro to make sure that the correct version of the library has been | ||
| 51 | loaded, especially when using DLLs on Windows systems. | ||
| 52 | |||
| 53 | SSLeay_version() returns different strings depending on B<t>: | ||
| 54 | |||
| 55 | =over 4 | ||
| 56 | |||
| 57 | =item SSLEAY_VERSION | ||
| 58 | |||
| 59 | The text variant of the version number and the release date. For example, | ||
| 60 | "OpenSSL 0.9.5a 1 Apr 2000". | ||
| 61 | |||
| 62 | =item SSLEAY_CFLAGS | ||
| 63 | |||
| 64 | The compiler flags set for the compilation process in the form | ||
| 65 | "compiler: ..." if available or "compiler: information not available" | ||
| 66 | otherwise. | ||
| 67 | |||
| 68 | =item SSLEAY_BUILT_ON | ||
| 69 | |||
| 70 | The date of the build process in the form "built on: ..." if available | ||
| 71 | or "built on: date not available" otherwise. | ||
| 72 | |||
| 73 | =item SSLEAY_PLATFORM | ||
| 74 | |||
| 75 | The "Configure" target of the library build in the form "platform: ..." | ||
| 76 | if available or "platform: information not available" otherwise. | ||
| 77 | |||
| 78 | =item SSLEAY_DIR | ||
| 79 | |||
| 80 | The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" | ||
| 81 | if available or "OPENSSLDIR: N/A" otherwise. | ||
| 82 | |||
| 83 | =back | ||
| 84 | |||
| 85 | For an unknown B<t>, the text "not available" is returned. | ||
| 86 | |||
| 87 | =head1 RETURN VALUE | ||
| 88 | |||
| 89 | The version number. | ||
| 90 | |||
| 91 | =head1 SEE ALSO | ||
| 92 | |||
| 93 | L<crypto(3)|crypto(3)> | ||
| 94 | |||
| 95 | =head1 HISTORY | ||
| 96 | |||
| 97 | SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and | ||
| 98 | OpenSSL. OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. | ||
| 99 | B<SSLEAY_DIR> was added in OpenSSL 0.9.7. | ||
| 100 | |||
| 101 | =cut | ||
| diff --git a/src/lib/libcrypto/doc/OPENSSL_config.pod b/src/lib/libcrypto/doc/OPENSSL_config.pod deleted file mode 100644 index 897d2cce59..0000000000 --- a/src/lib/libcrypto/doc/OPENSSL_config.pod +++ /dev/null | |||
| @@ -1,82 +0,0 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/conf.h> | ||
| 10 | |||
| 11 | void OPENSSL_config(const char *config_name); | ||
| 12 | void OPENSSL_no_config(void); | ||
| 13 | |||
| 14 | =head1 DESCRIPTION | ||
| 15 | |||
| 16 | OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> | ||
| 17 | configuration file name using B<config_name>. If B<config_name> is NULL then | ||
| 18 | the default name B<openssl_conf> will be used. Any errors are ignored. Further | ||
| 19 | calls to OPENSSL_config() will have no effect. The configuration file format | ||
| 20 | is documented in the L<conf(5)|conf(5)> manual page. | ||
| 21 | |||
| 22 | OPENSSL_no_config() disables configuration. If called before OPENSSL_config() | ||
| 23 | no configuration takes place. | ||
| 24 | |||
| 25 | =head1 NOTES | ||
| 26 | |||
| 27 | It is B<strongly> recommended that B<all> new applications call OPENSSL_config() | ||
| 28 | or the more sophisticated functions such as CONF_modules_load() during | ||
| 29 | initialization (that is before starting any threads). By doing this | ||
| 30 | an application does not need to keep track of all configuration options | ||
| 31 | and some new functionality can be supported automatically. | ||
| 32 | |||
| 33 | It is also possible to automatically call OPENSSL_config() when an application | ||
| 34 | calls OPENSSL_add_all_algorithms() by compiling an application with the | ||
| 35 | preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration | ||
| 36 | can be added without source changes. | ||
| 37 | |||
| 38 | The environment variable B<OPENSSL_CONF> can be set to specify the location | ||
| 39 | of the configuration file. | ||
| 40 | |||
| 41 | Currently ASN1 OBJECTs and ENGINE configuration can be performed future | ||
| 42 | versions of OpenSSL will add new configuration options. | ||
| 43 | |||
| 44 | There are several reasons why calling the OpenSSL configuration routines is | ||
| 45 | advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. | ||
| 46 | In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be | ||
| 47 | used (among other things) to load dynamic ENGINEs from shared libraries (DSOs). | ||
| 48 | However very few applications currently support the control interface and so | ||
| 49 | very few can load and use dynamic ENGINEs. Equally in future more sophisticated | ||
| 50 | ENGINEs will require certain control operations to customize them. If an | ||
| 51 | application calls OPENSSL_config() it doesn't need to know or care about | ||
| 52 | ENGINE control operations because they can be performed by editing a | ||
| 53 | configuration file. | ||
| 54 | |||
| 55 | Applications should free up configuration at application closedown by calling | ||
| 56 | CONF_modules_free(). | ||
| 57 | |||
| 58 | =head1 RESTRICTIONS | ||
| 59 | |||
| 60 | The OPENSSL_config() function is designed to be a very simple "call it and | ||
| 61 | forget it" function. As a result its behaviour is somewhat limited. It ignores | ||
| 62 | all errors silently and it can only load from the standard configuration file | ||
| 63 | location for example. | ||
| 64 | |||
| 65 | It is however B<much> better than nothing. Applications which need finer | ||
| 66 | control over their configuration functionality should use the configuration | ||
| 67 | functions such as CONF_load_modules() directly. | ||
| 68 | |||
| 69 | =head1 RETURN VALUES | ||
| 70 | |||
| 71 | Neither OPENSSL_config() nor OPENSSL_no_config() return a value. | ||
| 72 | |||
| 73 | =head1 SEE ALSO | ||
| 74 | |||
| 75 | L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, | ||
| 76 | L<CONF_modules_free(3)|CONF_modules_free(3)> | ||
| 77 | |||
| 78 | =head1 HISTORY | ||
| 79 | |||
| 80 | OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7 | ||
| 81 | |||
| 82 | =cut | ||
| diff --git a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod deleted file mode 100644 index 828fec651d..0000000000 --- a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod +++ /dev/null | |||
| @@ -1,51 +0,0 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/conf.h> | ||
| 10 | |||
| 11 | void OPENSSL_load_builtin_modules(void); | ||
| 12 | void ASN1_add_oid_module(void); | ||
| 13 | ENGINE_add_conf_module(); | ||
| 14 | |||
| 15 | =head1 DESCRIPTION | ||
| 16 | |||
| 17 | The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL | ||
| 18 | configuration modules to the internal list. They can then be used by the | ||
| 19 | OpenSSL configuration code. | ||
| 20 | |||
| 21 | ASN1_add_oid_module() adds just the ASN1 OBJECT module. | ||
| 22 | |||
| 23 | ENGINE_add_conf_module() adds just the ENGINE configuration module. | ||
| 24 | |||
| 25 | =head1 NOTES | ||
| 26 | |||
| 27 | If the simple configuration function OPENSSL_config() is called then | ||
| 28 | OPENSSL_load_builtin_modules() is called automatically. | ||
| 29 | |||
| 30 | Applications which use the configuration functions directly will need to | ||
| 31 | call OPENSSL_load_builtin_modules() themselves I<before> any other | ||
| 32 | configuration code. | ||
| 33 | |||
| 34 | Applications should call OPENSSL_load_builtin_modules() to load all | ||
| 35 | configuration modules instead of adding modules selectively: otherwise | ||
| 36 | functionality may be missing from the application if an when new | ||
| 37 | modules are added. | ||
| 38 | |||
| 39 | =head1 RETURN VALUE | ||
| 40 | |||
| 41 | None of the functions return a value. | ||
| 42 | |||
| 43 | =head1 SEE ALSO | ||
| 44 | |||
| 45 | L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)> | ||
| 46 | |||
| 47 | =head1 HISTORY | ||
| 48 | |||
| 49 | These functions first appeared in OpenSSL 0.9.7. | ||
| 50 | |||
| 51 | =cut | ||
| diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod deleted file mode 100644 index 1bba4d0212..0000000000 --- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod +++ /dev/null | |||
| @@ -1,66 +0,0 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - | ||
| 6 | add algorithms to internal table | ||
| 7 | |||
| 8 | =head1 SYNOPSIS | ||
| 9 | |||
| 10 | #include <openssl/evp.h> | ||
| 11 | |||
| 12 | void OpenSSL_add_all_algorithms(void); | ||
| 13 | void OpenSSL_add_all_ciphers(void); | ||
| 14 | void OpenSSL_add_all_digests(void); | ||
| 15 | |||
| 16 | void EVP_cleanup(void); | ||
| 17 | |||
| 18 | =head1 DESCRIPTION | ||
| 19 | |||
| 20 | OpenSSL keeps an internal table of digest algorithms and ciphers. It uses | ||
| 21 | this table to lookup ciphers via functions such as EVP_get_cipher_byname(). | ||
| 22 | |||
| 23 | OpenSSL_add_all_digests() adds all digest algorithms to the table. | ||
| 24 | |||
| 25 | OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and | ||
| 26 | ciphers). | ||
| 27 | |||
| 28 | OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including | ||
| 29 | password based encryption algorithms. | ||
| 30 | |||
| 31 | EVP_cleanup() removes all ciphers and digests from the table. | ||
| 32 | |||
| 33 | =head1 RETURN VALUES | ||
| 34 | |||
| 35 | None of the functions return a value. | ||
| 36 | |||
| 37 | =head1 NOTES | ||
| 38 | |||
| 39 | A typical application will call OpenSSL_add_all_algorithms() initially and | ||
| 40 | EVP_cleanup() before exiting. | ||
| 41 | |||
| 42 | An application does not need to add algorithms to use them explicitly, for | ||
| 43 | example by EVP_sha1(). It just needs to add them if it (or any of the functions | ||
| 44 | it calls) needs to lookup algorithms. | ||
| 45 | |||
| 46 | The cipher and digest lookup functions are used in many parts of the library. | ||
| 47 | If the table is not initialized several functions will misbehave and complain | ||
| 48 | they cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME | ||
| 49 | libraries. This is a common query in the OpenSSL mailing lists. | ||
| 50 | |||
| 51 | Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a | ||
| 52 | statically linked executable can be quite large. If this is important it is | ||
| 53 | possible to just add the required ciphers and digests. | ||
| 54 | |||
| 55 | =head1 BUGS | ||
| 56 | |||
| 57 | Although the functions do not return error codes it is possible for them to | ||
| 58 | fail. This will only happen as a result of a memory allocation failure so this | ||
| 59 | is not too much of a problem in practice. | ||
| 60 | |||
| 61 | =head1 SEE ALSO | ||
| 62 | |||
| 63 | L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>, | ||
| 64 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> | ||
| 65 | |||
| 66 | =cut | ||
| diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 802b34399f..17efba0d08 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.40 2016/11/03 10:24:26 schwarze Exp $ | 1 | # $OpenBSD: Makefile,v 1.41 2016/11/03 12:21:50 schwarze Exp $ | 
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> # for NOMAN | 3 | .include <bsd.own.mk> # for NOMAN | 
| 4 | 4 | ||
| @@ -118,6 +118,10 @@ MAN= \ | |||
| 118 | HMAC.3 \ | 118 | HMAC.3 \ | 
| 119 | MD5.3 \ | 119 | MD5.3 \ | 
| 120 | OBJ_nid2obj.3 \ | 120 | OBJ_nid2obj.3 \ | 
| 121 | OPENSSL_VERSION_NUMBER.3 \ | ||
| 122 | OPENSSL_config.3 \ | ||
| 123 | OPENSSL_load_builtin_modules.3 \ | ||
| 124 | OpenSSL_add_all_algorithms.3 \ | ||
| 121 | UI_new.3 \ | 125 | UI_new.3 \ | 
| 122 | bn_dump.3 \ | 126 | bn_dump.3 \ | 
| 123 | crypto.3 \ | 127 | crypto.3 \ | 
| @@ -128,10 +132,6 @@ MAN= \ | |||
| 128 | lh_new.3 \ | 132 | lh_new.3 \ | 
| 129 | 133 | ||
| 130 | GENMAN= \ | 134 | GENMAN= \ | 
| 131 | OPENSSL_VERSION_NUMBER.3 \ | ||
| 132 | OPENSSL_config.3 \ | ||
| 133 | OPENSSL_load_builtin_modules.3 \ | ||
| 134 | OpenSSL_add_all_algorithms.3 \ | ||
| 135 | PKCS5_PBKDF2_HMAC.3 \ | 135 | PKCS5_PBKDF2_HMAC.3 \ | 
| 136 | PEM_read_bio_PrivateKey.3 \ | 136 | PEM_read_bio_PrivateKey.3 \ | 
| 137 | PEM_write_bio_PKCS7_stream.3 \ | 137 | PEM_write_bio_PKCS7_stream.3 \ | 
| diff --git a/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 new file mode 100644 index 0000000000..660a964427 --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | |||
| @@ -0,0 +1,96 @@ | |||
| 1 | .Dd $Mdocdate: November 3 2016 $ | ||
| 2 | .Dt OPENSSL_VERSION_NUMBER 3 | ||
| 3 | .Os | ||
| 4 | .Sh NAME | ||
| 5 | .Nm OPENSSL_VERSION_NUMBER , | ||
| 6 | .Nm SSLeay , | ||
| 7 | .Nm SSLeay_version | ||
| 8 | .Nd get OpenSSL version number | ||
| 9 | .Sh SYNOPSIS | ||
| 10 | .In openssl/opensslv.h | ||
| 11 | .Fd #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL | ||
| 12 | .In openssl/crypto.h | ||
| 13 | .Ft long | ||
| 14 | .Fn SSLeay void | ||
| 15 | .Ft const char * | ||
| 16 | .Fo SSLeay_version | ||
| 17 | .Fa "int t" | ||
| 18 | .Fc | ||
| 19 | .Sh DESCRIPTION | ||
| 20 | .Dv OPENSSL_VERSION_NUMBER | ||
| 21 | is a numeric release version identifier. | ||
| 22 | The first two digits contain the major release number, | ||
| 23 | the third and fourth digits the minor release number, | ||
| 24 | the fifth and sixth digits the fix release number, | ||
| 25 | the seventh and eight digits the patch release number. | ||
| 26 | The final digit is 0 for development, 1 to e for betas 1 to 14, or f | ||
| 27 | for release. | ||
| 28 | .Pp | ||
| 29 | For example: | ||
| 30 | .Bd -literal -offset indent | ||
| 31 | 0x000906000 == 0.9.6 dev | ||
| 32 | 0x000906023 == 0.9.6b beta 3 | ||
| 33 | 0x00090605f == 0.9.6e release | ||
| 34 | .Ed | ||
| 35 | .Pp | ||
| 36 | Versions prior to 0.9.3 had identifiers < 0x0930. | ||
| 37 | For versions between 0.9.3 and 0.9.5, | ||
| 38 | the seventh digit was 1 for release and 0 otherwise, | ||
| 39 | and the eighth and ninth digits were the patch release number. | ||
| 40 | .Pp | ||
| 41 | For example: | ||
| 42 | .Bd -literal | ||
| 43 | 0x000904100 == 0.9.4 release | ||
| 44 | 0x000905000 == 0.9.5 dev | ||
| 45 | .Ed | ||
| 46 | .Pp | ||
| 47 | Version 0.9.5a had an interim interpretation that is like the current | ||
| 48 | one, except the patch level got the highest bit set, to keep continuity. | ||
| 49 | The number was therefore 0x0090581f. | ||
| 50 | .Pp | ||
| 51 | For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. | ||
| 52 | .Pp | ||
| 53 | .Fn SSLeay | ||
| 54 | returns this number. | ||
| 55 | The return value can be compared to the macro to make sure that the | ||
| 56 | correct version of the library has been loaded, especially when using | ||
| 57 | DLLs on Windows systems. | ||
| 58 | .Pp | ||
| 59 | .Fn SSLeay_version | ||
| 60 | returns different strings depending on | ||
| 61 | .Fa t : | ||
| 62 | .Bl -tag -width Ds | ||
| 63 | .It Dv SSLEAY_VERSION | ||
| 64 | The text variant of the version number and the release date. | ||
| 65 | For example, "OpenSSL 0.9.5a 1 Apr 2000". | ||
| 66 | .It Dv SSLEAY_CFLAGS | ||
| 67 | The compiler flags set for the compilation process in the form | ||
| 68 | "compiler: ..." if available or "compiler: information not available" | ||
| 69 | otherwise. | ||
| 70 | .It Dv SSLEAY_BUILT_ON | ||
| 71 | The date of the build process in the form "built on: ..." if available | ||
| 72 | or "built on: date not available" otherwise. | ||
| 73 | .It Dv SSLEAY_PLATFORM | ||
| 74 | The "Configure" target of the library build in the form "platform: ..." | ||
| 75 | if available or "platform: information not available" otherwise. | ||
| 76 | .It Dv SSLEAY_DIR | ||
| 77 | The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: | ||
| 78 | "..."" if available or "OPENSSLDIR: N/A" otherwise. | ||
| 79 | .El | ||
| 80 | .Pp | ||
| 81 | For an unknown | ||
| 82 | .Fa t , | ||
| 83 | the text "not available" is returned. | ||
| 84 | .Sh RETURN VALUE | ||
| 85 | The version number. | ||
| 86 | .Sh SEE ALSO | ||
| 87 | .Xr crypto 3 | ||
| 88 | .Sh HISTORY | ||
| 89 | .Fn SSLeay | ||
| 90 | and | ||
| 91 | .Dv SSLEAY_VERSION_NUMBER | ||
| 92 | are available in all versions of SSLeay and OpenSSL. | ||
| 93 | .Dv OPENSSL_VERSION_NUMBER | ||
| 94 | is available in all versions of OpenSSL. | ||
| 95 | .Dv SSLEAY_DIR | ||
| 96 | was added in OpenSSL 0.9.7. | ||
| diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3 new file mode 100644 index 0000000000..a944ba7b4e --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_config.3 | |||
| @@ -0,0 +1,115 @@ | |||
| 1 | .Dd $Mdocdate: November 3 2016 $ | ||
| 2 | .Dt OPENSSL_CONFIG 3 | ||
| 3 | .Os | ||
| 4 | .Sh NAME | ||
| 5 | .Nm OPENSSL_config , | ||
| 6 | .Nm OPENSSL_no_config | ||
| 7 | .Nd simple OpenSSL configuration functions | ||
| 8 | .Sh SYNOPSIS | ||
| 9 | .In openssl/conf.h | ||
| 10 | .Ft void | ||
| 11 | .Fo OPENSSL_config | ||
| 12 | .Fa "const char *config_name" | ||
| 13 | .Fc | ||
| 14 | .Ft void | ||
| 15 | .Fn OPENSSL_no_config void | ||
| 16 | .Sh DESCRIPTION | ||
| 17 | .Fn OPENSSL_config | ||
| 18 | configures OpenSSL using the standard | ||
| 19 | .Pa openssl.cnf | ||
| 20 | configuration file name using | ||
| 21 | .Fa config_name . | ||
| 22 | If | ||
| 23 | .Fa config_name | ||
| 24 | is | ||
| 25 | .Dv NULL | ||
| 26 | then the default name | ||
| 27 | .Sy openssl_conf | ||
| 28 | will be used. | ||
| 29 | Any errors are ignored. | ||
| 30 | Further calls to | ||
| 31 | .Fn OPENSSL_config | ||
| 32 | will have no effect. | ||
| 33 | .Pp | ||
| 34 | .Fn OPENSSL_no_config | ||
| 35 | disables configuration. | ||
| 36 | If called before | ||
| 37 | .Fn OPENSSL_config , | ||
| 38 | no configuration takes place. | ||
| 39 | .Pp | ||
| 40 | It is | ||
| 41 | .Sy strongly | ||
| 42 | recommended that | ||
| 43 | .Sy all | ||
| 44 | new applications call | ||
| 45 | .Fn OPENSSL_config | ||
| 46 | or the more sophisticated functions such as | ||
| 47 | .Xr CONF_modules_load 3 | ||
| 48 | during initialization (that is before starting any threads). | ||
| 49 | By doing this, an application does not need to keep track of all | ||
| 50 | configuration options and some new functionality can be supported | ||
| 51 | automatically. | ||
| 52 | .Pp | ||
| 53 | It is also possible to automatically call | ||
| 54 | .Fn OPENSSL_config | ||
| 55 | when an application calls | ||
| 56 | .Xr OPENSSL_add_all_algorithms 3 | ||
| 57 | by compiling an application with the preprocessor symbol | ||
| 58 | .Dv OPENSSL_LOAD_CONF | ||
| 59 | #define'd. | ||
| 60 | In this way configuration can be added without source changes. | ||
| 61 | .Pp | ||
| 62 | The environment variable | ||
| 63 | .Ev OPENSSL_CONF | ||
| 64 | can be set to specify the location of the configuration file. | ||
| 65 | .Pp | ||
| 66 | Currently ASN1 OBJECT and ENGINE configuration can be performed. | ||
| 67 | .Pp | ||
| 68 | There are several reasons why calling the OpenSSL configuration routines | ||
| 69 | is advisable. | ||
| 70 | For example new ENGINE functionality was added to OpenSSL 0.9.7. | ||
| 71 | In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be | ||
| 72 | used (among other things) to load dynamic ENGINEs from shared libraries | ||
| 73 | (DSOs). | ||
| 74 | However very few applications currently support the control interface | ||
| 75 | and so very few can load and use dynamic ENGINEs. | ||
| 76 | Equally in future more sophisticated ENGINEs will require certain | ||
| 77 | control operations to customize them. | ||
| 78 | If an application calls | ||
| 79 | .Fn OPENSSL_config | ||
| 80 | it doesn't need to know or care about ENGINE control operations because | ||
| 81 | they can be performed by editing a configuration file. | ||
| 82 | .Pp | ||
| 83 | Applications should free up configuration at application closedown by | ||
| 84 | calling | ||
| 85 | .Xr CONF_modules_free 3 . | ||
| 86 | .Sh RETURN VALUES | ||
| 87 | Neither | ||
| 88 | .Fn OPENSSL_config | ||
| 89 | nor | ||
| 90 | .Fn OPENSSL_no_config | ||
| 91 | return a value. | ||
| 92 | .Sh SEE ALSO | ||
| 93 | .Xr CONF_modules_free 3 , | ||
| 94 | .Xr CONF_modules_load 3 | ||
| 95 | .Sh HISTORY | ||
| 96 | .Fn OPENSSL_config | ||
| 97 | and | ||
| 98 | .Fn OPENSSL_no_config | ||
| 99 | first appeared in OpenSSL 0.9.7. | ||
| 100 | .Sh CAVEATS | ||
| 101 | The | ||
| 102 | .Fn OPENSSL_config | ||
| 103 | function is designed to be a very simple "call it and forget it" | ||
| 104 | function. | ||
| 105 | As a result its behaviour is somewhat limited. | ||
| 106 | It ignores all errors silently and it can only load from the standard | ||
| 107 | configuration file location for example. | ||
| 108 | .Pp | ||
| 109 | It is however | ||
| 110 | .Sy much | ||
| 111 | better than nothing. | ||
| 112 | Applications which need finer control over their configuration | ||
| 113 | functionality should use the configuration functions such as | ||
| 114 | .Xr CONF_load_modules 3 | ||
| 115 | directly. | ||
| diff --git a/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 new file mode 100644 index 0000000000..2a107ab7c4 --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | .Dd $Mdocdate: November 3 2016 $ | ||
| 2 | .Dt OPENSSL_LOAD_BUILTIN_MODULES 3 | ||
| 3 | .Os | ||
| 4 | .Sh NAME | ||
| 5 | .Nm OPENSSL_load_builtin_modules , | ||
| 6 | .Nm ASN1_add_oid_module , | ||
| 7 | .Nm ENGINE_add_conf_module | ||
| 8 | .Nd add standard configuration modules | ||
| 9 | .Sh SYNOPSIS | ||
| 10 | .In openssl/conf.h | ||
| 11 | .Ft void | ||
| 12 | .Fn OPENSSL_load_builtin_modules void | ||
| 13 | .Ft void | ||
| 14 | .Fn ASN1_add_oid_module void | ||
| 15 | .Ft void | ||
| 16 | .Fn ENGINE_add_conf_module void | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | The function | ||
| 19 | .Fn OPENSSL_load_builtin_modules | ||
| 20 | adds all the standard OpenSSL configuration modules to the internal | ||
| 21 | list. | ||
| 22 | They can then be used by the OpenSSL configuration code. | ||
| 23 | .Pp | ||
| 24 | .Fn ASN1_add_oid_module | ||
| 25 | adds just the ASN1 OBJECT module. | ||
| 26 | .Pp | ||
| 27 | .Fn ENGINE_add_conf_module | ||
| 28 | adds just the ENGINE configuration module. | ||
| 29 | .Pp | ||
| 30 | If the simple configuration function | ||
| 31 | .Xr OPENSSL_config 3 | ||
| 32 | is called then | ||
| 33 | .Fn OPENSSL_load_builtin_modules | ||
| 34 | is called automatically. | ||
| 35 | .Pp | ||
| 36 | Applications which use the configuration functions directly will need to | ||
| 37 | call | ||
| 38 | .Fn OPENSSL_load_builtin_modules | ||
| 39 | themselves | ||
| 40 | .Em before | ||
| 41 | any other configuration code. | ||
| 42 | .Pp | ||
| 43 | Applications should call | ||
| 44 | .Fn OPENSSL_load_builtin_modules | ||
| 45 | to load all configuration modules instead of adding modules selectively: | ||
| 46 | otherwise functionality may be missing from the application when | ||
| 47 | new modules are added. | ||
| 48 | .Sh RETURN VALUE | ||
| 49 | None of the functions return a value. | ||
| 50 | .Sh SEE ALSO | ||
| 51 | .Xr OPENSSL_config 3 | ||
| 52 | .Sh HISTORY | ||
| 53 | These functions first appeared in OpenSSL 0.9.7. | ||
| diff --git a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 new file mode 100644 index 0000000000..b6e93a939e --- /dev/null +++ b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | |||
| @@ -0,0 +1,71 @@ | |||
| 1 | .Dd $Mdocdate: November 3 2016 $ | ||
| 2 | .Dt OPENSSL_ADD_ALL_ALGORITHMS 3 | ||
| 3 | .Os | ||
| 4 | .Sh NAME | ||
| 5 | .Nm OpenSSL_add_all_algorithms , | ||
| 6 | .Nm OpenSSL_add_all_ciphers , | ||
| 7 | .Nm OpenSSL_add_all_digests , | ||
| 8 | .Nm EVP_cleanup | ||
| 9 | .Nd add algorithms to internal table | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/evp.h | ||
| 12 | .Ft void | ||
| 13 | .Fn OpenSSL_add_all_algorithms void | ||
| 14 | .Ft void | ||
| 15 | .Fn OpenSSL_add_all_ciphers void | ||
| 16 | .Ft void | ||
| 17 | .Fn OpenSSL_add_all_digests void | ||
| 18 | .Ft void | ||
| 19 | .Fn EVP_cleanup void | ||
| 20 | .Sh DESCRIPTION | ||
| 21 | OpenSSL keeps an internal table of digest algorithms and ciphers. | ||
| 22 | It uses this table to lookup ciphers via functions such as | ||
| 23 | .Xr EVP_get_cipherbyname 3 . | ||
| 24 | .Pp | ||
| 25 | .Fn OpenSSL_add_all_algorithms | ||
| 26 | adds all algorithms to the table (digests and ciphers). | ||
| 27 | .Pp | ||
| 28 | .Fn OpenSSL_add_all_digests | ||
| 29 | adds all digest algorithms to the table. | ||
| 30 | .Pp | ||
| 31 | .Fn OpenSSL_add_all_ciphers | ||
| 32 | adds all encryption algorithms to the table including password based | ||
| 33 | encryption algorithms. | ||
| 34 | .Pp | ||
| 35 | .Fn EVP_cleanup | ||
| 36 | removes all ciphers and digests from the table. | ||
| 37 | .Pp | ||
| 38 | A typical application will call | ||
| 39 | .Fn OpenSSL_add_all_algorithms | ||
| 40 | initially and | ||
| 41 | .Fn EVP_cleanup | ||
| 42 | before exiting. | ||
| 43 | .Pp | ||
| 44 | An application does not need to add algorithms to use them explicitly, | ||
| 45 | for example by | ||
| 46 | .Xr EVP_sha1 3 . | ||
| 47 | It just needs to add them if it (or any of the functions it calls) needs | ||
| 48 | to lookup algorithms. | ||
| 49 | .Pp | ||
| 50 | The cipher and digest lookup functions are used in many parts of the | ||
| 51 | library. | ||
| 52 | If the table is not initialized, several functions will misbehave and | ||
| 53 | complain they cannot find algorithms. | ||
| 54 | This includes the PEM, PKCS#12, SSL and S/MIME libraries. | ||
| 55 | This is a common query in the OpenSSL mailing lists. | ||
| 56 | .Pp | ||
| 57 | Calling | ||
| 58 | .Fn OpenSSL_add_all_algorithms | ||
| 59 | links in all algorithms: as a result a statically linked executable can | ||
| 60 | be quite large. | ||
| 61 | If this is important, it is possible to just add the required ciphers and | ||
| 62 | digests. | ||
| 63 | .Sh SEE ALSO | ||
| 64 | .Xr evp 3 , | ||
| 65 | .Xr EVP_DigestInit 3 , | ||
| 66 | .Xr EVP_EncryptInit 3 | ||
| 67 | .Sh BUGS | ||
| 68 | Although the functions do not return error codes, it is possible for them | ||
| 69 | to fail. | ||
| 70 | This will only happen as a result of a memory allocation failure so this | ||
| 71 | is not too much of a problem in practice. | ||
