Update the relevant parts of the docs with the ENGINE changes. I've also

unbolded a few bits that looked unecessary.
2000-05-30 13:52:45 +00:00 · 2000-05-30 13:52:45 +00:00 · 50008364a6
commit 50008364a6
parent 6a1129837a
9 changed files with 146 additions and 77 deletions
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@ -32,6 +32,7 @@ B<openssl> B<s_client>
 [B<-no_tls1>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
+[B<-engine id>]

 =head1 DESCRIPTION

@ -156,6 +157,13 @@ the server determines which cipher suite is used it should take the first
 supported cipher in the list sent by the client. See the B<ciphers>
 command for more information.

+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =back

 =head1 CONNECTED COMMANDS
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@ -39,6 +39,7 @@ B<openssl> B<s_client>
 [B<-hack>]
 [B<-www>]
 [B<-WWW>]
+[B<-engine id>]

 =head1 DESCRIPTION

@ -186,6 +187,13 @@ emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded.

+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =back

 =head1 CONNECTED COMMANDS
--- a/doc/apps/speed.pod
+++ b/doc/apps/speed.pod
@ -7,6 +7,7 @@ speed - test library performance
 =head1 SYNOPSIS

 B<openssl speed>
+[B<-engine id>]
 [B<md2>]
 [B<mdc2>]
 [B<md5>]
@ -39,6 +40,17 @@ This command is used to test the performance of cryptographic algorithms.

 =head1 OPTIONS

+=over 4
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<[zero or more test algorithms]>
+
 If any options are given, B<speed> tests those algorithms, otherwise all of
 the above are tested.

--- a/doc/crypto/DH_set_method.pod
+++ b/doc/crypto/DH_set_method.pod
@ -2,20 +2,21 @@

 =head1 NAME

-DH_set_default_method, DH_get_default_method, DH_set_method,
-DH_new_method, DH_OpenSSL - select DH method
+DH_set_default_openssl_method, DH_get_default_openssl_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method

 =head1 SYNOPSIS

 #include <openssl/dh.h>
+ #include <openssl/engine.h>

- void DH_set_default_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);

- DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_get_default_openssl_method(void);

- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ int DH_set_method(DH *dh, ENGINE *engine);

- DH *DH_new_method(DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);

 DH_METHOD *DH_OpenSSL(void);

@ -28,17 +29,26 @@ such as hardware accelerators may be used.
 Initially, the default is to use the OpenSSL internal implementation.
 DH_OpenSSL() returns a pointer to that method.

-DH_set_default_method() makes B<meth> the default method for all B<DH>
-structures created later.
+DH_set_default_openssl_method() makes B<meth> the default method for all DH
+structures created later. B<NB:> This is true only whilst the default engine
+for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms, and all the DH
+functions mentioned here operate within the scope of the default
+"openssl" engine.

-DH_get_default_method() returns a pointer to the current default
-method.
+DH_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.

-DH_set_method() selects B<meth> for all operations using the structure B<dh>.
+DH_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<dh>. If this function completes successfully,
+then the B<dh> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
+ENGINE_get_DH() or ENGINE_set_DH().

-DH_new_method() allocates and initializes a B<DH> structure so that
-B<method> will be used for the DH operations. If B<method> is B<NULL>,
-the default method is used.
+DH_new_method() allocates and initializes a DH structure so that
+B<engine> will be used for the DH operations. If B<engine> is NULL,
+the default engine for Diffie-Hellman opertaions is used.

 =head1 THE DH_METHOD STRUCTURE

@ -73,16 +83,16 @@ the default method is used.
 =head1 RETURN VALUES

 DH_OpenSSL() and DH_get_default_method() return pointers to the respective
-B<DH_METHOD>s.
+DH_METHODs.

-DH_set_default_method() returns no value.
+DH_set_default_openssl_method() returns no value.

-DH_set_method() returns a pointer to the B<DH_METHOD> previously
-associated with B<dh>.
+DH_set_method() returns non-zero if the ENGINE associated with B<dh>
+was successfully changed to B<engine>.

-DH_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+DH_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
+Otherwise it returns a pointer to the newly allocated structure.

 =head1 SEE ALSO

@ -93,4 +103,9 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.

+DH_set_default_openssl_method() and DH_get_default_openssl_method()
+replaced DH_set_default_method() and DH_get_default_method() respectively,
+and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut
--- a/doc/crypto/DSA_set_method.pod
+++ b/doc/crypto/DSA_set_method.pod
@ -2,20 +2,21 @@

 =head1 NAME

-DSA_set_default_method, DSA_get_default_method, DSA_set_method,
-DSA_new_method, DSA_OpenSSL - select DSA method
+DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method

 =head1 SYNOPSIS

 #include <openssl/dsa.h>
+ #include <openssl/engine.h>

- void DSA_set_default_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);

- DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_get_default_openssl_method(void);

- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);

- DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);

 DSA_METHOD *DSA_OpenSSL(void);

@ -28,17 +29,21 @@ such as hardware accelerators may be used.
 Initially, the default is to use the OpenSSL internal implementation.
 DSA_OpenSSL() returns a pointer to that method.

-DSA_set_default_method() makes B<meth> the default method for all B<DSA>
-structures created later.
+DSA_set_default_openssl_method() makes B<meth> the default method for
+all DSA structures created later. B<NB:> This is true only whilst the
+default engine for DSA operations remains as "openssl". ENGINEs
+provide an encapsulation for implementations of one or more algorithms at a
+time, and all the DSA functions mentioned here operate within the scope
+of the default "openssl" engine.

-DSA_get_default_method() returns a pointer to the current default
-method.
+DSA_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.

-DSA_set_method() selects B<meth> for all operations using the structure B<dsa>.
+DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.

-DSA_new_method() allocates and initializes a B<DSA> structure so that
-B<method> will be used for the DSA operations. If B<method> is B<NULL>,
-the default method is used.
+DSA_new_method() allocates and initializes a DSA structure so that
+B<engine> will be used for the DSA operations. If B<engine> is NULL,
+the default engine for DSA operations is used.

 =head1 THE DSA_METHOD STRUCTURE

@ -84,18 +89,17 @@ struct

 =head1 RETURN VALUES

-DSA_OpenSSL() and DSA_get_default_method() return pointers to the
-respective B<DSA_METHOD>s.
+DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
+respective DSA_METHODs.

-DSA_set_default_method() returns no value.
+DSA_set_default_openssl_method() returns no value.

-DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
-associated with B<dsa>.
+DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
+was successfully changed to B<engine>.

-DSA_new_method() returns B<NULL> and sets an error code that can be
+DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated
-structure.
+fails. Otherwise it returns a pointer to the newly allocated structure.

 =head1 SEE ALSO

@ -106,4 +110,9 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.

+DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
+replaced DSA_set_default_method() and DSA_get_default_method() respectively,
+and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
+rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
@ -9,12 +9,13 @@ RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
 =head1 SYNOPSIS

 #include <openssl/rsa.h>
+ #include <openssl/engine.h>

- void RSA_set_default_method(RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);

- RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_get_default_openssl_method(void);

- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ RSA_METHOD *RSA_set_method(RSA *rsa, ENGINE *engine);

 RSA_METHOD *RSA_get_method(RSA *rsa);

@ -26,7 +27,7 @@ RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method

 int RSA_flags(RSA *rsa);

- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);

 =head1 DESCRIPTION

@ -46,23 +47,27 @@ the RSA transformation. It is the default if OpenSSL is compiled with
 C<-DRSA_NULL>. These methods may be useful in the USA because of a
 patent on the RSA cryptosystem.

-RSA_set_default_method() makes B<meth> the default method for all B<RSA>
-structures created later.
+RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
+structures created later. B<NB:> This is true only whilst the default engine
+for RSA operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms at a time, and all
+the RSA functions mentioned here operate within the scope of the default
+"openssl" engine.

-RSA_get_default_method() returns a pointer to the current default
-method.
+RSA_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.

-RSA_set_method() selects B<meth> for all operations using the key
+RSA_set_method() selects B<engine> for all operations using the key
 B<rsa>.

-RSA_get_method() returns a pointer to the method currently selected
-for B<rsa>.
+RSA_get_method() returns a pointer to the RSA_METHOD from the currently
+selected ENGINE for B<rsa>.

 RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.

-RSA_new_method() allocates and initializes an B<RSA> structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
-the default method is used.
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL,
+the default engine for RSA operations is used.

 =head1 THE RSA_METHOD STRUCTURE

@ -128,17 +133,21 @@ the default method is used.
 =head1 RETURN VALUES

 RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
-RSA_get_default_method() and RSA_get_method() return pointers to the
-respective B<RSA_METHOD>s.
+RSA_get_default_openssl_method() and RSA_get_method() return pointers to
+the respective RSA_METHODs.

-RSA_set_default_method() returns no value.
+RSA_set_default_openssl_method() returns no value.

-RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
-associated with B<rsa>.
+RSA_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<rsa>. If this function completes successfully,
+then the B<rsa> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
+ENGINE_get_RSA() or ENGINE_set_RSA().

-RSA_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+RSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.

 =head1 SEE ALSO

@ -151,4 +160,9 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
 well as the rsa_sign and rsa_verify components of RSA_METHOD were
 added in OpenSSL 0.9.4.

+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method() respectively,
+and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut
--- a/doc/crypto/dh.pod
+++ b/doc/crypto/dh.pod
@ -7,6 +7,7 @@ dh - Diffie-Hellman key agreement
 =head1 SYNOPSIS

 #include <openssl/dh.h>
+ #include <openssl/engine.h>

 DH *	DH_new(void);
 void	DH_free(DH *dh);
@ -20,10 +21,10 @@ dh - Diffie-Hellman key agreement
 int	DH_generate_key(DH *dh);
 int	DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);

- void DH_set_default_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
- DH *DH_new_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
+ DH_METHOD *DH_get_default_openssl_method(void);
+ int DH_set_method(DH *dh, ENGINE *engine);
+ DH *DH_new_method(ENGINE *engine);
 DH_METHOD *DH_OpenSSL(void);

 int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
--- a/doc/crypto/dsa.pod
+++ b/doc/crypto/dsa.pod
@ -7,6 +7,7 @@ dsa - Digital Signature Algorithm
 =head1 SYNOPSIS

 #include <openssl/dsa.h>
+ #include <openssl/engine.h>

 DSA *	DSA_new(void);
 void	DSA_free(DSA *dsa);
@ -28,10 +29,10 @@ dsa - Digital Signature Algorithm
 int	DSA_verify(int dummy, const unsigned char *dgst, int len,
 		unsigned char *sigbuf, int siglen, DSA *dsa);

- void DSA_set_default_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
- DSA *DSA_new_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
+ DSA *DSA_new_method(ENGINE *engine);
 DSA_METHOD *DSA_OpenSSL(void);

 int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
--- a/doc/crypto/rsa.pod
+++ b/doc/crypto/rsa.pod
@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem
 =head1 SYNOPSIS

 #include <openssl/rsa.h>
+ #include <openssl/engine.h>

 RSA * RSA_new(void);
 void RSA_free(RSA *rsa);
@ -31,15 +32,15 @@ rsa - RSA public key cryptosystem
 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
 void RSA_blinding_off(RSA *rsa);

- void RSA_set_default_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
+ int RSA_set_method(RSA *rsa, ENGINE *engine);
 RSA_METHOD *RSA_get_method(RSA *rsa);
 RSA_METHOD *RSA_PKCS1_SSLeay(void);
 RSA_METHOD *RSA_PKCS1_RSAref(void);
 RSA_METHOD *RSA_null_method(void);
 int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);

 int RSA_print(BIO *bp, RSA *x, int offset);
 int RSA_print_fp(FILE *fp, RSA *x, int offset);