diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/s_client.pod | 8 | ||||
-rw-r--r-- | doc/apps/s_server.pod | 8 | ||||
-rw-r--r-- | doc/apps/speed.pod | 12 | ||||
-rw-r--r-- | doc/crypto/DH_set_method.pod | 59 | ||||
-rw-r--r-- | doc/crypto/DSA_set_method.pod | 51 | ||||
-rw-r--r-- | doc/crypto/RSA_set_method.pod | 58 | ||||
-rw-r--r-- | doc/crypto/dh.pod | 9 | ||||
-rw-r--r-- | doc/crypto/dsa.pod | 9 | ||||
-rw-r--r-- | doc/crypto/rsa.pod | 9 |
9 files changed, 146 insertions, 77 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 2f80375319..9df1c07fb7 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -32,6 +32,7 @@ B<openssl> B<s_client> [B<-no_tls1>] [B<-bugs>] [B<-cipher cipherlist>] +[B<-engine id>] =head1 DESCRIPTION @@ -156,6 +157,13 @@ the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the B<ciphers> command for more information. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<s_client> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 403c1aa903..fcb52226dd 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -39,6 +39,7 @@ B<openssl> B<s_server> [B<-hack>] [B<-www>] [B<-WWW>] +[B<-engine id>] =head1 DESCRIPTION @@ -186,6 +187,13 @@ emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<s_server> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod index 77560f1c3d..8101851ec6 100644 --- a/doc/apps/speed.pod +++ b/doc/apps/speed.pod @@ -7,6 +7,7 @@ speed - test library performance =head1 SYNOPSIS B<openssl speed> +[B<-engine id>] [B<md2>] [B<mdc2>] [B<md5>] @@ -39,6 +40,17 @@ This command is used to test the performance of cryptographic algorithms. =head1 OPTIONS +=over 4 + +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<speed> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=item B<[zero or more test algorithms]> + If any options are given, B<speed> tests those algorithms, otherwise all of the above are tested. diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod index b9a61d542b..d990bf8786 100644 --- a/doc/crypto/DH_set_method.pod +++ b/doc/crypto/DH_set_method.pod @@ -2,20 +2,21 @@ =head1 NAME -DH_set_default_method, DH_get_default_method, DH_set_method, -DH_new_method, DH_OpenSSL - select DH method +DH_set_default_openssl_method, DH_get_default_openssl_method, +DH_set_method, DH_new_method, DH_OpenSSL - select DH method =head1 SYNOPSIS #include <openssl/dh.h> + #include <openssl/engine.h> - void DH_set_default_method(DH_METHOD *meth); + void DH_set_default_openssl_method(DH_METHOD *meth); - DH_METHOD *DH_get_default_method(void); + DH_METHOD *DH_get_default_openssl_method(void); - DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); + int DH_set_method(DH *dh, ENGINE *engine); - DH *DH_new_method(DH_METHOD *meth); + DH *DH_new_method(ENGINE *engine); DH_METHOD *DH_OpenSSL(void); @@ -28,17 +29,26 @@ such as hardware accelerators may be used. Initially, the default is to use the OpenSSL internal implementation. DH_OpenSSL() returns a pointer to that method. -DH_set_default_method() makes B<meth> the default method for all B<DH> -structures created later. +DH_set_default_openssl_method() makes B<meth> the default method for all DH +structures created later. B<NB:> This is true only whilst the default engine +for Diffie-Hellman operations remains as "openssl". ENGINEs provide an +encapsulation for implementations of one or more algorithms, and all the DH +functions mentioned here operate within the scope of the default +"openssl" engine. -DH_get_default_method() returns a pointer to the current default -method. +DH_get_default_openssl_method() returns a pointer to the current default +method for the "openssl" engine. -DH_set_method() selects B<meth> for all operations using the structure B<dh>. +DH_set_method() selects B<engine> as the engine that will be responsible for +all operations using the structure B<dh>. If this function completes successfully, +then the B<dh> structure will have its own functional reference of B<engine>, so +the caller should remember to free their own reference to B<engine> when they are +finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by +ENGINE_get_DH() or ENGINE_set_DH(). -DH_new_method() allocates and initializes a B<DH> structure so that -B<method> will be used for the DH operations. If B<method> is B<NULL>, -the default method is used. +DH_new_method() allocates and initializes a DH structure so that +B<engine> will be used for the DH operations. If B<engine> is NULL, +the default engine for Diffie-Hellman opertaions is used. =head1 THE DH_METHOD STRUCTURE @@ -72,17 +82,17 @@ the default method is used. =head1 RETURN VALUES -DH_OpenSSL() and DH_get_default_method() return pointers to the respective -B<DH_METHOD>s. +DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the +respective B<DH_METHOD>s. -DH_set_default_method() returns no value. +DH_set_default_openssl_method() returns no value. -DH_set_method() returns a pointer to the B<DH_METHOD> previously -associated with B<dh>. +DH_set_method() returns non-zero if the ENGINE associated with B<dh> +was successfully changed to B<engine>. -DH_new_method() returns B<NULL> and sets an error code that can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +DH_new_method() returns NULL and sets an error code that can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. +Otherwise it returns a pointer to the newly allocated structure. =head1 SEE ALSO @@ -93,4 +103,9 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)> DH_set_default_method(), DH_get_default_method(), DH_set_method(), DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. +DH_set_default_openssl_method() and DH_get_default_openssl_method() +replaced DH_set_default_method() and DH_get_default_method() respectively, +and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s +rather than B<DH_METHOD>s during development of OpenSSL 0.9.6. + =cut diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod index cabc3c004a..36a1052d27 100644 --- a/doc/crypto/DSA_set_method.pod +++ b/doc/crypto/DSA_set_method.pod @@ -2,20 +2,21 @@ =head1 NAME -DSA_set_default_method, DSA_get_default_method, DSA_set_method, -DSA_new_method, DSA_OpenSSL - select DSA method +DSA_set_default_openssl_method, DSA_get_default_openssl_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method =head1 SYNOPSIS #include <openssl/dsa.h> + #include <openssl/engine.h> - void DSA_set_default_method(DSA_METHOD *meth); + void DSA_set_default_openssl_method(DSA_METHOD *meth); - DSA_METHOD *DSA_get_default_method(void); + DSA_METHOD *DSA_get_default_openssl_method(void); - DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); + int DSA_set_method(DSA *dsa, ENGINE *engine); - DSA *DSA_new_method(DSA_METHOD *meth); + DSA *DSA_new_method(ENGINE *engine); DSA_METHOD *DSA_OpenSSL(void); @@ -28,17 +29,21 @@ such as hardware accelerators may be used. Initially, the default is to use the OpenSSL internal implementation. DSA_OpenSSL() returns a pointer to that method. -DSA_set_default_method() makes B<meth> the default method for all B<DSA> -structures created later. +DSA_set_default_openssl_method() makes B<meth> the default method for +all DSA structures created later. B<NB:> This is true only whilst the +default engine for DSA operations remains as "openssl". ENGINEs +provide an encapsulation for implementations of one or more algorithms at a +time, and all the DSA functions mentioned here operate within the scope +of the default "openssl" engine. -DSA_get_default_method() returns a pointer to the current default -method. +DSA_get_default_openssl_method() returns a pointer to the current default +method for the "openssl" engine. -DSA_set_method() selects B<meth> for all operations using the structure B<dsa>. +DSA_set_method() selects B<engine> for all operations using the structure B<dsa>. -DSA_new_method() allocates and initializes a B<DSA> structure so that -B<method> will be used for the DSA operations. If B<method> is B<NULL>, -the default method is used. +DSA_new_method() allocates and initializes a DSA structure so that +B<engine> will be used for the DSA operations. If B<engine> is NULL, +the default engine for DSA operations is used. =head1 THE DSA_METHOD STRUCTURE @@ -84,18 +89,17 @@ struct =head1 RETURN VALUES -DSA_OpenSSL() and DSA_get_default_method() return pointers to the +DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the respective B<DSA_METHOD>s. -DSA_set_default_method() returns no value. +DSA_set_default_openssl_method() returns no value. -DSA_set_method() returns a pointer to the B<DSA_METHOD> previously -associated with B<dsa>. +DSA_set_method() returns non-zero if the ENGINE associated with B<dsa> +was successfully changed to B<engine>. -DSA_new_method() returns B<NULL> and sets an error code that can be +DSA_new_method() returns NULL and sets an error code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation -fails. Otherwise it returns a pointer to the newly allocated -structure. +fails. Otherwise it returns a pointer to the newly allocated structure. =head1 SEE ALSO @@ -106,4 +110,9 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. +DSA_set_default_openssl_method() and DSA_get_default_openssl_method() +replaced DSA_set_default_method() and DSA_get_default_method() respectively, +and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s +rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6. + =cut diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index c1a5b39c84..bc0891a445 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -9,12 +9,13 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method =head1 SYNOPSIS #include <openssl/rsa.h> + #include <openssl/engine.h> - void RSA_set_default_method(RSA_METHOD *meth); + void RSA_set_default_openssl_method(RSA_METHOD *meth); - RSA_METHOD *RSA_get_default_method(void); + RSA_METHOD *RSA_get_default_openssl_method(void); - RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + int RSA_set_method(RSA *rsa, ENGINE *engine); RSA_METHOD *RSA_get_method(RSA *rsa); @@ -26,7 +27,7 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method int RSA_flags(RSA *rsa); - RSA *RSA_new_method(RSA_METHOD *method); + RSA *RSA_new_method(ENGINE *engine); =head1 DESCRIPTION @@ -46,23 +47,27 @@ the RSA transformation. It is the default if OpenSSL is compiled with C<-DRSA_NULL>. These methods may be useful in the USA because of a patent on the RSA cryptosystem. -RSA_set_default_method() makes B<meth> the default method for all B<RSA> -structures created later. +RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA> +structures created later. B<NB:> This is true only whilst the default engine +for RSA operations remains as "openssl". ENGINEs provide an +encapsulation for implementations of one or more algorithms at a time, and all +the RSA functions mentioned here operate within the scope of the default +"openssl" engine. -RSA_get_default_method() returns a pointer to the current default -method. +RSA_get_default_openssl_method() returns a pointer to the current default +method for the "openssl" engine. -RSA_set_method() selects B<meth> for all operations using the key +RSA_set_method() selects B<engine> for all operations using the key B<rsa>. -RSA_get_method() returns a pointer to the method currently selected -for B<rsa>. +RSA_get_method() returns a pointer to the RSA_METHOD from the currently +selected ENGINE for B<rsa>. RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. -RSA_new_method() allocates and initializes an B<RSA> structure so that -B<method> will be used for the RSA operations. If B<method> is B<NULL>, -the default method is used. +RSA_new_method() allocates and initializes an RSA structure so that +B<engine> will be used for the RSA operations. If B<engine> is NULL, +the default engine for RSA operations is used. =head1 THE RSA_METHOD STRUCTURE @@ -128,17 +133,21 @@ the default method is used. =head1 RETURN VALUES RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(), -RSA_get_default_method() and RSA_get_method() return pointers to the -respective B<RSA_METHOD>s. +RSA_get_default_openssl_method() and RSA_get_method() return pointers to +the respective RSA_METHODs. -RSA_set_default_method() returns no value. +RSA_set_default_openssl_method() returns no value. -RSA_set_method() returns a pointer to the B<RSA_METHOD> previously -associated with B<rsa>. +RSA_set_method() selects B<engine> as the engine that will be responsible for +all operations using the structure B<rsa>. If this function completes successfully, +then the B<rsa> structure will have its own functional reference of B<engine>, so +the caller should remember to free their own reference to B<engine> when they are +finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by +ENGINE_get_RSA() or ENGINE_set_RSA(). -RSA_new_method() returns B<NULL> and sets an error code that can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +RSA_new_method() returns NULL and sets an error code that can be +obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. =head1 SEE ALSO @@ -151,4 +160,9 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as well as the rsa_sign and rsa_verify components of RSA_METHOD were added in OpenSSL 0.9.4. +RSA_set_default_openssl_method() and RSA_get_default_openssl_method() +replaced RSA_set_default_method() and RSA_get_default_method() respectively, +and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s +rather than B<DH_METHOD>s during development of OpenSSL 0.9.6. + =cut diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod index 0a9b7c03a2..b4be4be405 100644 --- a/doc/crypto/dh.pod +++ b/doc/crypto/dh.pod @@ -7,6 +7,7 @@ dh - Diffie-Hellman key agreement =head1 SYNOPSIS #include <openssl/dh.h> + #include <openssl/engine.h> DH * DH_new(void); void DH_free(DH *dh); @@ -20,10 +21,10 @@ dh - Diffie-Hellman key agreement int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); - void DH_set_default_method(DH_METHOD *meth); - DH_METHOD *DH_get_default_method(void); - DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); - DH *DH_new_method(DH_METHOD *meth); + void DH_set_default_openssl_method(DH_METHOD *meth); + DH_METHOD *DH_get_default_openssl_method(void); + int DH_set_method(DH *dh, ENGINE *engine); + DH *DH_new_method(ENGINE *engine); DH_METHOD *DH_OpenSSL(void); int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod index 2c09244899..82d7fb77cd 100644 --- a/doc/crypto/dsa.pod +++ b/doc/crypto/dsa.pod @@ -7,6 +7,7 @@ dsa - Digital Signature Algorithm =head1 SYNOPSIS #include <openssl/dsa.h> + #include <openssl/engine.h> DSA * DSA_new(void); void DSA_free(DSA *dsa); @@ -28,10 +29,10 @@ dsa - Digital Signature Algorithm int DSA_verify(int dummy, const unsigned char *dgst, int len, unsigned char *sigbuf, int siglen, DSA *dsa); - void DSA_set_default_method(DSA_METHOD *meth); - DSA_METHOD *DSA_get_default_method(void); - DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); - DSA *DSA_new_method(DSA_METHOD *meth); + void DSA_set_default_openssl_method(DSA_METHOD *meth); + DSA_METHOD *DSA_get_default_openssl_method(void); + int DSA_set_method(DSA *dsa, ENGINE *engine); + DSA *DSA_new_method(ENGINE *engine); DSA_METHOD *DSA_OpenSSL(void); int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index 1633840d4c..ef0d4df205 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem =head1 SYNOPSIS #include <openssl/rsa.h> + #include <openssl/engine.h> RSA * RSA_new(void); void RSA_free(RSA *rsa); @@ -31,15 +32,15 @@ rsa - RSA public key cryptosystem int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); - void RSA_set_default_method(RSA_METHOD *meth); - RSA_METHOD *RSA_get_default_method(void); - RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + void RSA_set_default_openssl_method(RSA_METHOD *meth); + RSA_METHOD *RSA_get_default_openssl_method(void); + int RSA_set_method(RSA *rsa, ENGINE *engine); RSA_METHOD *RSA_get_method(RSA *rsa); RSA_METHOD *RSA_PKCS1_SSLeay(void); RSA_METHOD *RSA_PKCS1_RSAref(void); RSA_METHOD *RSA_null_method(void); int RSA_flags(RSA *rsa); - RSA *RSA_new_method(RSA_METHOD *method); + RSA *RSA_new_method(ENGINE *engine); int RSA_print(BIO *bp, RSA *x, int offset); int RSA_print_fp(FILE *fp, RSA *x, int offset); |