From: Milan Broz Date: Thu, 4 Sep 2025 10:19:40 +0000 (+0200) Subject: Remove openssl engine command X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4bd0612a2a4ddfe4e56ea67f25392c41a34c69ee;p=thirdparty%2Fopenssl.git Remove openssl engine command This patch removes apps/engine.c and associated man pages. Resolves: https://github.com/openssl/project/issues/1370 Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický Reviewed-by: Eugene Syromiatnikov Reviewed-by: Neil Horman Reviewed-by: Norbert Pocs (Merged from https://github.com/openssl/openssl/pull/29305) --- diff --git a/apps/build.info b/apps/build.info index 345f7079584..976a24d71be 100644 --- a/apps/build.info +++ b/apps/build.info @@ -37,9 +37,6 @@ ENDIF IF[{- !$disabled{'dsa'} -}] $OPENSSLSRC=$OPENSSLSRC dsa.c dsaparam.c gendsa.c ENDIF -IF[{- !$disabled{'engine'} -}] -$OPENSSLSRC=$OPENSSLSRC engine.c -ENDIF IF[{- !$disabled{'rsa'} -}] $OPENSSLSRC=$OPENSSLSRC rsa.c genrsa.c ENDIF diff --git a/apps/engine.c b/apps/engine.c deleted file mode 100644 index 90e3e8be3fc..00000000000 --- a/apps/engine.c +++ /dev/null @@ -1,501 +0,0 @@ -/* - * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST, - OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV -} OPTION_CHOICE; - -const OPTIONS engine_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"t", OPT_T, '-', "Check that specified engine is available"}, - {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"}, - {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"}, - - OPT_SECTION("Output"), - {"v", OPT_V, '-', "List 'control commands' For each specified engine"}, - {"vv", OPT_VV, '-', "Also display each command's description"}, - {"vvv", OPT_VVV, '-', "Also add the input flags for each command"}, - {"vvvv", OPT_VVVV, '-', "Also show internal input flags"}, - {"c", OPT_C, '-', "List the capabilities of specified engine"}, - {"tt", OPT_TT, '-', "Display error trace for unavailable engines"}, - {OPT_MORE_STR, OPT_EOF, 1, - "Commands are like \"SO_PATH:/lib/libdriver.so\""}, - - OPT_PARAMETERS(), - {"engine", 0, 0, "ID of engine(s) to load"}, - {NULL} -}; - -static int append_buf(char **buf, int *size, const char *s) -{ - const int expand = 256; - int len = (int)(strlen(s) + 1); - char *p = *buf; - - if (p == NULL) { - *size = ((len + expand - 1) / expand) * expand; - p = *buf = app_malloc(*size, "engine buffer"); - } else { - const int blen = (int)strlen(p); - - if (blen > 0) - len += 2 + blen; - - if (len > *size) { - *size = ((len + expand - 1) / expand) * expand; - p = OPENSSL_realloc(p, *size); - if (p == NULL) { - OPENSSL_free(*buf); - *buf = NULL; - return 0; - } - *buf = p; - } - - if (blen > 0) { - p += blen; - *p++ = ','; - *p++ = ' '; - } - } - - strcpy(p, s); - return 1; -} - -static int util_flags(BIO *out, unsigned int flags, const char *indent) -{ - int started = 0, err = 0; - /* Indent before displaying input flags */ - BIO_printf(out, "%s%s(input flags): ", indent, indent); - if (flags == 0) { - BIO_printf(out, "\n"); - return 1; - } - /* - * If the object is internal, mark it in a way that shows instead of - * having it part of all the other flags, even if it really is. - */ - if (flags & ENGINE_CMD_FLAG_INTERNAL) { - BIO_printf(out, "[Internal] "); - } - - if (flags & ENGINE_CMD_FLAG_NUMERIC) { - BIO_printf(out, "NUMERIC"); - started = 1; - } - /* - * Now we check that no combinations of the mutually exclusive NUMERIC, - * STRING, and NO_INPUT flags have been used. Future flags that can be - * OR'd together with these would need to added after these to preserve - * the testing logic. - */ - if (flags & ENGINE_CMD_FLAG_STRING) { - if (started) { - BIO_printf(out, "|"); - err = 1; - } - BIO_printf(out, "STRING"); - started = 1; - } - if (flags & ENGINE_CMD_FLAG_NO_INPUT) { - if (started) { - BIO_printf(out, "|"); - err = 1; - } - BIO_printf(out, "NO_INPUT"); - started = 1; - } - /* Check for unknown flags */ - flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & - ~ENGINE_CMD_FLAG_STRING & - ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; - if (flags) { - if (started) - BIO_printf(out, "|"); - BIO_printf(out, "<0x%04X>", flags); - } - if (err) - BIO_printf(out, " "); - BIO_printf(out, "\n"); - return 1; -} - -static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) -{ - static const int line_wrap = 78; - int num; - int ret = 0; - char *name = NULL; - char *desc = NULL; - int flags; - int xpos = 0; - STACK_OF(OPENSSL_STRING) *cmds = NULL; - if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || - ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, - 0, NULL, NULL)) <= 0)) { - return 1; - } - - cmds = sk_OPENSSL_STRING_new_null(); - if (cmds == NULL) - goto err; - - do { - int len; - /* Get the command input flags */ - if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, - NULL, NULL)) < 0) - goto err; - if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { - /* Get the command name */ - if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, - NULL, NULL)) <= 0) - goto err; - name = app_malloc(len + 1, "name buffer"); - if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, - NULL) <= 0) - goto err; - /* Get the command description */ - if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, - NULL, NULL)) < 0) - goto err; - if (len > 0) { - desc = app_malloc(len + 1, "description buffer"); - if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, - NULL) <= 0) - goto err; - } - /* Now decide on the output */ - if (xpos == 0) - /* Do an indent */ - xpos = BIO_puts(out, indent); - else - /* Otherwise prepend a ", " */ - xpos += BIO_printf(out, ", "); - if (verbose == 1) { - /* - * We're just listing names, comma-delimited - */ - if ((xpos > (int)strlen(indent)) && - (xpos + (int)strlen(name) > line_wrap)) { - BIO_printf(out, "\n"); - xpos = BIO_puts(out, indent); - } - xpos += BIO_printf(out, "%s", name); - } else { - /* We're listing names plus descriptions */ - BIO_printf(out, "%s: %s\n", name, - (desc == NULL) ? "" : desc); - /* ... and sometimes input flags */ - if ((verbose >= 3) && !util_flags(out, flags, indent)) - goto err; - xpos = 0; - } - } - OPENSSL_free(name); - name = NULL; - OPENSSL_free(desc); - desc = NULL; - /* Move to the next command */ - num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); - } while (num > 0); - if (xpos > 0) - BIO_printf(out, "\n"); - ret = 1; - err: - sk_OPENSSL_STRING_free(cmds); - OPENSSL_free(name); - OPENSSL_free(desc); - return ret; -} - -static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, - BIO *out, const char *indent) -{ - int loop, res, num = sk_OPENSSL_STRING_num(cmds); - - if (num < 0) { - BIO_printf(out, "[Error]: internal stack error\n"); - return; - } - for (loop = 0; loop < num; loop++) { - char buf[256]; - const char *cmd, *arg; - cmd = sk_OPENSSL_STRING_value(cmds, loop); - res = 1; /* assume success */ - /* Check if this command has no ":arg" */ - if ((arg = strchr(cmd, ':')) == NULL) { - if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) - res = 0; - } else { - if ((int)(arg - cmd) > 254) { - BIO_printf(out, "[Error]: command name too long\n"); - return; - } - memcpy(buf, cmd, (int)(arg - cmd)); - buf[arg - cmd] = '\0'; - arg++; /* Move past the ":" */ - /* Call the command with the argument */ - if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) - res = 0; - } - if (res) { - BIO_printf(out, "[Success]: %s\n", cmd); - } else { - BIO_printf(out, "[Failure]: %s\n", cmd); - ERR_print_errors(out); - } - } -} - -struct util_store_cap_data { - ENGINE *engine; - char **cap_buf; - int *cap_size; - int ok; -}; -static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg) -{ - struct util_store_cap_data *ctx = arg; - - if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) { - char buf[256]; - BIO_snprintf(buf, sizeof(buf), "STORE(%s)", - OSSL_STORE_LOADER_get0_scheme(loader)); - if (!append_buf(ctx->cap_buf, ctx->cap_size, buf)) - ctx->ok = 0; - } -} - -int engine_main(int argc, char **argv) -{ - int ret = 1, i; - int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0; - ENGINE *e; - STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null(); - STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); - STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); - BIO *out; - const char *indent = " "; - OPTION_CHOICE o; - char *prog; - char *argv1; - - out = dup_bio_out(FORMAT_TEXT); - if (engines == NULL || pre_cmds == NULL || post_cmds == NULL) - goto end; - - /* Remember the original command name, parse/skip any leading engine - * names, and then setup to parse the rest of the line as flags. */ - prog = argv[0]; - while ((argv1 = argv[1]) != NULL && *argv1 != '-') { - if (!sk_OPENSSL_CSTRING_push(engines, argv1)) - goto end; - argc--; - argv++; - } - argv[0] = prog; - opt_init(argc, argv, engine_options); - - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(engine_options); - ret = 0; - goto end; - case OPT_VVVV: - case OPT_VVV: - case OPT_VV: - case OPT_V: - /* Convert to an integer from one to four. */ - i = (int)(o - OPT_V) + 1; - if (verbose < i) - verbose = i; - break; - case OPT_C: - list_cap = 1; - break; - case OPT_TT: - test_avail_noise++; - /* fall through */ - case OPT_T: - test_avail++; - break; - case OPT_PRE: - if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) - goto end; - break; - case OPT_POST: - if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) - goto end; - break; - } - } - - /* Any remaining arguments are engine names. */ - argc = opt_num_rest(); - argv = opt_rest(); - for ( ; *argv; argv++) { - if (**argv == '-') { - BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n", - prog); - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - } - if (!sk_OPENSSL_CSTRING_push(engines, *argv)) - goto end; - } - - if (sk_OPENSSL_CSTRING_num(engines) == 0) { - for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { - if (!sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e))) - goto end; - } - } - - ret = 0; - for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) { - const char *id = sk_OPENSSL_CSTRING_value(engines, i); - if ((e = ENGINE_by_id(id)) != NULL) { - const char *name = ENGINE_get_name(e); - /* - * Do "id" first, then "name". Easier to auto-parse. - */ - BIO_printf(out, "(%s) %s\n", id, name); - util_do_cmds(e, pre_cmds, out, indent); - if (strcmp(ENGINE_get_id(e), id) != 0) { - BIO_printf(out, "Loaded: (%s) %s\n", - ENGINE_get_id(e), ENGINE_get_name(e)); - } - if (list_cap) { - int cap_size = 256; - char *cap_buf = NULL; - int k, n; - const int *nids; - ENGINE_CIPHERS_PTR fn_c; - ENGINE_DIGESTS_PTR fn_d; - ENGINE_PKEY_METHS_PTR fn_pk; - - if (ENGINE_get_RSA(e) != NULL - && !append_buf(&cap_buf, &cap_size, "RSA")) - goto end; - if (ENGINE_get_EC(e) != NULL - && !append_buf(&cap_buf, &cap_size, "EC")) - goto end; - if (ENGINE_get_DSA(e) != NULL - && !append_buf(&cap_buf, &cap_size, "DSA")) - goto end; - if (ENGINE_get_DH(e) != NULL - && !append_buf(&cap_buf, &cap_size, "DH")) - goto end; - if (ENGINE_get_RAND(e) != NULL - && !append_buf(&cap_buf, &cap_size, "RAND")) - goto end; - - fn_c = ENGINE_get_ciphers(e); - if (fn_c == NULL) - goto skip_ciphers; - n = fn_c(e, NULL, &nids, 0); - for (k = 0; k < n; ++k) - if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) - goto end; - - skip_ciphers: - fn_d = ENGINE_get_digests(e); - if (fn_d == NULL) - goto skip_digests; - n = fn_d(e, NULL, &nids, 0); - for (k = 0; k < n; ++k) - if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) - goto end; - - skip_digests: - fn_pk = ENGINE_get_pkey_meths(e); - if (fn_pk == NULL) - goto skip_pmeths; - n = fn_pk(e, NULL, &nids, 0); - for (k = 0; k < n; ++k) - if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) - goto end; - skip_pmeths: - { - struct util_store_cap_data store_ctx; - - store_ctx.engine = e; - store_ctx.cap_buf = &cap_buf; - store_ctx.cap_size = &cap_size; - store_ctx.ok = 1; - - OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx); - if (!store_ctx.ok) - goto end; - } - if (cap_buf != NULL && (*cap_buf != '\0')) - BIO_printf(out, " [%s]\n", cap_buf); - - OPENSSL_free(cap_buf); - } - if (test_avail) { - BIO_printf(out, "%s", indent); - if (ENGINE_init(e)) { - BIO_printf(out, "[ available ]\n"); - util_do_cmds(e, post_cmds, out, indent); - ENGINE_finish(e); - } else { - BIO_printf(out, "[ unavailable ]\n"); - if (test_avail_noise) - ERR_print_errors_fp(stdout); - ERR_clear_error(); - } - } - if ((verbose > 0) && !util_verbose(e, verbose, out, indent)) - goto end; - ENGINE_free(e); - } else { - ERR_print_errors(bio_err); - /* because exit codes above 127 have special meaning on Unix */ - if (++ret > 127) - ret = 127; - } - } - - end: - - ERR_print_errors(bio_err); - sk_OPENSSL_CSTRING_free(engines); - sk_OPENSSL_STRING_free(pre_cmds); - sk_OPENSSL_STRING_free(post_cmds); - BIO_free_all(out); - return ret; -} diff --git a/doc/build.info b/doc/build.info index 36aa5b08bb5..d7e169e5802 100644 --- a/doc/build.info +++ b/doc/build.info @@ -100,12 +100,6 @@ DEPEND[man/man1/openssl-enc.1]=man1/openssl-enc.pod GENERATE[man/man1/openssl-enc.1]=man1/openssl-enc.pod DEPEND[man1/openssl-enc.pod]{pod}=man1/openssl-enc.pod.in GENERATE[man1/openssl-enc.pod]=man1/openssl-enc.pod.in -DEPEND[html/man1/openssl-engine.html]=man1/openssl-engine.pod -GENERATE[html/man1/openssl-engine.html]=man1/openssl-engine.pod -DEPEND[man/man1/openssl-engine.1]=man1/openssl-engine.pod -GENERATE[man/man1/openssl-engine.1]=man1/openssl-engine.pod -DEPEND[man1/openssl-engine.pod]{pod}=man1/openssl-engine.pod.in -GENERATE[man1/openssl-engine.pod]=man1/openssl-engine.pod.in DEPEND[html/man1/openssl-errstr.html]=man1/openssl-errstr.pod GENERATE[html/man1/openssl-errstr.html]=man1/openssl-errstr.pod DEPEND[man/man1/openssl-errstr.1]=man1/openssl-errstr.pod @@ -376,7 +370,6 @@ html/man1/openssl-dsaparam.html \ html/man1/openssl-ec.html \ html/man1/openssl-ecparam.html \ html/man1/openssl-enc.html \ -html/man1/openssl-engine.html \ html/man1/openssl-errstr.html \ html/man1/openssl-fipsinstall.html \ html/man1/openssl-format-options.html \ @@ -438,7 +431,6 @@ man/man1/openssl-dsaparam.1 \ man/man1/openssl-ec.1 \ man/man1/openssl-ecparam.1 \ man/man1/openssl-enc.1 \ -man/man1/openssl-engine.1 \ man/man1/openssl-errstr.1 \ man/man1/openssl-fipsinstall.1 \ man/man1/openssl-format-options.1 \ diff --git a/doc/man1/build.info b/doc/man1/build.info index 5c41a1687dd..aba8a89dd59 100644 --- a/doc/man1/build.info +++ b/doc/man1/build.info @@ -18,7 +18,6 @@ DEPEND[openssl-dsa.pod]=../perlvars.pm DEPEND[openssl-ecparam.pod]=../perlvars.pm DEPEND[openssl-ec.pod]=../perlvars.pm DEPEND[openssl-enc.pod]=../perlvars.pm -DEPEND[openssl-engine.pod]=../perlvars.pm DEPEND[openssl-errstr.pod]=../perlvars.pm DEPEND[openssl-fipsinstall.pod]=../perlvars.pm DEPEND[openssl-gendsa.pod]=../perlvars.pm diff --git a/doc/man1/openssl-cmds.pod.in b/doc/man1/openssl-cmds.pod.in index 4cfb7ce4ee0..18c2ac03039 100644 --- a/doc/man1/openssl-cmds.pod.in +++ b/doc/man1/openssl-cmds.pod.in @@ -100,7 +100,6 @@ L, L, L, L, -L, L, L, L, diff --git a/doc/man1/openssl-engine.pod.in b/doc/man1/openssl-engine.pod.in deleted file mode 100644 index bcc31ebad19..00000000000 --- a/doc/man1/openssl-engine.pod.in +++ /dev/null @@ -1,132 +0,0 @@ -=pod -{- OpenSSL::safe::output_do_not_edit_headers(); -} - -=head1 NAME - -openssl-engine - load and query engines - -=head1 SYNOPSIS - -B -[B<-help>] -[B<-v>] -[B<-vv>] -[B<-vvv>] -[B<-vvvv>] -[B<-c>] -[B<-t>] -[B<-tt>] -[B<-pre> I] ... -[B<-post> I] ... -[I ...] - -=head1 DESCRIPTION - -This command has been deprecated. Providers should be used instead of engines. - -This command is used to query the status and capabilities -of the specified Is. -Engines may be specified before and after all other command-line flags. -Only those specified are queried. - -=head1 OPTIONS - -=over 4 - -=item B<-help> - -Display an option summary. - -=item B<-v> B<-vv> B<-vvv> B<-vvvv> - -Provides information about each specified engine. The first flag lists -all the possible run-time control commands; the second adds a -description of each command; the third adds the input flags, and the -final option adds the internal input flags. - -=item B<-c> - -Lists the capabilities of each engine. - -=item B<-t> - -Tests if each specified engine is available, and displays the answer. - -=item B<-tt> - -Displays an error trace for any unavailable engine. - -=item B<-pre> I - -=item B<-post> I - -Command-line configuration of engines. -The B<-pre> command is given to the engine before it is loaded and -the B<-post> command is given after the engine is loaded. -The I is of the form I:I where I is the command, -and I is the value for the command. -See the example below. - -These two options are cumulative, so they may be given more than once in the -same command. - -=back - -=head1 EXAMPLES - -To list all the commands available to a dynamic engine: - - $ openssl engine -t -tt -vvvv dynamic - (dynamic) Dynamic engine loading support - [ unavailable ] - SO_PATH: Specifies the path to the new ENGINE shared library - (input flags): STRING - NO_VCHECK: Specifies to continue even if version checking fails (boolean) - (input flags): NUMERIC - ID: Specifies an ENGINE id name for loading - (input flags): STRING - LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory) - (input flags): NUMERIC - DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory) - (input flags): NUMERIC - DIR_ADD: Adds a directory from which ENGINEs can be loaded - (input flags): STRING - LOAD: Load up the ENGINE specified by other settings - (input flags): NO_INPUT - -To list the capabilities of the B engine: - - $ openssl engine -c - (rsax) RSAX engine support - [RSA] - (dynamic) Dynamic engine loading support - -=head1 ENVIRONMENT - -=over 4 - -=item B - -The path to the engines directory. - -=back - -=head1 SEE ALSO - -L, -L - -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index edef2ff5989..569c0ffe9f9 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -131,10 +131,6 @@ EC parameter manipulation and generation. Encryption, decryption, and encoding. -=item B - -Engine (loadable module) information and manipulation. - =item B Error Number to Error String Conversion. @@ -718,8 +714,8 @@ see L. For information about the use of environment variables in configuration, see L. -For information about specific commands, see L, -L, and L. +For information about specific commands, see L +and L. For information about querying or specifying CPU architecture flags, see L, L and L. @@ -739,7 +735,6 @@ L, L, L, L, -L, L, L, L, @@ -798,6 +793,9 @@ The interactive mode, which could be invoked by running C with no further arguments, was removed in OpenSSL 3.0, and running that program with no arguments is now equivalent to C. +The B command was removed in OpenSSL 4.0 altogether with +the engine support, use providers as a replacement. + =head1 COPYRIGHT Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index 0c7656bc5f9..7cc6d96e8c5 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -80,7 +80,6 @@ This variable is not considered security-sensitive. =item B Specifies the directory from which dynamic engines are loaded. -See L. This variable is considered a security-sensitive environment variable.