Rename INIT funtions, deprecate old ones.

Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>

21 files changed, 87 insertions, 140 deletions

diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod
index 02bd3dcd7b..7d1fee47cb 100644
--- a/doc/apps/errstr.pod
+++ b/doc/apps/errstr.pod
@@ -31,9 +31,6 @@ to produce the error message:
 
 =head1 SEE ALSO
 
-L<err(3)>,
-L<ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)>
-
+L<err(3)>
 
 =cut
diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod
index bd9b605602..4d49dc789b 100644
--- a/doc/crypto/BIO_f_ssl.pod
+++ b/doc/crypto/BIO_f_ssl.pod
@@ -140,10 +140,6 @@ unencrypted example in L<BIO_s_connect(3)>.
  SSL_CTX *ctx;
  SSL *ssl;
 
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- OpenSSL_add_all_algorithms();
-
  /* We would seed the PRNG here if the platform didn't
   * do it automatically
   */
@@ -207,10 +203,6 @@ a client and also echoes the request to standard output.
  SSL_CTX *ctx;
  SSL *ssl;
 
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- OpenSSL_add_all_algorithms();
-
  /* Might seed PRNG here */
 
  ctx = SSL_CTX_new(TLS_server_method());
diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod
index 2feb72bc83..ec8fa3a0ca 100644
--- a/doc/crypto/BIO_s_accept.pod
+++ b/doc/crypto/BIO_s_accept.pod
@@ -160,7 +160,7 @@ This example accepts two connections on port 4444, sends messages
 down each and finally closes both down.
 
  BIO *abio, *cbio, *cbio2;
- ERR_load_crypto_strings();
+
  abio = BIO_new_accept("4444");
 
  /* First call to BIO_accept() sets up accept BIO */
diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod
index 648e8ed42b..7adb78da70 100644
--- a/doc/crypto/BIO_s_connect.pod
+++ b/doc/crypto/BIO_s_connect.pod
@@ -164,7 +164,7 @@ to retrieve a page and copy the result to standard output.
  BIO *cbio, *out;
  int len;
  char tmpbuf[1024];
- ERR_load_crypto_strings();
+
  cbio = BIO_new_connect("localhost:http");
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
  if(BIO_do_connect(cbio) <= 0) {
diff --git a/doc/crypto/CMS_decrypt.pod b/doc/crypto/CMS_decrypt.pod
index 06bc1062bc..4b1e97e8fd 100644
--- a/doc/crypto/CMS_decrypt.pod
+++ b/doc/crypto/CMS_decrypt.pod
@@ -22,9 +22,6 @@ is detached. It will normally be set to NULL.
 
 =head1 NOTES
 
-OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
-function or errors about unknown algorithms will occur.
-
 Although the recipients certificate is not needed to decrypt the data it is
 needed to locate the appropriate (of possible several) recipients in the CMS
 structure.
diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod
index 53202a7d57..84f7184c7a 100644
--- a/doc/crypto/CONF_modules_load_file.pod
+++ b/doc/crypto/CONF_modules_load_file.pod
@@ -45,12 +45,6 @@ return an error.
 B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
 default section pointed to by B<openssl_conf> if B<appname> does not exist.
 
-Applications should call these functions after loading builtin modules using
-OPENSSL_load_builtin_modules(), any ENGINEs for example using
-ENGINE_load_builtin_engines(), any algorithms for example
-OPENSSL_add_all_algorithms() and (if the application uses libssl)
-SSL_library_init().
-
 By using CONF_modules_load_file() with appropriate flags an application can
 customise application configuration to best suit its needs. In some cases the
 use of a configuration file is optional and its absence is not an error: in
diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod
index 68d1a535e8..81ca61c9db 100644
--- a/doc/crypto/ERR_error_string.pod
+++ b/doc/crypto/ERR_error_string.pod
@@ -42,10 +42,6 @@ ERR_lib_error_string(), ERR_func_error_string() and
 ERR_reason_error_string() return the library name, function
 name and reason string respectively.
 
-The OpenSSL error strings should be loaded by calling
-L<ERR_load_crypto_strings(3)> or, for SSL
-applications, L<SSL_load_error_strings(3)>
-first.
 If there is no text string registered for the given error code,
 the error string will contain the numeric code.
 
@@ -64,8 +60,6 @@ none is registered for the error code.
 =head1 SEE ALSO
 
 L<err(3)>, L<ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)>
 L<ERR_print_errors(3)>
 
 =cut
diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod
index b4af1fc509..88678d9020 100644
--- a/doc/crypto/ERR_load_crypto_strings.pod
+++ b/doc/crypto/ERR_load_crypto_strings.pod
@@ -37,4 +37,10 @@ ERR_free_strings() return no values.
 
 L<err(3)>, L<ERR_error_string(3)>
 
+=head1 HISTORY
+
+The ERR_load_crypto_strings(), SSL_load_error_strings(), and
+ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by
+OPENSSL_init_crypto() and OPENSSL_init_ssl().
+
 =cut
diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod
index 3b0defe407..aec8a1029a 100644
--- a/doc/crypto/ERR_print_errors.pod
+++ b/doc/crypto/ERR_print_errors.pod
@@ -39,8 +39,6 @@ ERR_print_errors() and ERR_print_errors_fp() return no values.
 =head1 SEE ALSO
 
 L<err(3)>, L<ERR_error_string(3)>,
-L<ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)>
+L<ERR_get_error(3)>.
 
 =cut
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index 1b98c1c0fa..db9c04004e 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -143,8 +143,7 @@ returns is of zero length.
 
 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
 return an B<EVP_MD> structure when passed a digest name, a digest NID or
-an ASN1_OBJECT structure respectively. The digest table must be initialized
-using, for example, OpenSSL_add_all_digests() for these functions to work.
+an ASN1_OBJECT structure respectively.
 
 =head1 RETURN VALUES
 
@@ -210,8 +209,6 @@ digest name passed on the command line.
  unsigned char md_value[EVP_MAX_MD_SIZE];
  int md_len, i;
 
- OpenSSL_add_all_digests();
-
  if(!argv[1]) {
  	printf("Usage: mdtest digestname\n");
 	exit(1);
diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
index fbf8b6d2c3..4c82566097 100644
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -60,4 +60,9 @@ L<conf(5)>,
 L<CONF_modules_load_file(3)>,
 L<CONF_modules_free(3)>
 
+=head1 HISTORY
+
+The OPENSSL_no_config() and OPENSSL_config() functions were
+deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
+
 =cut
diff --git a/doc/crypto/OPENSSL_INIT_crypto_library_start.pod b/doc/crypto/OPENSSL_init_crypto.pod
index 16f95fe604..11bc1c7f7b 100644
--- a/doc/crypto/OPENSSL_INIT_crypto_library_start.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -2,19 +2,18 @@
 
 =head1 NAME
 
-OPENSSL_INIT_crypto_library_start, OPENSSL_INIT_library_stop,
-OPENSSL_INIT_register_stop_handler, OPENSSL_INIT_thread_stop - OpenSSL
+OPENSSL_init_crypto, OPENSSL_cleanup,
+OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
 initialisation and deinitialisation functions
 
 =head1 SYNOPSIS
 
  #include <openssl/crypto.h>
 
- void OPENSSL_INIT_library_stop(void);
- void OPENSSL_INIT_crypto_library_start(uint64_t opts,
-                                        const OPENSSL_INIT_SETTINGS *settings);
- int OPENSSL_INIT_register_stop_handler(void (*handler)(void));
- void OPENSSL_INIT_thread_stop(void);
+ void OPENSSL_cleanup(void);
+ void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ int OPENSSL_atexit(void (*handler)(void));
+ void OPENSSL_thread_stop(void);
 
 =head1 DESCRIPTION
 
@@ -30,13 +29,13 @@ automatically deinitialise as required.
 
 However, there way be situations when explicit initialisation is desirable or
 needed, for example when some non-default initialisation is required. The
-function OPENSSL_INIT_crypto_library_start() can be used for this purpose for
-libcrypto (see also L<OPENSSL_INIT_ssl_library_start(3)> for the libssl
+function OPENSSL_init_crypto() can be used for this purpose for
+libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
 equivalent).
 
-Numerous internal OpenSSL functions call OPENSSL_INIT_crypto_library_start().
+Numerous internal OpenSSL functions call OPENSSL_init_crypto().
 Therefore, in order to perform non-default initialisation,
-OPENSSL_INIT_crypto_library_start() MUST be called by application code prior to
+OPENSSL_init_crypto() MUST be called by application code prior to
 any other OpenSSL function calls.
 
 The B<opts> parameter specifies which aspects of libcrypto should be
@@ -46,49 +45,45 @@ initialised. Valid options are:
 
 =item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
 
-Suppress automatic loading of the libcrypto error strings. With this option the
-library will not automatically call ERR_load_crypto_strings(). This option is
+Suppress automatic loading of the libcrypto error strings. This option is
 not a default option. Once selected subsequent calls to
-OPENSSL_INIT_crypto_library_start() with the option
-B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored. Applications may call
-ERR_load_crypto_strings() directly if they wish even if this option has been
-selected. If they do so then they must also explicitly call ERR_free_strings()
-on application close down.
+OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
 
 =item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
 
 Automatic loading of the libcrypto error strings. With this option the
-library will automatically call ERR_load_crypto_strings(). This option is a
-default option. Once selected subsequent calls to
-OPENSSL_INIT_crypto_library_start() with the option
+library will automatically load the libcrypto error strings.
+This option is a default option. Once selected subsequent calls to
+OPENSSL_init_crypto() with the option
 B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
 
 =item OPENSSL_INIT_ADD_ALL_CIPHERS
 
 With this option the library will automatically load and make available all
 libcrypto ciphers. This option is a default option. Once selected subsequent
-calls to OPENSSL_INIT_crypto_library_start() with the option
+calls to OPENSSL_init_crypto() with the option
 B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
 
 =item OPENSSL_INIT_ADD_ALL_DIGESTS
 
 With this option the library will automatically load and make available all
 libcrypto digests. This option is a default option. Once selected subsequent
-calls to OPENSSL_INIT_crypto_library_start() with the option
+calls to OPENSSL_init_crypto() with the option
 B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
 
 =item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
 
 With this option the library will suppress automatic loading of libcrypto
 ciphers. This option is not a default option. Once selected subsequent
-calls to OPENSSL_INIT_crypto_library_start() with the option
+calls to OPENSSL_init_crypto() with the option
 B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
 
 =item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
 
 With this option the library will suppress automatic loading of libcrypto
 digests. This option is not a default option. Once selected subsequent
-calls to OPENSSL_INIT_crypto_library_start() with the option
+calls to OPENSSL_init_crypto() with the option
 B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
 
 =item OPENSSL_INIT_LOAD_CONFIG
@@ -168,30 +163,30 @@ configuration file is assumed. For example
      { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" },
      { OPENSSL_INIT_SET_END, .value.type_int = 0 }
  };
- OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, settings);
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
 
 The B<settings> parameter must be an array of OPENSSL_INIT_SETTINGS values
 terminated with an OPENSSL_INIT_SET_END entry.
 
-The OPENSSL_INIT_library_stop() function deinitialises OpenSSL (both libcrypto
+The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
 and libssl). All resources allocated by OpenSSL are freed. Typically there
 should be no need to call this function directly as it is initiated
 automatically on application exit. This is done via the standard C library
 L<atexit(3)> function. In the event that the application will close in a manner
 that will not call the registered atexit() handlers then the application should
-call OPENSSL_INIT_library_stop() directly. Developers of libraries using OpenSSL
+call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
 are discouraged from calling this function and should instead, typically, rely
 on auto-deinitialisation. This is to avoid error conditions where both an
 application and a library it depends on both use OpenSSL, and the library
 deinitialises it before the application has finished using it.
 
-The OPENSSL_INIT_register_stop_handler() function enables the registration of a
-function to be called during OPENSSL_INIT_library_stop(). Stop handlers are
+The OPENSSL_atexit() function enables the registration of a
+function to be called during OPENSSL_cleanup(). Stop handlers are
 called after deinitialisation of resources local to a thread, but before other
 process wide resources are freed. In the event that multiple stop handlers are
 registered, no guarantees are made about the order of execution.
 
-The OPENSSL_INIT_thread_stop() function deallocates resources associated
+The OPENSSL_thread_stop() function deallocates resources associated
 with the current thread. Typically this function will be called automatically by
 the library when the thread exits. This should only be called directly if
 resources should be freed at an earlier time, or under the circumstances
@@ -205,23 +200,22 @@ platforms this is done in response to a DLL_THREAD_DETACH message being sent to
 the libeay32.dll entry point. Some windows functions may cause threads to exit
 without sending this message (for example ExitProcess()). If the application
 uses such functions, then the application must free up OpenSSL resources
-directly via a call to OPENSSL_INIT_thread_stop(). Similarly this message will
+directly via a call to OPENSSL_thread_stop(). Similarly this message will
 also not be sent if OpenSSL is linked statically, and therefore applications
-using static linking should also call OPENSSL_INIT_thread_stop().
+using static linking should also call OPENSSL_thread_stop().
 
 =head1 RETURN VALUES
 
-The function OPENSSL_INIT_register_stop_handler() returns 1 on success or 0 on
+The function OPENSSL_atexit() returns 1 on success or 0 on
 error.
 
 =head1 SEE ALSO
 
-L<OPENSSL_INIT_ssl_library_start(3)>
+L<OPENSSL_init_ssl(3)>
 
 =head1 HISTORY
 
-The OPENSSL_INIT_library_stop, OPENSSL_INIT_crypto_library_start,
-OPENSSL_INIT_register_stop_handler and OPENSSL_INIT_thread_stop functions were
-added in OpenSSL 1.1.0.
+The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
+and OPENSSL_thread_stop() functions were added in OpenSSL 1.1.0.
 
 =cut
diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod
index 3ca0576da8..b107155a3a 100644
--- a/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ b/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -63,4 +63,10 @@ too much of a problem in practice.
 L<evp(3)>, L<EVP_DigestInit(3)>,
 L<EVP_EncryptInit(3)>
 
+=head1 HISTORY
+
+The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(),
+OpenSSL_add_all_digests(), and EVP_cleanup(), functions
+were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
+
 =cut
diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod
index 71313b80ff..90cf5062f1 100644
--- a/doc/crypto/PKCS7_decrypt.pod
+++ b/doc/crypto/PKCS7_decrypt.pod
@@ -19,9 +19,6 @@ B<flags> is an optional set of flags.
 
 =head1 NOTES
 
-OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
-function or errors about unknown algorithms will occur.
-
 Although the recipients certificate is not needed to decrypt the data it is needed
 to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
 
diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey.pod
index a4213faf69..cc204790ce 100644
--- a/doc/crypto/d2i_PKCS8PrivateKey.pod
+++ b/doc/crypto/d2i_PKCS8PrivateKey.pod
@@ -39,10 +39,6 @@ corresponding B<PEM> function as described in the L<pem(3)> manual page.
 
 =head1 NOTES
 
-Before using these functions L<OpenSSL_add_all_algorithms(3)>
-should be called to initialize the internal algorithm lookup tables otherwise errors about
-unknown algorithms will occur if an attempt is made to decrypt a private key. 
-
 These functions are currently the only way to store encrypted private keys using DER format.
 
 Currently all the functions use BIOs or FILE pointers, there are no functions which
diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
index 11191ef560..99ed170321 100644
--- a/doc/crypto/engine.pod
+++ b/doc/crypto/engine.pod
@@ -21,14 +21,6 @@ engine - ENGINE cryptographic module support
  int ENGINE_init(ENGINE *e);
  int ENGINE_finish(ENGINE *e);
 
- void ENGINE_load_openssl(void);
- void ENGINE_load_dynamic(void);
- #ifndef OPENSSL_NO_STATIC_ENGINE
- void ENGINE_load_chil(void);
- void ENGINE_load_gmp(void);
- void ENGINE_load_ubsec(void);
- #endif
- void ENGINE_load_cryptodev(void);
  void ENGINE_load_builtin_engines(void);
 
  void ENGINE_cleanup(void);
@@ -301,17 +293,7 @@ it uses static linking against openssl, then the resulting application
 binary will not contain any alternative ENGINE code at all. So the first
 consideration is whether any/all available ENGINE implementations should be
 made visible to OpenSSL - this is controlled by calling the various "load"
-functions, eg.
-
- /* Make the "dynamic" ENGINE available */
- void ENGINE_load_dynamic(void);
- /* Make the CryptoSwift hardware acceleration support available */
- void ENGINE_load_cswift(void);
- /* Make support for nCipher's "CHIL" hardware available */
- void ENGINE_load_chil(void);
- ...
- /* Make ALL ENGINE implementations bundled with OpenSSL available */
- void ENGINE_load_builtin_engines(void);
+functions.
 
 Having called any of these functions, ENGINE objects would have been
 dynamically allocated and populated with these implementations and linked
@@ -567,6 +549,11 @@ extension).
 
 =head1 SEE ALSO
 
-L<rsa(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
+L<OPENSSL_init_crypto(3)>, L<rsa(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
+
+=head1 HISTORY
+
+ENGINE_load_openssl(), ENGINE_load_dynamic(), and ENGINE_load_cryptodev()
+were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
 
 =cut
diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
index 4f512e6db0..5fafbc5490 100644
--- a/doc/crypto/err.pod
+++ b/doc/crypto/err.pod
@@ -188,4 +188,9 @@ L<ERR_put_error(3)>,
 L<ERR_load_strings(3)>,
 L<SSL_get_error(3)>
 
+=head1 HISTORY
+
+The ERR_load_crypto_strings() function was deprecated in OpenSSL 1.1.0 by
+OPENSSL_init_crypto().
+
 =cut
diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod
index 58ce83de8c..09870b4432 100644
--- a/doc/crypto/evp.pod
+++ b/doc/crypto/evp.pod
@@ -61,8 +61,6 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD
 implementation. However, new applications should not typically use this (preferring, for example,
 PBKDF2 from PCKS#5).
 
-Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)>.
-
 All the symmetric algorithms (ciphers), digests and asymmetric algorithms
 (public key algorithms) can be replaced by L<engine(3)> modules providing alternative
 implementations. If ENGINE implementations of ciphers or digests are registered
@@ -97,7 +95,6 @@ L<EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)>,
 L<EVP_BytesToKey(3)>,
-L<OpenSSL_add_all_algorithms(3)>,
 L<engine(3)>
 
 =cut
diff --git a/doc/ssl/OPENSSL_INIT_ssl_library_start.pod b/doc/ssl/OPENSSL_init_ssl.pod
index c0f598df30..d9246a53c1 100644
--- a/doc/ssl/OPENSSL_INIT_ssl_library_start.pod
+++ b/doc/ssl/OPENSSL_init_ssl.pod
@@ -2,14 +2,13 @@
 
 =head1 NAME
 
-OPENSSL_INIT_ssl_library_start - OpenSSL (libssl and libcrypto) initialisation
+OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
- void OPENSSL_INIT_ssl_library_start(uint64_t opts,
-                                     const OPENSSL_INIT_SETTINGS *settings);
+ void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
 
 =head1 DESCRIPTION
 
@@ -25,40 +24,35 @@ automatically deinitialise as required.
 
 However, there way be situations when explicit initialisation is desirable or
 needed, for example when some non-default initialisation is required. The
-function OPENSSL_INIT_ssl_library_start() can be used for this purpose. Calling
+function OPENSSL_init_ssl() can be used for this purpose. Calling
 this function will explicitly initialise BOTH libcrypto and libssl. To
 explicitly initialise ONLY libcrypto see the
-L<OPENSSL_INIT_crypto_library_start(3)> function.
+L<OPENSSL_init_crypto(3)> function.
 
-Numerous internal OpenSSL functions call OPENSSL_INIT_ssl_library_start().
+Numerous internal OpenSSL functions call OPENSSL_init_ssl().
 Therefore, in order to perform non-default initialisation,
-OPENSSL_INIT_ssl_library_start() MUST be called by application code prior to
+OPENSSL_init_ssl() MUST be called by application code prior to
 any other OpenSSL function calls.
 
 The B<opts> parameter specifies which aspects of libssl and libcrypto should be
 initialised. Valid options for libcrypto are described on the
-L<OPENSSL_INIT_crypto_library_start(3)> page. In addition to any libcrypto
+L<OPENSSL_init_crypto(3)> page. In addition to any libcrypto
 specific option the following libssl options can also be used:
 
 =over 4
 
 =item OPENSSL_INIT_NO_LOAD_SSL_STRINGS
 
-Suppress automatic loading of the libssl error strings. With this option the
-library will not automatically call ERR_load_SSL_strings(). This option is
+Suppress automatic loading of the libssl error strings. This option is
 not a default option. Once selected subsequent calls to
-OPENSSL_INIT_ssl_library_start() with the option
-B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored. Applications may call
-ERR_load_SSL_strings() directly if they wish even if this option has been
-selected. If they do so then they must also explicitly call ERR_free_strings()
-on application close down.
+OPENSSL_init_ssl() with the option
+B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
 
 =item OPENSSL_INIT_LOAD_SSL_STRINGS
 
-Automatic loading of the libssl error strings. With this option the
-library will automatically call ERR_load_SSL_strings(). This option is a
+Automatic loading of the libssl error strings. This option is a
 default option. Once selected subsequent calls to
-OPENSSL_INIT_ssl_library_start() with the option
+OPENSSL_init_ssl() with the option
 B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
 
 =back
@@ -66,15 +60,15 @@ B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
 The B<settings> parameter specifies optional settings values to an option.
 Currently no such settings are available for libssl specific options. However
 these settings will also be passed internally to a call to
-L<OPENSSL_INIT_crypto_library_start(3)>, so this parameter can also be used to
+L<OPENSSL_init_crypto(3)>, so this parameter can also be used to
 provide libcrypto settings values.
 
 =head1 SEE ALSO
 
-L<OPENSSL_INIT_crypto_library_start(3)>
+L<OPENSSL_init_crypto(3)>
 
 =head1 HISTORY
 
-The OPENSSL_INIT_ssl_library_start function was added in OpenSSL 1.1.0.
+The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.
 
 =cut
diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod
index d96d3f0613..c872858ca3 100644
--- a/doc/ssl/SSL_library_init.pod
+++ b/doc/ssl/SSL_library_init.pod
@@ -28,14 +28,6 @@ SSL_library_init() is not reentrant.
 SSL_library_init() adds ciphers and digests used directly and indirectly by
 SSL/TLS.
 
-=head1 EXAMPLES
-
-A typical TLS/SSL application will start with the library initialization,
-and provide readable error messages.
-
- SSL_load_error_strings();                /* readable error messages */
- SSL_library_init();                      /* initialize library */
-
 =head1 RETURN VALUES
 
 SSL_library_init() always returns "1", so it is safe to discard the return
@@ -43,7 +35,12 @@ value.
 
 =head1 SEE ALSO
 
-L<ssl(3)>, L<SSL_load_error_strings(3)>,
+L<ssl(3)>,
 L<RAND_add(3)>
 
+=head1 HISTORY
+
+The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were
+deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().
+
 =cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 597b88e5f7..e350c3e14f 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -13,9 +13,6 @@ The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
 Transport Layer Security (TLS v1) protocols. It provides a rich API which is
 documented here.
 
-At first the library must be initialized; see
-L<SSL_library_init(3)>.
-
 Then an B<SSL_CTX> object is created as a framework to establish
 TLS/SSL enabled connections (see L<SSL_CTX_new(3)>).
 Various options regarding certificates, algorithms etc. can be set
@@ -560,8 +557,6 @@ fresh handle for each connection.
 
 =item STACK *B<SSL_load_client_CA_file>(char *file);
 
-=item void B<SSL_load_error_strings>(void);
-
 =item SSL *B<SSL_new>(SSL_CTX *ctx);
 
 =item void SSL_up_ref(SSL *s);
@@ -742,7 +737,6 @@ L<SSL_get_rbio(3)>,
 L<SSL_get_session(3)>,
 L<SSL_get_verify_result(3)>,
 L<SSL_get_version(3)>,
-L<SSL_library_init(3)>,
 L<SSL_load_client_CA_file(3)>,
 L<SSL_new(3)>,
 L<SSL_pending(3)>,