From: Rich Salz Date: Tue, 9 Feb 2016 16:52:40 +0000 (-0500) Subject: Rename INIT funtions, deprecate old ones. X-Git-Tag: OpenSSL_1_1_0-pre3~130 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f672aee49450e03e7b1a26c8701d0be720e9ae0e;p=oweals%2Fopenssl.git Rename INIT funtions, deprecate old ones. Man, there were a lot of renamings :) Reviewed-by: Richard Levitte --- diff --git a/apps/openssl.c b/apps/openssl.c index e558b71d22..4a6185b1e2 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -172,8 +172,8 @@ static int apps_startup() #endif /* Set non-default library initialisation settings */ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_LOAD_CONFIG, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN + | OPENSSL_INIT_LOAD_CONFIG, NULL); setup_ui_method(); diff --git a/crypto/async/async.c b/crypto/async/async.c index 024aaf6122..db511442ba 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -97,7 +97,7 @@ err: static async_ctx *async_get_ctx(void) { - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL); return async_arch_get_ctx(); } @@ -361,7 +361,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) return 0; } - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL); if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 899dadfe21..619765ceff 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -291,7 +291,7 @@ COMP_METHOD *COMP_zlib(void) zlib_loaded++; if (zlib_loaded) meth = &zlib_stateful_method; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ZLIB, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL); } } #endif diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index e0d6c5aad9..3b42993143 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -83,7 +83,7 @@ void OPENSSL_config(const char *config_name) settings[0].value.type_string = config_name; settings[1].name = OPENSSL_INIT_SET_END; settings[1].value.type_int = 0; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, settings); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings); } void openssl_config_internal(const char *config_name) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index b53081830f..1b2a365baa 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -234,7 +234,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: - OPENSSL_INIT_thread_stop(); + OPENSSL_thread_stop(); break; case DLL_PROCESS_DETACH: break; diff --git a/crypto/err/err.c b/crypto/err/err.c index 7e8bcc1cce..d92e41e3e9 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -894,8 +894,7 @@ ERR_STATE *ERR_get_state(void) * the first one that we just replaced. */ ERR_STATE_free(tmpp); - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, - NULL); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); /* Ignore failures from this */ ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE); } diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 97a37a5815..f6e5004471 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -110,7 +110,7 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { const EVP_CIPHER *cp; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); return (cp); @@ -120,7 +120,7 @@ const EVP_MD *EVP_get_digestbyname(const char *name) { const EVP_MD *cp; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); return (cp); @@ -166,7 +166,7 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, { struct doall_cipher dc; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); dc.fn = fn; dc.arg = arg; @@ -179,7 +179,7 @@ void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, { struct doall_cipher dc; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); dc.fn = fn; dc.arg = arg; @@ -207,7 +207,7 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *md, { struct doall_md dc; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); dc.fn = fn; dc.arg = arg; @@ -220,7 +220,7 @@ void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, { struct doall_md dc; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); dc.fn = fn; dc.arg = arg; diff --git a/crypto/include/internal/conf.h b/crypto/include/internal/conf.h deleted file mode 100644 index 8feaf62328..0000000000 --- a/crypto/include/internal/conf.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Written by Matt Caswell for the OpenSSL project - */ -/* ==================================================================== - * Copyright (c) 2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -void openssl_config_internal(const char *config_name); -void openssl_no_config_internal(void); - diff --git a/crypto/init.c b/crypto/init.c index e2f3583b45..04191ded62 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -268,7 +268,7 @@ static void ossl_init_base(void) fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); #endif ossl_init_setup_thread_stop(); - atexit(OPENSSL_INIT_library_stop); + atexit(OPENSSL_cleanup); OPENSSL_cpuid_setup(); base_inited = 1; } @@ -499,7 +499,7 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) ossl_init_thread_stop_cleanup(); } -void OPENSSL_INIT_thread_stop(void) +void OPENSSL_thread_stop(void) { ossl_init_thread_stop( (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); @@ -531,7 +531,7 @@ int ossl_init_thread_start(uint64_t opts) return 1; } -void OPENSSL_INIT_library_stop(void) +void OPENSSL_cleanup(void) { OPENSSL_INIT_STOP *currhandler, *lasthandler; @@ -565,7 +565,7 @@ void OPENSSL_INIT_library_stop(void) if (zlib_inited) { #ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: OPENSSL_INIT_library_stop: " + fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " "COMP_zlib_cleanup()\n"); #endif COMP_zlib_cleanup(); @@ -574,7 +574,7 @@ void OPENSSL_INIT_library_stop(void) #ifndef OPENSSL_NO_ENGINE if (engine_inited) { # ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: OPENSSL_INIT_library_stop: " + fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " "ENGINE_cleanup()\n"); # endif ENGINE_cleanup(); @@ -583,7 +583,7 @@ void OPENSSL_INIT_library_stop(void) if (load_crypto_strings_inited) { #ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: OPENSSL_INIT_library_stop: " + fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " "ERR_free_strings()\n"); #endif ERR_free_strings(); @@ -626,8 +626,7 @@ static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting( * called prior to any threads making calls to any OpenSSL functions, * i.e. passing a non-null settings value is assumed to be single-threaded. */ -void OPENSSL_INIT_crypto_library_start(uint64_t opts, - const OPENSSL_INIT_SETTINGS *settings) +void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { /* XXX TODO WARNING To be updated to return a value not assert. */ assert(!stopped); @@ -719,7 +718,7 @@ void OPENSSL_INIT_crypto_library_start(uint64_t opts, } } -int OPENSSL_INIT_register_stop_handler(void (*handler)(void)) +int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index c3d98caec9..adabb2db95 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -640,7 +640,7 @@ int CRYPTO_mem_leaks(BIO *b) return 1; /* Ensure all resources are released */ - OPENSSL_INIT_library_stop(); + OPENSSL_cleanup(); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod index 02bd3dcd7b..7d1fee47cb 100644 --- a/doc/apps/errstr.pod +++ b/doc/apps/errstr.pod @@ -31,9 +31,6 @@ to produce the error message: =head1 SEE ALSO -L, -L, -L - +L =cut diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index bd9b605602..4d49dc789b 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -140,10 +140,6 @@ unencrypted example in L. SSL_CTX *ctx; SSL *ssl; - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - OpenSSL_add_all_algorithms(); - /* We would seed the PRNG here if the platform didn't * do it automatically */ @@ -207,10 +203,6 @@ a client and also echoes the request to standard output. SSL_CTX *ctx; SSL *ssl; - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - OpenSSL_add_all_algorithms(); - /* Might seed PRNG here */ ctx = SSL_CTX_new(TLS_server_method()); diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod index 2feb72bc83..ec8fa3a0ca 100644 --- a/doc/crypto/BIO_s_accept.pod +++ b/doc/crypto/BIO_s_accept.pod @@ -160,7 +160,7 @@ This example accepts two connections on port 4444, sends messages down each and finally closes both down. BIO *abio, *cbio, *cbio2; - ERR_load_crypto_strings(); + abio = BIO_new_accept("4444"); /* First call to BIO_accept() sets up accept BIO */ diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod index 648e8ed42b..7adb78da70 100644 --- a/doc/crypto/BIO_s_connect.pod +++ b/doc/crypto/BIO_s_connect.pod @@ -164,7 +164,7 @@ to retrieve a page and copy the result to standard output. BIO *cbio, *out; int len; char tmpbuf[1024]; - ERR_load_crypto_strings(); + cbio = BIO_new_connect("localhost:http"); out = BIO_new_fp(stdout, BIO_NOCLOSE); if(BIO_do_connect(cbio) <= 0) { diff --git a/doc/crypto/CMS_decrypt.pod b/doc/crypto/CMS_decrypt.pod index 06bc1062bc..4b1e97e8fd 100644 --- a/doc/crypto/CMS_decrypt.pod +++ b/doc/crypto/CMS_decrypt.pod @@ -22,9 +22,6 @@ is detached. It will normally be set to NULL. =head1 NOTES -OpenSSL_add_all_algorithms() (or equivalent) should be called before using this -function or errors about unknown algorithms will occur. - Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the CMS structure. diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index 53202a7d57..84f7184c7a 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -45,12 +45,6 @@ return an error. B if set and B is not NULL will use the default section pointed to by B if B does not exist. -Applications should call these functions after loading builtin modules using -OPENSSL_load_builtin_modules(), any ENGINEs for example using -ENGINE_load_builtin_engines(), any algorithms for example -OPENSSL_add_all_algorithms() and (if the application uses libssl) -SSL_library_init(). - By using CONF_modules_load_file() with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not an error: in diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod index 68d1a535e8..81ca61c9db 100644 --- a/doc/crypto/ERR_error_string.pod +++ b/doc/crypto/ERR_error_string.pod @@ -42,10 +42,6 @@ ERR_lib_error_string(), ERR_func_error_string() and ERR_reason_error_string() return the library name, function name and reason string respectively. -The OpenSSL error strings should be loaded by calling -L or, for SSL -applications, L -first. If there is no text string registered for the given error code, the error string will contain the numeric code. @@ -64,8 +60,6 @@ none is registered for the error code. =head1 SEE ALSO L, L, -L, -L L =cut diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod index b4af1fc509..88678d9020 100644 --- a/doc/crypto/ERR_load_crypto_strings.pod +++ b/doc/crypto/ERR_load_crypto_strings.pod @@ -37,4 +37,10 @@ ERR_free_strings() return no values. L, L +=head1 HISTORY + +The ERR_load_crypto_strings(), SSL_load_error_strings(), and +ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by +OPENSSL_init_crypto() and OPENSSL_init_ssl(). + =cut diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod index 3b0defe407..aec8a1029a 100644 --- a/doc/crypto/ERR_print_errors.pod +++ b/doc/crypto/ERR_print_errors.pod @@ -39,8 +39,6 @@ ERR_print_errors() and ERR_print_errors_fp() return no values. =head1 SEE ALSO L, L, -L, -L, -L +L. =cut diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 1b98c1c0fa..db9c04004e 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -143,8 +143,7 @@ returns is of zero length. EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() return an B structure when passed a digest name, a digest NID or -an ASN1_OBJECT structure respectively. The digest table must be initialized -using, for example, OpenSSL_add_all_digests() for these functions to work. +an ASN1_OBJECT structure respectively. =head1 RETURN VALUES @@ -210,8 +209,6 @@ digest name passed on the command line. unsigned char md_value[EVP_MAX_MD_SIZE]; int md_len, i; - OpenSSL_add_all_digests(); - if(!argv[1]) { printf("Usage: mdtest digestname\n"); exit(1); diff --git a/doc/crypto/OPENSSL_INIT_crypto_library_start.pod b/doc/crypto/OPENSSL_INIT_crypto_library_start.pod deleted file mode 100644 index 16f95fe604..0000000000 --- a/doc/crypto/OPENSSL_INIT_crypto_library_start.pod +++ /dev/null @@ -1,227 +0,0 @@ -=pod - -=head1 NAME - -OPENSSL_INIT_crypto_library_start, OPENSSL_INIT_library_stop, -OPENSSL_INIT_register_stop_handler, OPENSSL_INIT_thread_stop - OpenSSL -initialisation and deinitialisation functions - -=head1 SYNOPSIS - - #include - - void OPENSSL_INIT_library_stop(void); - void OPENSSL_INIT_crypto_library_start(uint64_t opts, - const OPENSSL_INIT_SETTINGS *settings); - int OPENSSL_INIT_register_stop_handler(void (*handler)(void)); - void OPENSSL_INIT_thread_stop(void); - -=head1 DESCRIPTION - -During normal operation OpenSSL (libcrypto) will allocate various resources at -start up that must, subsequently, be freed on close down of the library. -Additionally some resources are allocated on a per thread basis (if the -application is multi-threaded), and these resources must be freed prior to the -thread closing. - -As of version 1.1.0 OpenSSL will automatically allocate all resources that it -needs so no explicit initialisation is required. Similarly it will also -automatically deinitialise as required. - -However, there way be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The -function OPENSSL_INIT_crypto_library_start() can be used for this purpose for -libcrypto (see also L for the libssl -equivalent). - -Numerous internal OpenSSL functions call OPENSSL_INIT_crypto_library_start(). -Therefore, in order to perform non-default initialisation, -OPENSSL_INIT_crypto_library_start() MUST be called by application code prior to -any other OpenSSL function calls. - -The B parameter specifies which aspects of libcrypto should be -initialised. Valid options are: - -=over 4 - -=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS - -Suppress automatic loading of the libcrypto error strings. With this option the -library will not automatically call ERR_load_crypto_strings(). This option is -not a default option. Once selected subsequent calls to -OPENSSL_INIT_crypto_library_start() with the option -B will be ignored. Applications may call -ERR_load_crypto_strings() directly if they wish even if this option has been -selected. If they do so then they must also explicitly call ERR_free_strings() -on application close down. - -=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS - -Automatic loading of the libcrypto error strings. With this option the -library will automatically call ERR_load_crypto_strings(). This option is a -default option. Once selected subsequent calls to -OPENSSL_INIT_crypto_library_start() with the option -B will be ignored. - -=item OPENSSL_INIT_ADD_ALL_CIPHERS - -With this option the library will automatically load and make available all -libcrypto ciphers. This option is a default option. Once selected subsequent -calls to OPENSSL_INIT_crypto_library_start() with the option -B will be ignored. - -=item OPENSSL_INIT_ADD_ALL_DIGESTS - -With this option the library will automatically load and make available all -libcrypto digests. This option is a default option. Once selected subsequent -calls to OPENSSL_INIT_crypto_library_start() with the option -B will be ignored. - -=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS - -With this option the library will suppress automatic loading of libcrypto -ciphers. This option is not a default option. Once selected subsequent -calls to OPENSSL_INIT_crypto_library_start() with the option -B will be ignored. - -=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS - -With this option the library will suppress automatic loading of libcrypto -digests. This option is not a default option. Once selected subsequent -calls to OPENSSL_INIT_crypto_library_start() with the option -B will be ignored. - -=item OPENSSL_INIT_LOAD_CONFIG - -With this option an OpenSSL configuration file will be automatically loaded and -used by calling OPENSSL_config(). This is not a default option. - -=item OPENSSL_INIT_NO_LOAD_CONFIG - -With this option the loading of OpenSSL configuration files will be suppressed. -It is the equivalent of calling OPENSSL_no_config(). This is not a default -option. - -=item OPENSSL_INIT_ASYNC - -With this option the library with automatically initialise the libcrypto async -sub-library (see L). This is a default option. - -=item OPENSSL_INIT_ENGINE_RDRAND - -With this option the library will automatically load and initialise the -RDRAND engine (if available). This not a default option. - -=item OPENSSL_INIT_ENGINE_DYNAMIC - -With this option the library will automatically load and initialise the -dynamic engine. This not a default option. - -=item OPENSSL_INIT_ENGINE_OPENSSL - -With this option the library will automatically load and initialise the -openssl engine. This not a default option. - -=item OPENSSL_INIT_ENGINE_CRYPTODEV - -With this option the library will automatically load and initialise the -cryptodev engine (if available). This not a default option. - -=item OPENSSL_INIT_ENGINE_CAPI - -With this option the library will automatically load and initialise the -CAPI engine (if available). This not a default option. - -=item OPENSSL_INIT_ENGINE_PADLOCK - -With this option the library will automatically load and initialise the -padlock engine (if available). This not a default option. - -=item OPENSSL_INIT_ENGINE_DASYNC - -With this option the library will automatically load and initialise the -DASYNC engine. This not a default option. - -=item OPENSSL_INIT_ENGINE_ALL_BUILTIN - -With this option the library will automatically load and initialise all the -built in engines listed above with the exception of the openssl and dasync -engines. This not a default option. - -=back - -Multiple options may be combined together in a single call to -OPENSSL_INIT_start_library(). For example: - - OPENSSL_INIT_start_library(OPENSSL_INIT_NO_ADD_ALL_CIPHERS - | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); - - -The B parameter to OPENSSL_INIT_start_library() may be used to -provide optional settings values to an option. Currently the only option this -applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional -OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load -configuration from. If no filename is provided then the system default -configuration file is assumed. For example - - const OPENSSL_INIT_SETTINGS settings[2] = { - { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" }, - { OPENSSL_INIT_SET_END, .value.type_int = 0 } - }; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, settings); - -The B parameter must be an array of OPENSSL_INIT_SETTINGS values -terminated with an OPENSSL_INIT_SET_END entry. - -The OPENSSL_INIT_library_stop() function deinitialises OpenSSL (both libcrypto -and libssl). All resources allocated by OpenSSL are freed. Typically there -should be no need to call this function directly as it is initiated -automatically on application exit. This is done via the standard C library -L function. In the event that the application will close in a manner -that will not call the registered atexit() handlers then the application should -call OPENSSL_INIT_library_stop() directly. Developers of libraries using OpenSSL -are discouraged from calling this function and should instead, typically, rely -on auto-deinitialisation. This is to avoid error conditions where both an -application and a library it depends on both use OpenSSL, and the library -deinitialises it before the application has finished using it. - -The OPENSSL_INIT_register_stop_handler() function enables the registration of a -function to be called during OPENSSL_INIT_library_stop(). Stop handlers are -called after deinitialisation of resources local to a thread, but before other -process wide resources are freed. In the event that multiple stop handlers are -registered, no guarantees are made about the order of execution. - -The OPENSSL_INIT_thread_stop() function deallocates resources associated -with the current thread. Typically this function will be called automatically by -the library when the thread exits. This should only be called directly if -resources should be freed at an earlier time, or under the circumstances -described in the NOTES section below. - -=head1 NOTES - -Resources local to a thread are deallocated automatically when the thread exits -(e.g. in a pthreads environment, when pthread_exit() is called). On Windows -platforms this is done in response to a DLL_THREAD_DETACH message being sent to -the libeay32.dll entry point. Some windows functions may cause threads to exit -without sending this message (for example ExitProcess()). If the application -uses such functions, then the application must free up OpenSSL resources -directly via a call to OPENSSL_INIT_thread_stop(). Similarly this message will -also not be sent if OpenSSL is linked statically, and therefore applications -using static linking should also call OPENSSL_INIT_thread_stop(). - -=head1 RETURN VALUES - -The function OPENSSL_INIT_register_stop_handler() returns 1 on success or 0 on -error. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The OPENSSL_INIT_library_stop, OPENSSL_INIT_crypto_library_start, -OPENSSL_INIT_register_stop_handler and OPENSSL_INIT_thread_stop functions were -added in OpenSSL 1.1.0. - -=cut diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index fbf8b6d2c3..4c82566097 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -60,4 +60,9 @@ L, L, L +=head1 HISTORY + +The OPENSSL_no_config() and OPENSSL_config() functions were +deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). + =cut diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod new file mode 100644 index 0000000000..11bc1c7f7b --- /dev/null +++ b/doc/crypto/OPENSSL_init_crypto.pod @@ -0,0 +1,221 @@ +=pod + +=head1 NAME + +OPENSSL_init_crypto, OPENSSL_cleanup, +OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL +initialisation and deinitialisation functions + +=head1 SYNOPSIS + + #include + + void OPENSSL_cleanup(void); + void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + int OPENSSL_atexit(void (*handler)(void)); + void OPENSSL_thread_stop(void); + +=head1 DESCRIPTION + +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. + +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. + +However, there way be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function OPENSSL_init_crypto() can be used for this purpose for +libcrypto (see also L for the libssl +equivalent). + +Numerous internal OpenSSL functions call OPENSSL_init_crypto(). +Therefore, in order to perform non-default initialisation, +OPENSSL_init_crypto() MUST be called by application code prior to +any other OpenSSL function calls. + +The B parameter specifies which aspects of libcrypto should be +initialised. Valid options are: + +=over 4 + +=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS + +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +OPENSSL_init_crypto() with the option +B will be ignored. + +=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS + +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +OPENSSL_init_crypto() with the option +B will be ignored. + +=item OPENSSL_INIT_ADD_ALL_CIPHERS + +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +B will be ignored. + +=item OPENSSL_INIT_ADD_ALL_DIGESTS + +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +B will be ignored. + +=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS + +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +B will be ignored. + +=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS + +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +B will be ignored. + +=item OPENSSL_INIT_LOAD_CONFIG + +With this option an OpenSSL configuration file will be automatically loaded and +used by calling OPENSSL_config(). This is not a default option. + +=item OPENSSL_INIT_NO_LOAD_CONFIG + +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling OPENSSL_no_config(). This is not a default +option. + +=item OPENSSL_INIT_ASYNC + +With this option the library with automatically initialise the libcrypto async +sub-library (see L). This is a default option. + +=item OPENSSL_INIT_ENGINE_RDRAND + +With this option the library will automatically load and initialise the +RDRAND engine (if available). This not a default option. + +=item OPENSSL_INIT_ENGINE_DYNAMIC + +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. + +=item OPENSSL_INIT_ENGINE_OPENSSL + +With this option the library will automatically load and initialise the +openssl engine. This not a default option. + +=item OPENSSL_INIT_ENGINE_CRYPTODEV + +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. + +=item OPENSSL_INIT_ENGINE_CAPI + +With this option the library will automatically load and initialise the +CAPI engine (if available). This not a default option. + +=item OPENSSL_INIT_ENGINE_PADLOCK + +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. + +=item OPENSSL_INIT_ENGINE_DASYNC + +With this option the library will automatically load and initialise the +DASYNC engine. This not a default option. + +=item OPENSSL_INIT_ENGINE_ALL_BUILTIN + +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and dasync +engines. This not a default option. + +=back + +Multiple options may be combined together in a single call to +OPENSSL_INIT_start_library(). For example: + + OPENSSL_INIT_start_library(OPENSSL_INIT_NO_ADD_ALL_CIPHERS + | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); + + +The B parameter to OPENSSL_INIT_start_library() may be used to +provide optional settings values to an option. Currently the only option this +applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional +OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load +configuration from. If no filename is provided then the system default +configuration file is assumed. For example + + const OPENSSL_INIT_SETTINGS settings[2] = { + { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" }, + { OPENSSL_INIT_SET_END, .value.type_int = 0 } + }; + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings); + +The B parameter must be an array of OPENSSL_INIT_SETTINGS values +terminated with an OPENSSL_INIT_SET_END entry. + +The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +L function. In the event that the application will close in a manner +that will not call the registered atexit() handlers then the application should +call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. + +The OPENSSL_atexit() function enables the registration of a +function to be called during OPENSSL_cleanup(). Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. + +The OPENSSL_thread_stop() function deallocates resources associated +with the current thread. Typically this function will be called automatically by +the library when the thread exits. This should only be called directly if +resources should be freed at an earlier time, or under the circumstances +described in the NOTES section below. + +=head1 NOTES + +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when pthread_exit() is called). On Windows +platforms this is done in response to a DLL_THREAD_DETACH message being sent to +the libeay32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example ExitProcess()). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to OPENSSL_thread_stop(). Similarly this message will +also not be sent if OpenSSL is linked statically, and therefore applications +using static linking should also call OPENSSL_thread_stop(). + +=head1 RETURN VALUES + +The function OPENSSL_atexit() returns 1 on success or 0 on +error. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), +and OPENSSL_thread_stop() functions were added in OpenSSL 1.1.0. + +=cut diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod index 3ca0576da8..b107155a3a 100644 --- a/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -63,4 +63,10 @@ too much of a problem in practice. L, L, L +=head1 HISTORY + +The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), +OpenSSL_add_all_digests(), and EVP_cleanup(), functions +were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). + =cut diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod index 71313b80ff..90cf5062f1 100644 --- a/doc/crypto/PKCS7_decrypt.pod +++ b/doc/crypto/PKCS7_decrypt.pod @@ -19,9 +19,6 @@ B is an optional set of flags. =head1 NOTES -OpenSSL_add_all_algorithms() (or equivalent) should be called before using this -function or errors about unknown algorithms will occur. - Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the PKCS#7 structure. diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey.pod index a4213faf69..cc204790ce 100644 --- a/doc/crypto/d2i_PKCS8PrivateKey.pod +++ b/doc/crypto/d2i_PKCS8PrivateKey.pod @@ -39,10 +39,6 @@ corresponding B function as described in the L manual page. =head1 NOTES -Before using these functions L -should be called to initialize the internal algorithm lookup tables otherwise errors about -unknown algorithms will occur if an attempt is made to decrypt a private key. - These functions are currently the only way to store encrypted private keys using DER format. Currently all the functions use BIOs or FILE pointers, there are no functions which diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 11191ef560..99ed170321 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -21,14 +21,6 @@ engine - ENGINE cryptographic module support int ENGINE_init(ENGINE *e); int ENGINE_finish(ENGINE *e); - void ENGINE_load_openssl(void); - void ENGINE_load_dynamic(void); - #ifndef OPENSSL_NO_STATIC_ENGINE - void ENGINE_load_chil(void); - void ENGINE_load_gmp(void); - void ENGINE_load_ubsec(void); - #endif - void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); void ENGINE_cleanup(void); @@ -301,17 +293,7 @@ it uses static linking against openssl, then the resulting application binary will not contain any alternative ENGINE code at all. So the first consideration is whether any/all available ENGINE implementations should be made visible to OpenSSL - this is controlled by calling the various "load" -functions, eg. - - /* Make the "dynamic" ENGINE available */ - void ENGINE_load_dynamic(void); - /* Make the CryptoSwift hardware acceleration support available */ - void ENGINE_load_cswift(void); - /* Make support for nCipher's "CHIL" hardware available */ - void ENGINE_load_chil(void); - ... - /* Make ALL ENGINE implementations bundled with OpenSSL available */ - void ENGINE_load_builtin_engines(void); +functions. Having called any of these functions, ENGINE objects would have been dynamically allocated and populated with these implementations and linked @@ -567,6 +549,11 @@ extension). =head1 SEE ALSO -L, L, L, L +L, L, L, L, L + +=head1 HISTORY + +ENGINE_load_openssl(), ENGINE_load_dynamic(), and ENGINE_load_cryptodev() +were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). =cut diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 4f512e6db0..5fafbc5490 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -188,4 +188,9 @@ L, L, L +=head1 HISTORY + +The ERR_load_crypto_strings() function was deprecated in OpenSSL 1.1.0 by +OPENSSL_init_crypto(). + =cut diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod index 58ce83de8c..09870b4432 100644 --- a/doc/crypto/evp.pod +++ b/doc/crypto/evp.pod @@ -61,8 +61,6 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD implementation. However, new applications should not typically use this (preferring, for example, PBKDF2 from PCKS#5). -Algorithms are loaded with L. - All the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms) can be replaced by L modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered @@ -97,7 +95,6 @@ L, L, L, L, -L, L =cut diff --git a/doc/ssl/OPENSSL_INIT_ssl_library_start.pod b/doc/ssl/OPENSSL_INIT_ssl_library_start.pod deleted file mode 100644 index c0f598df30..0000000000 --- a/doc/ssl/OPENSSL_INIT_ssl_library_start.pod +++ /dev/null @@ -1,80 +0,0 @@ -=pod - -=head1 NAME - -OPENSSL_INIT_ssl_library_start - OpenSSL (libssl and libcrypto) initialisation - -=head1 SYNOPSIS - - #include - - void OPENSSL_INIT_ssl_library_start(uint64_t opts, - const OPENSSL_INIT_SETTINGS *settings); - -=head1 DESCRIPTION - -During normal operation OpenSSL (libssl and libcrypto) will allocate various -resources at start up that must, subsequently, be freed on close down of the -library. Additionally some resources are allocated on a per thread basis (if the -application is multi-threaded), and these resources must be freed prior to the -thread closing. - -As of version 1.1.0 OpenSSL will automatically allocate all resources that it -needs so no explicit initialisation is required. Similarly it will also -automatically deinitialise as required. - -However, there way be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The -function OPENSSL_INIT_ssl_library_start() can be used for this purpose. Calling -this function will explicitly initialise BOTH libcrypto and libssl. To -explicitly initialise ONLY libcrypto see the -L function. - -Numerous internal OpenSSL functions call OPENSSL_INIT_ssl_library_start(). -Therefore, in order to perform non-default initialisation, -OPENSSL_INIT_ssl_library_start() MUST be called by application code prior to -any other OpenSSL function calls. - -The B parameter specifies which aspects of libssl and libcrypto should be -initialised. Valid options for libcrypto are described on the -L page. In addition to any libcrypto -specific option the following libssl options can also be used: - -=over 4 - -=item OPENSSL_INIT_NO_LOAD_SSL_STRINGS - -Suppress automatic loading of the libssl error strings. With this option the -library will not automatically call ERR_load_SSL_strings(). This option is -not a default option. Once selected subsequent calls to -OPENSSL_INIT_ssl_library_start() with the option -B will be ignored. Applications may call -ERR_load_SSL_strings() directly if they wish even if this option has been -selected. If they do so then they must also explicitly call ERR_free_strings() -on application close down. - -=item OPENSSL_INIT_LOAD_SSL_STRINGS - -Automatic loading of the libssl error strings. With this option the -library will automatically call ERR_load_SSL_strings(). This option is a -default option. Once selected subsequent calls to -OPENSSL_INIT_ssl_library_start() with the option -B will be ignored. - -=back - -The B parameter specifies optional settings values to an option. -Currently no such settings are available for libssl specific options. However -these settings will also be passed internally to a call to -L, so this parameter can also be used to -provide libcrypto settings values. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The OPENSSL_INIT_ssl_library_start function was added in OpenSSL 1.1.0. - -=cut diff --git a/doc/ssl/OPENSSL_init_ssl.pod b/doc/ssl/OPENSSL_init_ssl.pod new file mode 100644 index 0000000000..d9246a53c1 --- /dev/null +++ b/doc/ssl/OPENSSL_init_ssl.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation + +=head1 SYNOPSIS + + #include + + void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +=head1 DESCRIPTION + +During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. + +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. + +However, there way be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function OPENSSL_init_ssl() can be used for this purpose. Calling +this function will explicitly initialise BOTH libcrypto and libssl. To +explicitly initialise ONLY libcrypto see the +L function. + +Numerous internal OpenSSL functions call OPENSSL_init_ssl(). +Therefore, in order to perform non-default initialisation, +OPENSSL_init_ssl() MUST be called by application code prior to +any other OpenSSL function calls. + +The B parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +L page. In addition to any libcrypto +specific option the following libssl options can also be used: + +=over 4 + +=item OPENSSL_INIT_NO_LOAD_SSL_STRINGS + +Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +OPENSSL_init_ssl() with the option +B will be ignored. + +=item OPENSSL_INIT_LOAD_SSL_STRINGS + +Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +OPENSSL_init_ssl() with the option +B will be ignored. + +=back + +The B parameter specifies optional settings values to an option. +Currently no such settings are available for libssl specific options. However +these settings will also be passed internally to a call to +L, so this parameter can also be used to +provide libcrypto settings values. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0. + +=cut diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod index d96d3f0613..c872858ca3 100644 --- a/doc/ssl/SSL_library_init.pod +++ b/doc/ssl/SSL_library_init.pod @@ -28,14 +28,6 @@ SSL_library_init() is not reentrant. SSL_library_init() adds ciphers and digests used directly and indirectly by SSL/TLS. -=head1 EXAMPLES - -A typical TLS/SSL application will start with the library initialization, -and provide readable error messages. - - SSL_load_error_strings(); /* readable error messages */ - SSL_library_init(); /* initialize library */ - =head1 RETURN VALUES SSL_library_init() always returns "1", so it is safe to discard the return @@ -43,7 +35,12 @@ value. =head1 SEE ALSO -L, L, +L, L +=head1 HISTORY + +The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were +deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl(). + =cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 597b88e5f7..e350c3e14f 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -13,9 +13,6 @@ The OpenSSL B library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API which is documented here. -At first the library must be initialized; see -L. - Then an B object is created as a framework to establish TLS/SSL enabled connections (see L). Various options regarding certificates, algorithms etc. can be set @@ -560,8 +557,6 @@ fresh handle for each connection. =item STACK *B(char *file); -=item void B(void); - =item SSL *B(SSL_CTX *ctx); =item void SSL_up_ref(SSL *s); @@ -742,7 +737,6 @@ L, L, L, L, -L, L, L, L, diff --git a/include/internal/conf.h b/include/internal/conf.h new file mode 100644 index 0000000000..71b75ddc07 --- /dev/null +++ b/include/internal/conf.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_INTERNAL_CONF_H +# define INTERNAL_CONF_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +void openssl_config_internal(const char *config_name); +void openssl_no_config_internal(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 9144c6d17d..e16f97ca5e 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -137,9 +137,11 @@ int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); #endif int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); +#if OPENSSL_API_COMPAT < 0x10100000L void OPENSSL_config(const char *config_name); -#define OPENSSL_no_config() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif /* * New conf code. The semantics are different from the functions above. If diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index a5501c98fb..16b7fbdfaa 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -597,11 +597,10 @@ typedef struct ossl_init_settings_st { typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; /* Library initialisation functions */ -void OPENSSL_INIT_library_stop(void); -void OPENSSL_INIT_crypto_library_start(uint64_t opts, - const OPENSSL_INIT_SETTINGS *settings); -int OPENSSL_INIT_register_stop_handler(void (*handler)(void)); -void OPENSSL_INIT_thread_stop(void); +void OPENSSL_cleanup(void); +void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); /* BEGIN ERROR CODES */ /* diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 070814744d..c1dd45b020 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -385,23 +385,25 @@ int ENGINE_add(ENGINE *e); int ENGINE_remove(ENGINE *e); /* Retrieve an engine from the list by its unique "id" value. */ ENGINE *ENGINE_by_id(const char *id); -/* Add all the built-in engines. */ -#define ENGINE_load_openssl() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_OPENSSL, NULL) -#define ENGINE_load_dynamic() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) # ifndef OPENSSL_NO_STATIC_ENGINE -# define ENGINE_load_padlock() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_PADLOCK, NULL) -#define ENGINE_load_capi() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_CAPI, NULL) -#define ENGINE_load_dasync() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_DASYNC, NULL) +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_dasync() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DASYNC, NULL) # endif -#define ENGINE_load_cryptodev() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) -#define ENGINE_load_rdrand() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_RDRAND, NULL) +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif void ENGINE_load_builtin_engines(void); /* diff --git a/include/openssl/err.h b/include/openssl/err.h index f8742a4681..147d4da726 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -355,8 +355,10 @@ void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); -#define ERR_load_crypto_strings() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +#endif void ERR_free_strings(void); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index e3c75e9d30..d71429e1d5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -870,29 +870,31 @@ const EVP_CIPHER *EVP_seed_cfb128(void); const EVP_CIPHER *EVP_seed_ofb(void); # endif -# define OPENSSL_add_all_algorithms_conf() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS \ - | OPENSSL_INIT_LOAD_CONFIG, NULL) -# define OPENSSL_add_all_algorithms_noconf() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) - -# ifdef OPENSSL_LOAD_CONF -# define OpenSSL_add_all_algorithms() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS \ - | OPENSSL_INIT_LOAD_CONFIG, NULL) -# else -# define OpenSSL_add_all_algorithms() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) -# endif +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# else +# define OpenSSL_add_all_algorithms() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +# endif -# define OpenSSL_add_all_ciphers() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) -# define OpenSSL_add_all_digests() \ - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +# endif int EVP_add_cipher(const EVP_CIPHER *cipher); int EVP_add_digest(const EVP_MD *digest); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 51e5f991bc..d65ee9f708 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1443,9 +1443,11 @@ __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -#define SSL_load_error_strings() \ - OPENSSL_INIT_ssl_library_start(OPENSSL_INIT_LOAD_SSL_STRINGS \ - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +#if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +#endif __owur const char *SSL_state_string(const SSL *s); __owur const char *SSL_rstate_string(const SSL *s); @@ -1676,7 +1678,9 @@ void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); -#define SSL_library_init() OPENSSL_INIT_ssl_library_start(0, NULL) +#if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +#endif __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); __owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); @@ -1936,8 +1940,7 @@ __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); #define OPENSSL_INIT_SSL_DEFAULT \ (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) -void OPENSSL_INIT_ssl_library_start(uint64_t opts, - const OPENSSL_INIT_SETTINGS *settings); +void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); # ifndef OPENSSL_NO_UNIT_TEST __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 112def1f43..67e431941a 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -234,7 +234,7 @@ static void ossl_init_ssl_base(void) * We ignore an error return here. Not much we can do - but not that bad * either. We can still safely continue. */ - OPENSSL_INIT_register_stop_handler(ssl_library_stop); + OPENSSL_atexit(ssl_library_stop); ssl_base_inited = 1; } @@ -299,14 +299,13 @@ static void ssl_library_stop(void) * called prior to any threads making calls to any OpenSSL functions, * i.e. passing a non-null settings value is assumed to be single-threaded. */ -void OPENSSL_INIT_ssl_library_start(uint64_t opts, - const OPENSSL_INIT_SETTINGS *settings) +void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { /* XXX TODO WARNING To be updated to return a value not assert. */ assert(!stopped); - OPENSSL_INIT_crypto_library_start(opts | OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS, settings); + OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS, settings); ossl_init_once_run(&ssl_base, ossl_init_ssl_base); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 127399dd70..e4b5d9f05e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2270,7 +2270,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } - OPENSSL_INIT_ssl_library_start(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); if (FIPS_mode() && (meth->version < TLS1_VERSION)) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); diff --git a/test/p5_crpt2_test.c b/test/p5_crpt2_test.c index 2c136b6488..da45f70f7c 100644 --- a/test/p5_crpt2_test.c +++ b/test/p5_crpt2_test.c @@ -183,7 +183,7 @@ int main(int argc, char **argv) CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); printf("PKCS5_PBKDF2_HMAC() tests "); for (i = 0; test->pass != NULL; i++, test++) { diff --git a/util/libeay.num b/util/libeay.num index 6ff18adafb..f4703042d6 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4725,7 +4725,7 @@ PKCS8_get_attr 5206 1_1_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get0_attr 5207 1_1_0 EXIST::FUNCTION: PKCS12_get0_mac 5208 1_1_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get0_pkcs8 5209 1_1_0 EXIST::FUNCTION: -OPENSSL_INIT_library_stop 5210 1_1_0 EXIST::FUNCTION: -OPENSSL_INIT_register_stop_handler 5211 1_1_0 EXIST::FUNCTION: -OPENSSL_INIT_crypto_library_start 5212 1_1_0 EXIST::FUNCTION: -OPENSSL_INIT_thread_stop 5213 1_1_0 EXIST::FUNCTION: +OPENSSL_cleanup 5210 1_1_0 EXIST::FUNCTION: +OPENSSL_atexit 5211 1_1_0 EXIST::FUNCTION: +OPENSSL_init_crypto 5212 1_1_0 EXIST::FUNCTION: +OPENSSL_thread_stop 5213 1_1_0 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 6e339f6214..45583f7834 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -416,4 +416,4 @@ SSL_up_ref 471 1_1_0 EXIST::FUNCTION: SSL_CTX_up_ref 472 1_1_0 EXIST::FUNCTION: DTLSv1_listen 473 1_1_0 EXIST::FUNCTION: SSL_get0_verified_chain 474 1_1_0 EXIST::FUNCTION: -OPENSSL_INIT_ssl_library_start 475 1_1_0 EXIST::FUNCTION: +OPENSSL_init_ssl 475 1_1_0 EXIST::FUNCTION: