aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2019-02-26 19:36:57 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2019-02-26 19:36:57 +0000
commitd24743ebafc832ef815e1b2e9d83edf8f5e052d3 (patch)
tree147a4441f0a6588f14a28afb568b8027a2f5093b
parent5deeb844204f049abca3201bd23aa7b9aa008f1c (diff)
downloadsrc-d24743ebafc832ef815e1b2e9d83edf8f5e052d3.tar.gz
src-d24743ebafc832ef815e1b2e9d83edf8f5e052d3.zip
Merge OpenSSL 1.0.2r.
Notes
Notes: svn path=/stable/11/; revision=344604
-rw-r--r--crypto/openssl/CHANGES27
-rw-r--r--crypto/openssl/Makefile4
-rw-r--r--crypto/openssl/Makefile.org2
-rw-r--r--crypto/openssl/NEWS4
-rw-r--r--crypto/openssl/README2
-rw-r--r--crypto/openssl/crypto/asn1/ameth_lib.c27
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c11
-rw-r--r--crypto/openssl/crypto/bn/bn_ctx.c4
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c3
-rw-r--r--crypto/openssl/crypto/bn/bntest.c101
-rw-r--r--crypto/openssl/crypto/constant_time_locl.h6
-rw-r--r--crypto/openssl/crypto/ec/ec_ameth.c2
-rw-r--r--crypto/openssl/crypto/err/Makefile2
-rw-r--r--crypto/openssl/crypto/err/err.c38
-rw-r--r--crypto/openssl/crypto/evp/evp.h2
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c40
-rw-r--r--crypto/openssl/crypto/evp/evp_err.c4
-rw-r--r--crypto/openssl/crypto/evp/evp_test.c4
-rw-r--r--crypto/openssl/crypto/opensslv.h6
-rw-r--r--crypto/openssl/crypto/rsa/Makefile6
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c15
-rw-r--r--crypto/openssl/crypto/rsa/rsa_oaep.c96
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pk1.c98
-rw-r--r--crypto/openssl/crypto/rsa/rsa_ssl.c134
-rw-r--r--crypto/openssl/doc/apps/ca.pod2
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_parse.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod7
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod3
-rw-r--r--crypto/openssl/doc/crypto/X509_cmp_time.pod (renamed from crypto/openssl/doc/man3/X509_cmp_time.pod)2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_error.pod13
-rw-r--r--crypto/openssl/doc/ssl/SSL_shutdown.pod4
-rw-r--r--crypto/openssl/ssl/d1_pkt.c1
-rw-r--r--crypto/openssl/ssl/s3_pkt.c10
-rw-r--r--crypto/openssl/ssl/t1_lib.c20
-rw-r--r--secure/lib/libcrypto/Makefile.inc7
-rw-r--r--secure/lib/libcrypto/man/ASN1_OBJECT_new.340
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_length.344
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_new.336
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_print_ex.338
-rw-r--r--secure/lib/libcrypto/man/ASN1_TIME_set.352
-rw-r--r--secure/lib/libcrypto/man/ASN1_generate_nconf.330
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.378
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.332
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.362
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.354
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.378
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.326
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.376
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.344
-rw-r--r--secure/lib/libcrypto/man/BIO_new.344
-rw-r--r--secure/lib/libcrypto/man/BIO_new_CMS.342
-rw-r--r--secure/lib/libcrypto/man/BIO_push.336
-rw-r--r--secure/lib/libcrypto/man/BIO_read.352
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.366
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.3100
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.398
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.374
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.388
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.342
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.326
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.344
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.332
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.360
-rw-r--r--secure/lib/libcrypto/man/BN_BLINDING_new.362
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.352
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.348
-rw-r--r--secure/lib/libcrypto/man/BN_add.380
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.350
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.368
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.342
-rw-r--r--secure/lib/libcrypto/man/BN_copy.332
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.350
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.332
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.360
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.350
-rw-r--r--secure/lib/libcrypto/man/BN_new.342
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.344
-rw-r--r--secure/lib/libcrypto/man/BN_rand.346
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.348
-rw-r--r--secure/lib/libcrypto/man/BN_swap.326
-rw-r--r--secure/lib/libcrypto/man/BN_zero.346
-rw-r--r--secure/lib/libcrypto/man/CMS_add0_cert.346
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_recipient_cert.338
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_signer.346
-rw-r--r--secure/lib/libcrypto/man/CMS_compress.342
-rw-r--r--secure/lib/libcrypto/man/CMS_decrypt.344
-rw-r--r--secure/lib/libcrypto/man/CMS_encrypt.348
-rw-r--r--secure/lib/libcrypto/man/CMS_final.332
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_RecipientInfos.374
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_SignerInfos.354
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_type.350
-rw-r--r--secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.348
-rw-r--r--secure/lib/libcrypto/man/CMS_sign.344
-rw-r--r--secure/lib/libcrypto/man/CMS_sign_receipt.338
-rw-r--r--secure/lib/libcrypto/man/CMS_uncompress.336
-rw-r--r--secure/lib/libcrypto/man/CMS_verify.338
-rw-r--r--secure/lib/libcrypto/man/CMS_verify_receipt.338
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_free.336
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_load_file.344
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_set_ex_data.346
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.340
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.352
-rw-r--r--secure/lib/libcrypto/man/DH_get_ex_new_index.330
-rw-r--r--secure/lib/libcrypto/man/DH_new.340
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.358
-rw-r--r--secure/lib/libcrypto/man/DH_size.328
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.338
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.340
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.332
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.336
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.346
-rw-r--r--secure/lib/libcrypto/man/DSA_get_ex_new_index.330
-rw-r--r--secure/lib/libcrypto/man/DSA_new.340
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.358
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.348
-rw-r--r--secure/lib/libcrypto/man/DSA_size.326
-rw-r--r--secure/lib/libcrypto/man/EC_GFp_simple_method.336
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_copy.330
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_new.330
-rw-r--r--secure/lib/libcrypto/man/EC_KEY_new.340
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_add.330
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_new.330
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.334
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.330
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.356
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.356
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.338
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.338
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.338
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.336
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.330
-rw-r--r--secure/lib/libcrypto/man/ERR_set_mark.334
-rw-r--r--secure/lib/libcrypto/man/EVP_BytesToKey.332
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.3124
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestSignInit.360
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestVerifyInit.356
-rw-r--r--secure/lib/libcrypto/man/EVP_EncodeInit.356
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.3176
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.346
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.366
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_new.336
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_cmp.346
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_decrypt.344
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_derive.346
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_encrypt.352
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.334
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_keygen.360
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_meth_new.3112
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_new.336
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_print_private.332
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.354
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_sign.354
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify.346
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify_recover.346
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.350
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.370
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.368
-rw-r--r--secure/lib/libcrypto/man/OBJ_nid2obj.360
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_Applink.322
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.330
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_config.344
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_ia32cap.324
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_instrument_bus.322
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.338
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.344
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.342
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.342
-rw-r--r--secure/lib/libcrypto/man/PKCS12_create.328
-rw-r--r--secure/lib/libcrypto/man/PKCS12_parse.335
-rw-r--r--secure/lib/libcrypto/man/PKCS7_decrypt.338
-rw-r--r--secure/lib/libcrypto/man/PKCS7_encrypt.344
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign.340
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign_add_signer.342
-rw-r--r--secure/lib/libcrypto/man/PKCS7_verify.342
-rw-r--r--secure/lib/libcrypto/man/RAND_add.352
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.340
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.330
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.358
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.340
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.348
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.336
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.334
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.344
-rw-r--r--secure/lib/libcrypto/man/RSA_get_ex_new_index.376
-rw-r--r--secure/lib/libcrypto/man/RSA_new.340
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.367
-rw-r--r--secure/lib/libcrypto/man/RSA_print.330
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.338
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.338
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.378
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.342
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.342
-rw-r--r--secure/lib/libcrypto/man/RSA_size.326
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_CMS.344
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_PKCS7.344
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_CMS.340
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_PKCS7.342
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.353
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.342
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.350
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_print_ex.342
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_error.352
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.332
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_new.380
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.336
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.336
-rw-r--r--secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.398
-rw-r--r--secure/lib/libcrypto/man/X509_check_host.352
-rw-r--r--secure/lib/libcrypto/man/X509_check_private_key.332
-rw-r--r--secure/lib/libcrypto/man/X509_cmp_time.328
-rw-r--r--secure/lib/libcrypto/man/X509_new.336
-rw-r--r--secure/lib/libcrypto/man/X509_verify_cert.334
-rw-r--r--secure/lib/libcrypto/man/bio.348
-rw-r--r--secure/lib/libcrypto/man/blowfish.350
-rw-r--r--secure/lib/libcrypto/man/bn.358
-rw-r--r--secure/lib/libcrypto/man/bn_internal.356
-rw-r--r--secure/lib/libcrypto/man/buffer.350
-rw-r--r--secure/lib/libcrypto/man/crypto.352
-rw-r--r--secure/lib/libcrypto/man/d2i_ASN1_OBJECT.328
-rw-r--r--secure/lib/libcrypto/man/d2i_CMS_ContentInfo.328
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.328
-rw-r--r--secure/lib/libcrypto/man/d2i_DSAPublicKey.338
-rw-r--r--secure/lib/libcrypto/man/d2i_ECPKParameters.348
-rw-r--r--secure/lib/libcrypto/man/d2i_ECPrivateKey.348
-rw-r--r--secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.330
-rw-r--r--secure/lib/libcrypto/man/d2i_PrivateKey.348
-rw-r--r--secure/lib/libcrypto/man/d2i_RSAPublicKey.336
-rw-r--r--secure/lib/libcrypto/man/d2i_X509.384
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_ALGOR.328
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_CRL.328
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_NAME.328
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_REQ.328
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_SIG.328
-rw-r--r--secure/lib/libcrypto/man/des.3148
-rw-r--r--secure/lib/libcrypto/man/dh.338
-rw-r--r--secure/lib/libcrypto/man/dsa.348
-rw-r--r--secure/lib/libcrypto/man/ec.342
-rw-r--r--secure/lib/libcrypto/man/ecdsa.358
-rw-r--r--secure/lib/libcrypto/man/engine.376
-rw-r--r--secure/lib/libcrypto/man/err.368
-rw-r--r--secure/lib/libcrypto/man/evp.388
-rw-r--r--secure/lib/libcrypto/man/hmac.362
-rw-r--r--secure/lib/libcrypto/man/i2d_CMS_bio_stream.342
-rw-r--r--secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.342
-rw-r--r--secure/lib/libcrypto/man/lh_stats.332
-rw-r--r--secure/lib/libcrypto/man/lhash.388
-rw-r--r--secure/lib/libcrypto/man/md5.350
-rw-r--r--secure/lib/libcrypto/man/mdc2.340
-rw-r--r--secure/lib/libcrypto/man/pem.340
-rw-r--r--secure/lib/libcrypto/man/rand.346
-rw-r--r--secure/lib/libcrypto/man/rc4.336
-rw-r--r--secure/lib/libcrypto/man/ripemd.342
-rw-r--r--secure/lib/libcrypto/man/rsa.346
-rw-r--r--secure/lib/libcrypto/man/sha.344
-rw-r--r--secure/lib/libcrypto/man/threads.364
-rw-r--r--secure/lib/libcrypto/man/ui.384
-rw-r--r--secure/lib/libcrypto/man/ui_compat.342
-rw-r--r--secure/lib/libcrypto/man/x509.348
-rw-r--r--secure/lib/libssl/man/SSL_CIPHER_get_name.348
-rw-r--r--secure/lib/libssl/man/SSL_COMP_add_compression_method.336
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_new.340
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.338
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set_flags.344
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.342
-rw-r--r--secure/lib/libssl/man/SSL_CONF_cmd.370
-rw-r--r--secure/lib/libssl/man/SSL_CONF_cmd_argv.336
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add1_chain_cert.364
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.362
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_session.342
-rw-r--r--secure/lib/libssl/man/SSL_CTX_ctrl.328
-rw-r--r--secure/lib/libssl/man/SSL_CTX_flush_sessions.346
-rw-r--r--secure/lib/libssl/man/SSL_CTX_free.336
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get0_param.334
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_ex_new_index.342
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_verify_mode.336
-rw-r--r--secure/lib/libssl/man/SSL_CTX_load_verify_locations.344
-rw-r--r--secure/lib/libssl/man/SSL_CTX_new.356
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_number.356
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.342
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.364
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sessions.336
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set1_curves.350
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.358
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.340
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_cb.350
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_store.352
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.340
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cipher_list.346
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_CA_list.356
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.356
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.332
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.340
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_generate_session_id.348
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_info_callback.342
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_max_cert_list.344
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_mode.352
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_msg_callback.340
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_options.372
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.326
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.354
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_read_ahead.330
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.358
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_id_context.334
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_ssl_version.348
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_timeout.348
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.338
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.346
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.336
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.348
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.354
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_verify.364
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_certificate.3110
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.332
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_serverinfo.330
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_free.344
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.346
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_time.346
-rw-r--r--secure/lib/libssl/man/SSL_accept.354
-rw-r--r--secure/lib/libssl/man/SSL_alert_type_string.340
-rw-r--r--secure/lib/libssl/man/SSL_check_chain.332
-rw-r--r--secure/lib/libssl/man/SSL_clear.352
-rw-r--r--secure/lib/libssl/man/SSL_connect.354
-rw-r--r--secure/lib/libssl/man/SSL_do_handshake.354
-rw-r--r--secure/lib/libssl/man/SSL_export_keying_material.326
-rw-r--r--secure/lib/libssl/man/SSL_free.342
-rw-r--r--secure/lib/libssl/man/SSL_get_SSL_CTX.328
-rw-r--r--secure/lib/libssl/man/SSL_get_ciphers.338
-rw-r--r--secure/lib/libssl/man/SSL_get_client_CA_list.342
-rw-r--r--secure/lib/libssl/man/SSL_get_current_cipher.336
-rw-r--r--secure/lib/libssl/man/SSL_get_default_timeout.338
-rw-r--r--secure/lib/libssl/man/SSL_get_error.369
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.340
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_new_index.346
-rw-r--r--secure/lib/libssl/man/SSL_get_fd.330
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_cert_chain.328
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_certificate.334
-rw-r--r--secure/lib/libssl/man/SSL_get_psk_identity.332
-rw-r--r--secure/lib/libssl/man/SSL_get_rbio.326
-rw-r--r--secure/lib/libssl/man/SSL_get_session.350
-rw-r--r--secure/lib/libssl/man/SSL_get_verify_result.340
-rw-r--r--secure/lib/libssl/man/SSL_get_version.326
-rw-r--r--secure/lib/libssl/man/SSL_library_init.344
-rw-r--r--secure/lib/libssl/man/SSL_load_client_CA_file.332
-rw-r--r--secure/lib/libssl/man/SSL_new.332
-rw-r--r--secure/lib/libssl/man/SSL_pending.338
-rw-r--r--secure/lib/libssl/man/SSL_read.392
-rw-r--r--secure/lib/libssl/man/SSL_rstate_string.330
-rw-r--r--secure/lib/libssl/man/SSL_session_reused.326
-rw-r--r--secure/lib/libssl/man/SSL_set_bio.334
-rw-r--r--secure/lib/libssl/man/SSL_set_connect_state.352
-rw-r--r--secure/lib/libssl/man/SSL_set_fd.334
-rw-r--r--secure/lib/libssl/man/SSL_set_session.342
-rw-r--r--secure/lib/libssl/man/SSL_set_shutdown.344
-rw-r--r--secure/lib/libssl/man/SSL_set_verify_result.336
-rw-r--r--secure/lib/libssl/man/SSL_shutdown.384
-rw-r--r--secure/lib/libssl/man/SSL_state_string.330
-rw-r--r--secure/lib/libssl/man/SSL_want.352
-rw-r--r--secure/lib/libssl/man/SSL_write.382
-rw-r--r--secure/lib/libssl/man/d2i_SSL_SESSION.350
-rw-r--r--secure/lib/libssl/man/ssl.3194
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.128
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.126
-rw-r--r--secure/usr.bin/openssl/man/ca.136
-rw-r--r--secure/usr.bin/openssl/man/ciphers.124
-rw-r--r--secure/usr.bin/openssl/man/cms.130
-rw-r--r--secure/usr.bin/openssl/man/crl.126
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.124
-rw-r--r--secure/usr.bin/openssl/man/dgst.126
-rw-r--r--secure/usr.bin/openssl/man/dhparam.126
-rw-r--r--secure/usr.bin/openssl/man/dsa.130
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.130
-rw-r--r--secure/usr.bin/openssl/man/ec.128
-rw-r--r--secure/usr.bin/openssl/man/ecparam.128
-rw-r--r--secure/usr.bin/openssl/man/enc.124
-rw-r--r--secure/usr.bin/openssl/man/errstr.128
-rw-r--r--secure/usr.bin/openssl/man/gendsa.128
-rw-r--r--secure/usr.bin/openssl/man/genpkey.126
-rw-r--r--secure/usr.bin/openssl/man/genrsa.128
-rw-r--r--secure/usr.bin/openssl/man/nseq.122
-rw-r--r--secure/usr.bin/openssl/man/ocsp.122
-rw-r--r--secure/usr.bin/openssl/man/openssl.150
-rw-r--r--secure/usr.bin/openssl/man/passwd.122
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.134
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.124
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.130
-rw-r--r--secure/usr.bin/openssl/man/pkey.132
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.126
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.130
-rw-r--r--secure/usr.bin/openssl/man/rand.126
-rw-r--r--secure/usr.bin/openssl/man/req.140
-rw-r--r--secure/usr.bin/openssl/man/rsa.130
-rw-r--r--secure/usr.bin/openssl/man/rsautl.124
-rw-r--r--secure/usr.bin/openssl/man/s_client.130
-rw-r--r--secure/usr.bin/openssl/man/s_server.128
-rw-r--r--secure/usr.bin/openssl/man/s_time.136
-rw-r--r--secure/usr.bin/openssl/man/sess_id.124
-rw-r--r--secure/usr.bin/openssl/man/smime.128
-rw-r--r--secure/usr.bin/openssl/man/speed.122
-rw-r--r--secure/usr.bin/openssl/man/spkac.126
-rw-r--r--secure/usr.bin/openssl/man/ts.154
-rw-r--r--secure/usr.bin/openssl/man/tsget.126
-rw-r--r--secure/usr.bin/openssl/man/verify.124
-rw-r--r--secure/usr.bin/openssl/man/version.122
-rw-r--r--secure/usr.bin/openssl/man/x509.132
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.130
405 files changed, 9584 insertions, 7750 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index cd435524db06..850e13f41c66 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,33 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
+
+ *) 0-byte record padding oracle
+
+ If an application encounters a fatal protocol error and then calls
+ SSL_shutdown() twice (once to send a close_notify, and once to receive one)
+ then OpenSSL can respond differently to the calling application if a 0 byte
+ record is received with invalid padding compared to if a 0 byte record is
+ received with an invalid MAC. If the application then behaves differently
+ based on that in a way that is detectable to the remote peer, then this
+ amounts to a padding oracle that could be used to decrypt data.
+
+ In order for this to be exploitable "non-stitched" ciphersuites must be in
+ use. Stitched ciphersuites are optimised implementations of certain
+ commonly used ciphersuites. Also the application must call SSL_shutdown()
+ twice even if a protocol error has occurred (applications should not do
+ this but some do anyway).
+
+ This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
+ Aviram, with additional investigation by Steven Collison and Andrew
+ Hourselt. It was reported to OpenSSL on 10th December 2018.
+ (CVE-2019-1559)
+ [Matt Caswell]
+
+ *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+ [Richard Levitte]
+
Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
*) Microarchitecture timing vulnerability in ECC scalar multiplication
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
index 8d0b9998738d..2ffb28002ee2 100644
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2q
+VERSION=1.0.2r
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -521,7 +521,7 @@ $(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
- \! -name '.#*' \! -name '*~' \! -type l \
+ \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 89e5271801d8..1d386a47b241 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -519,7 +519,7 @@ $(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
- \! -name '.#*' \! -name '*~' \! -type l \
+ \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 2c7473ab714b..4d4e9df3793b 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
+
+ o 0-byte record padding oracle (CVE-2019-1559)
+
Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018]
o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
diff --git a/crypto/openssl/README b/crypto/openssl/README
index ab31b3824437..8404d214e232 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2q 20 Nov 2018
+ OpenSSL 1.0.2r 26 Feb 2019
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/crypto/asn1/ameth_lib.c b/crypto/openssl/crypto/asn1/ameth_lib.c
index cc8f9a8243e7..d04f7861a1b3 100644
--- a/crypto/openssl/crypto/asn1/ameth_lib.c
+++ b/crypto/openssl/crypto/asn1/ameth_lib.c
@@ -234,6 +234,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{
+ /*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+ if (!((ameth->pem_str == NULL
+ && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
+ || (ameth->pem_str != NULL
+ && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
+ return 0;
+ }
+
if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (!app_methods)
@@ -305,18 +320,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
} else
ameth->info = NULL;
- /*
- * One of the following must be true:
- *
- * pem_str == NULL AND ASN1_PKEY_ALIAS is set
- * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
- *
- * Anything else is an error and may lead to a corrupt ASN1 method table
- */
- if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
- || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
- goto err;
-
if (pem_str) {
ameth->pem_str = BUF_strdup(pem_str);
if (!ameth->pem_str)
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
index bbf906fabba0..024d0cf418b2 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -361,12 +361,16 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
} else
_setmode(fd, _O_BINARY);
}
-# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+# elif defined(OPENSSL_SYS_OS2)
int fd = fileno((FILE *)ptr);
if (num & BIO_FP_TEXT)
setmode(fd, O_TEXT);
else
setmode(fd, O_BINARY);
+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+ int fd = fileno((FILE *)ptr);
+ if (!(num & BIO_FP_TEXT))
+ setmode(fd, O_BINARY);
# endif
}
break;
@@ -389,11 +393,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
}
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2)
if (!(num & BIO_FP_TEXT))
strcat(p, "b");
else
strcat(p, "t");
+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+ if (!(num & BIO_FP_TEXT))
+ strcat(p, "b");
# endif
# if defined(OPENSSL_SYS_NETWARE)
if (!(num & BIO_FP_TEXT))
diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c
index 526c6a046d16..d18eedbd4556 100644
--- a/crypto/openssl/crypto/bn/bn_ctx.c
+++ b/crypto/openssl/crypto/bn/bn_ctx.c
@@ -1,7 +1,7 @@
/* crypto/bn/bn_ctx.c */
/* Written by Ulf Moeller for the OpenSSL project. */
/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -299,6 +299,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
}
/* OK, make sure the returned bignum is "zero" */
BN_zero(ret);
+ /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+ ret->flags &= (~BN_FLG_CONSTTIME);
ctx->used++;
CTXDBG_RET(ctx, ret);
return ret;
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index 9b95e5f2bd92..2a84698af8c1 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -836,6 +836,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
int i;
BN_ULONG aa, bb;
+ if (n == 0)
+ return 0;
+
aa = a[n - 1];
bb = b[n - 1];
if (aa != bb)
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
index abe5dbe0b01a..75aa7075abd5 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -89,6 +89,10 @@
#include <openssl/x509.h>
#include <openssl/err.h>
+#ifndef OSSL_NELEM
+# define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0]))
+#endif
+
const int num0 = 100; /* number of tests */
const int num1 = 50; /* additional tests for some functions */
const int num2 = 5; /* number of tests for slow functions */
@@ -123,6 +127,7 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
int test_kron(BIO *bp, BN_CTX *ctx);
int test_sqrt(BIO *bp, BN_CTX *ctx);
int rand_neg(void);
+static int test_ctx_consttime_flag(void);
static int results = 0;
static unsigned char lst[] =
@@ -330,6 +335,15 @@ int main(int argc, char *argv[])
goto err;
(void)BIO_flush(out);
#endif
+
+ /* silently flush any pre-existing error on the stack */
+ ERR_clear_error();
+
+ message(out, "BN_CTX_get BN_FLG_CONSTTIME");
+ if (!test_ctx_consttime_flag())
+ goto err;
+ (void)BIO_flush(out);
+
BN_CTX_free(ctx);
BIO_free(out);
@@ -2158,3 +2172,90 @@ int rand_neg(void)
return (sign[(neg++) % 8]);
}
+
+static int test_ctx_set_ct_flag(BN_CTX *c)
+{
+ int st = 0;
+ size_t i;
+ BIGNUM *b[15];
+
+ BN_CTX_start(c);
+ for (i = 0; i < OSSL_NELEM(b); i++) {
+ if (NULL == (b[i] = BN_CTX_get(c))) {
+ fprintf(stderr, "ERROR: BN_CTX_get() failed.\n");
+ goto err;
+ }
+ if (i % 2 == 1)
+ BN_set_flags(b[i], BN_FLG_CONSTTIME);
+ }
+
+ st = 1;
+ err:
+ BN_CTX_end(c);
+ return st;
+}
+
+static int test_ctx_check_ct_flag(BN_CTX *c)
+{
+ int st = 0;
+ size_t i;
+ BIGNUM *b[30];
+
+ BN_CTX_start(c);
+ for (i = 0; i < OSSL_NELEM(b); i++) {
+ if (NULL == (b[i] = BN_CTX_get(c))) {
+ fprintf(stderr, "ERROR: BN_CTX_get() failed.\n");
+ goto err;
+ }
+ if (BN_get_flags(b[i], BN_FLG_CONSTTIME) != 0) {
+ fprintf(stderr, "ERROR: BN_FLG_CONSTTIME should not be set.\n");
+ goto err;
+ }
+ }
+
+ st = 1;
+ err:
+ BN_CTX_end(c);
+ return st;
+}
+
+static int test_ctx_consttime_flag(void)
+{
+ /*-
+ * The constant-time flag should not "leak" among BN_CTX frames:
+ *
+ * - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and
+ * sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained
+ * from the frame before ending it.
+ * - test_ctx_check_ct_flag() then starts a new frame and gets a
+ * number of BIGNUMs from it. In absence of leaks, none of the
+ * BIGNUMs in the new frame should have BN_FLG_CONSTTIME set.
+ *
+ * In actual BN_CTX usage inside libcrypto the leak could happen at
+ * any depth level in the BN_CTX stack, with varying results
+ * depending on the patterns of sibling trees of nested function
+ * calls sharing the same BN_CTX object, and the effect of
+ * unintended BN_FLG_CONSTTIME on the called BN_* functions.
+ *
+ * This simple unit test abstracts away this complexity and verifies
+ * that the leak does not happen between two sibling functions
+ * sharing the same BN_CTX object at the same level of nesting.
+ *
+ */
+ BN_CTX *c = NULL;
+ int st = 0;
+
+ if (NULL == (c = BN_CTX_new())) {
+ fprintf(stderr, "ERROR: BN_CTX_new() failed.\n");
+ goto err;
+ }
+
+ if (!test_ctx_set_ct_flag(c)
+ || !test_ctx_check_ct_flag(c))
+ goto err;
+
+ st = 1;
+ err:
+ BN_CTX_free(c);
+ return st;
+}
diff --git a/crypto/openssl/crypto/constant_time_locl.h b/crypto/openssl/crypto/constant_time_locl.h
index c786aea94947..a5734f2fece6 100644
--- a/crypto/openssl/crypto/constant_time_locl.h
+++ b/crypto/openssl/crypto/constant_time_locl.h
@@ -204,6 +204,12 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b)
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
+/*
+ * Expected usage pattern is to unconditionally set error and then
+ * wipe it if there was no actual error. |clear| is 1 or 0.
+ */
+void err_clear_last_constant_time(int clear);
+
#ifdef __cplusplus
}
#endif
diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c
index aa5f3056af77..db7e791bf530 100644
--- a/crypto/openssl/crypto/ec/ec_ameth.c
+++ b/crypto/openssl/crypto/ec/ec_ameth.c
@@ -601,7 +601,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
default:
return -2;
diff --git a/crypto/openssl/crypto/err/Makefile b/crypto/openssl/crypto/err/Makefile
index b6f3ef1778d1..a09312b9f05d 100644
--- a/crypto/openssl/crypto/err/Makefile
+++ b/crypto/openssl/crypto/err/Makefile
@@ -82,7 +82,7 @@ err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err.o: ../cryptlib.h err.c
+err.o: ../constant_time_locl.h ../cryptlib.h err.c
err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index e9ef2156e11f..5ce774a3f567 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -118,6 +118,7 @@
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/err.h>
+#include "constant_time_locl.h"
DECLARE_LHASH_OF(ERR_STRING_DATA);
DECLARE_LHASH_OF(ERR_STATE);
@@ -1156,3 +1157,40 @@ int ERR_pop_to_mark(void)
es->err_flags[es->top] &= ~ERR_FLAG_MARK;
return 1;
}
+
+#ifdef UINTPTR_T
+# undef UINTPTR_T
+#endif
+/*
+ * uintptr_t is the answer, but unformtunately we can't assume that all
+ * compilers supported by 1.0.2 have it :-(
+ */
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
+ * even in 64-bit builds, which means that it won't work as mask.
+ */
+# define UINTPTR_T unsigned long long
+#else
+# define UINTPTR_T size_t
+#endif
+
+void err_clear_last_constant_time(int clear)
+{
+ ERR_STATE *es;
+ int top;
+
+ es = ERR_get_state();
+ if (es == NULL)
+ return;
+
+ top = es->top;
+
+ es->err_flags[top] &= ~(0 - clear);
+ es->err_buffer[top] &= ~(0UL - clear);
+ es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
+ ~((UINTPTR_T)0 - clear));
+ es->err_line[top] |= 0 - clear;
+
+ es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
+}
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index cf1de15e6d03..883a9434899b 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -1489,8 +1489,10 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
# define EVP_F_EVP_DECRYPTFINAL_EX 101
+# define EVP_F_EVP_DECRYPTUPDATE 181
# define EVP_F_EVP_DIGESTINIT_EX 128
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
+# define EVP_F_EVP_ENCRYPTUPDATE 180
# define EVP_F_EVP_MD_CTX_COPY_EX 110
# define EVP_F_EVP_MD_SIZE 162
# define EVP_F_EVP_OPENINIT 102
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index 0c740d167902..c63fb53ac85e 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -317,8 +317,9 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
}
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
+static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
{
int i, j, bl;
@@ -380,6 +381,18 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return 1;
}
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ /* Prevent accidental use of decryption context when encrypting */
+ if (!ctx->encrypt) {
+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
+ return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+}
+
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int ret;
@@ -392,6 +405,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int n, ret;
unsigned int i, b, bl;
+ /* Prevent accidental use of decryption context when encrypting */
+ if (!ctx->encrypt) {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
ret = M_do_cipher(ctx, out, NULL, 0);
if (ret < 0)
@@ -435,6 +454,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
int fix_len;
unsigned int b;
+ /* Prevent accidental use of encryption context when decrypting */
+ if (ctx->encrypt) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
fix_len = M_do_cipher(ctx, out, in, inl);
if (fix_len < 0) {
@@ -451,7 +476,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
}
if (ctx->flags & EVP_CIPH_NO_PADDING)
- return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+ return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
b = ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof(ctx->final));
@@ -463,7 +488,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
} else
fix_len = 0;
- if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+ if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
return 0;
/*
@@ -494,6 +519,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i, n;
unsigned int b;
+
+ /* Prevent accidental use of encryption context when decrypting */
+ if (ctx->encrypt) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+ return 0;
+ }
+
*outl = 0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c
index bcd841eb7792..11647b92c613 100644
--- a/crypto/openssl/crypto/evp/evp_err.c
+++ b/crypto/openssl/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -92,8 +92,10 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
"EVP_CIPHER_CTX_set_key_length"},
{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c
index 97a208302785..28544a61a683 100644
--- a/crypto/openssl/crypto/evp/evp_test.c
+++ b/crypto/openssl/crypto/evp/evp_test.c
@@ -1,6 +1,6 @@
/* Written by Ben Laurie, 2001 */
/*
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -327,7 +327,7 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
ERR_print_errors_fp(stderr);
test1_exit(12);
}
- if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) {
+ if (an && !EVP_DecryptUpdate(&ctx, NULL, &outl, aad, an)) {
fprintf(stderr, "AAD set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(13);
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index 2f26ed9ff466..330aa04e87d9 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1000211fL
+# define OPENSSL_VERSION_NUMBER 0x1000212fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-fips 20 Nov 2018"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2r-fips 26 Feb 2019"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-freebsd 20 Nov 2018"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2r-freebsd 26 Feb 2019"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/openssl/crypto/rsa/Makefile
index 6be73ed187f0..b083e2919096 100644
--- a/crypto/openssl/crypto/rsa/Makefile
+++ b/crypto/openssl/crypto/rsa/Makefile
@@ -153,7 +153,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c
+rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h
+rsa_eay.o: ../cryptlib.h rsa_eay.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -299,7 +300,8 @@ rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_ssl.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+rsa_ssl.o: ../cryptlib.h rsa_ssl.c
rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index be948a4cf8bd..7f20fd6738a7 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -115,6 +115,7 @@
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include "bn_int.h"
+#include "constant_time_locl.h"
#ifndef RSA_NULL
@@ -397,6 +398,11 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA,
+ rsa->n, ctx))
+ goto err;
+
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL) {
@@ -431,11 +437,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
} else
d = rsa->d;
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA,
- rsa->n, ctx))
- goto err;
-
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
rsa->_method_mod_n))
goto err;
@@ -587,8 +588,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
- if (r < 0)
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+ err_clear_last_constant_time(r >= 0);
err:
if (ctx != NULL) {
diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c
index 3fb8f6b33d4b..033ea5a520cb 100644
--- a/crypto/openssl/crypto/rsa/rsa_oaep.c
+++ b/crypto/openssl/crypto/rsa/rsa_oaep.c
@@ -121,7 +121,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const EVP_MD *mgf1md)
{
int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
- unsigned int good, found_one_byte;
+ unsigned int good = 0, found_one_byte, mask;
const unsigned char *maskedseed, *maskeddb;
/*
* |em| is the encoded message, zero-padded to exactly |num| bytes: em =
@@ -148,8 +148,11 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
* the ciphertext, see PKCS #1 v2.2, section 7.1.2.
* This does not leak any side-channel information.
*/
- if (num < flen || num < 2 * mdlen + 2)
- goto decoding_err;
+ if (num < flen || num < 2 * mdlen + 2) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+ RSA_R_OAEP_DECODING_ERROR);
+ return -1;
+ }
dblen = num - mdlen - 1;
db = OPENSSL_malloc(dblen);
@@ -158,26 +161,26 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
goto cleanup;
}
- if (flen != num) {
- em = OPENSSL_malloc(num);
- if (em == NULL) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
- ERR_R_MALLOC_FAILURE);
- goto cleanup;
- }
+ em = OPENSSL_malloc(num);
+ if (em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+ ERR_R_MALLOC_FAILURE);
+ goto cleanup;
+ }
- /*
- * Caller is encouraged to pass zero-padded message created with
- * BN_bn2binpad, but if it doesn't, we do this zero-padding copy
- * to avoid leaking that information. The copy still leaks some
- * side-channel information, but it's impossible to have a fixed
- * memory access pattern since we can't read out of the bounds of
- * |from|.
- */
- memset(em, 0, num);
- memcpy(em + num - flen, from, flen);
- from = em;
+ /*
+ * Caller is encouraged to pass zero-padded message created with
+ * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+ * bounds, it's impossible to have an invariant memory access pattern
+ * in case |from| was not zero-padded in advance.
+ */
+ for (from += flen, em += num, i = 0; i < num; i++) {
+ mask = ~constant_time_is_zero(flen);
+ flen -= 1 & mask;
+ from -= 1 & mask;
+ *--em = *from & mask;
}
+ from = em;
/*
* The first byte must be zero, however we must not leak if this is
@@ -224,37 +227,50 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
* so plaintext-awareness ensures timing side-channels are no longer a
* concern.
*/
- if (!good)
- goto decoding_err;
-
msg_index = one_index + 1;
mlen = dblen - msg_index;
- if (tlen < mlen) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE);
- mlen = -1;
- } else {
- memcpy(to, db + msg_index, mlen);
- goto cleanup;
+ /*
+ * For good measure, do this check in constant tine as well.
+ */
+ good &= constant_time_ge(tlen, mlen);
+
+ /*
+ * Even though we can't fake result's length, we can pretend copying
+ * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen|
+ * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+ * where |mlen'| is "saturated" |mlen| value. Deducing information
+ * about failure or |mlen| would take attacker's ability to observe
+ * memory access pattern with byte granularity *as it occurs*. It
+ * should be noted that failure is indistinguishable from normal
+ * operation if |tlen| is fixed by protocol.
+ */
+ tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen);
+ msg_index = constant_time_select_int(good, msg_index, dblen - tlen);
+ mlen = dblen - msg_index;
+ for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) {
+ unsigned int equals = constant_time_eq(i, mlen);
+
+ from -= dblen & equals; /* if (i == dblen) rewind */
+ mask &= mask ^ equals; /* if (i == dblen) mask = 0 */
+ to[i] = constant_time_select_8(mask, from[i], to[i]);
}
- decoding_err:
/*
* To avoid chosen ciphertext attacks, the error message should not
* reveal which kind of decoding error happened.
*/
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
+ err_clear_last_constant_time(1 & good);
cleanup:
- if (db != NULL) {
- OPENSSL_cleanse(db, dblen);
- OPENSSL_free(db);
- }
- if (em != NULL) {
- OPENSSL_cleanse(em, num);
- OPENSSL_free(em);
- }
- return mlen;
+ OPENSSL_cleanse(seed, sizeof(seed));
+ OPENSSL_cleanse(db, dblen);
+ OPENSSL_free(db);
+ OPENSSL_cleanse(em, num);
+ OPENSSL_free(em);
+
+ return constant_time_select_int(good, mlen, -1);
}
int PKCS1_MGF1(unsigned char *mask, long len,
diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c
index 5d7882a3bfcf..074bc0a93947 100644
--- a/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/crypto/openssl/crypto/rsa/rsa_pk1.c
@@ -207,7 +207,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
int i;
/* |em| is the encoded message, zero-padded to exactly |num| bytes */
unsigned char *em = NULL;
- unsigned int good, found_zero_byte;
+ unsigned int good, found_zero_byte, mask;
int zero_index = 0, msg_index, mlen = -1;
if (tlen < 0 || flen < 0)
@@ -218,40 +218,41 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
* section 7.2.2.
*/
- if (flen > num)
- goto err;
-
- if (num < 11)
- goto err;
+ if (flen > num || num < 11) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+ RSA_R_PKCS_DECODING_ERROR);
+ return -1;
+ }
- if (flen != num) {
- em = OPENSSL_malloc(num);
- if (em == NULL) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- /*
- * Caller is encouraged to pass zero-padded message created with
- * BN_bn2binpad, but if it doesn't, we do this zero-padding copy
- * to avoid leaking that information. The copy still leaks some
- * side-channel information, but it's impossible to have a fixed
- * memory access pattern since we can't read out of the bounds of
- * |from|.
- */
- memset(em, 0, num);
- memcpy(em + num - flen, from, flen);
- from = em;
+ em = OPENSSL_malloc(num);
+ if (em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+ return -1;
}
+ /*
+ * Caller is encouraged to pass zero-padded message created with
+ * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+ * bounds, it's impossible to have an invariant memory access pattern
+ * in case |from| was not zero-padded in advance.
+ */
+ for (from += flen, em += num, i = 0; i < num; i++) {
+ mask = ~constant_time_is_zero(flen);
+ flen -= 1 & mask;
+ from -= 1 & mask;
+ *--em = *from & mask;
+ }
+ from = em;
good = constant_time_is_zero(from[0]);
good &= constant_time_eq(from[1], 2);
+ /* scan over padding data */
found_zero_byte = 0;
for (i = 2; i < num; i++) {
unsigned int equals0 = constant_time_is_zero(from[i]);
- zero_index =
- constant_time_select_int(~found_zero_byte & equals0, i,
- zero_index);
+
+ zero_index = constant_time_select_int(~found_zero_byte & equals0,
+ i, zero_index);
found_zero_byte |= equals0;
}
@@ -260,7 +261,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
* If we never found a 0-byte, then |zero_index| is 0 and the check
* also fails.
*/
- good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+ good &= constant_time_ge(zero_index, 2 + 8);
/*
* Skip the zero byte. This is incorrect if we never found a zero-byte
@@ -270,30 +271,35 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
mlen = num - msg_index;
/*
- * For good measure, do this check in constant time as well; it could
- * leak something if |tlen| was assuming valid padding.
+ * For good measure, do this check in constant time as well.
*/
- good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+ good &= constant_time_ge(tlen, mlen);
/*
- * We can't continue in constant-time because we need to copy the result
- * and we cannot fake its length. This unavoidably leaks timing
- * information at the API boundary.
+ * Even though we can't fake result's length, we can pretend copying
+ * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
+ * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+ * where |mlen'| is "saturated" |mlen| value. Deducing information
+ * about failure or |mlen| would take attacker's ability to observe
+ * memory access pattern with byte granularity *as it occurs*. It
+ * should be noted that failure is indistinguishable from normal
+ * operation if |tlen| is fixed by protocol.
*/
- if (!good) {
- mlen = -1;
- goto err;
+ tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
+ msg_index = constant_time_select_int(good, msg_index, num - tlen);
+ mlen = num - msg_index;
+ for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
+ unsigned int equals = constant_time_eq(i, mlen);
+
+ from -= tlen & equals; /* if (i == mlen) rewind */
+ mask &= mask ^ equals; /* if (i == mlen) mask = 0 */
+ to[i] = constant_time_select_8(mask, from[i], to[i]);
}
- memcpy(to, from + msg_index, mlen);
+ OPENSSL_cleanse(em, num);
+ OPENSSL_free(em);
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
+ err_clear_last_constant_time(1 & good);
- err:
- if (em != NULL) {
- OPENSSL_cleanse(em, num);
- OPENSSL_free(em);
- }
- if (mlen == -1)
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
- RSA_R_PKCS_DECODING_ERROR);
- return mlen;
+ return constant_time_select_int(good, mlen, -1);
}
diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c
index 831f75aaf434..e9a5fe2385b3 100644
--- a/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ssl.c
@@ -61,6 +61,7 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#include "constant_time_locl.h"
int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
const unsigned char *from, int flen)
@@ -101,57 +102,116 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
return (1);
}
+/*
+ * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
+ * preserves error code reporting for backward compatibility.
+ */
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
const unsigned char *from, int flen, int num)
{
- int i, j, k;
- const unsigned char *p;
+ int i;
+ /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+ unsigned char *em = NULL;
+ unsigned int good, found_zero_byte, mask, threes_in_row;
+ int zero_index = 0, msg_index, mlen = -1, err;
- p = from;
if (flen < 10) {
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
return (-1);
}
- /* Accept even zero-padded input */
- if (flen == num) {
- if (*(p++) != 0) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
- return -1;
- }
- flen--;
+
+ em = OPENSSL_malloc(num);
+ if (em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE);
+ return -1;
}
- if ((num != (flen + 1)) || (*(p++) != 02)) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
- return (-1);
+ /*
+ * Caller is encouraged to pass zero-padded message created with
+ * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+ * bounds, it's impossible to have an invariant memory access pattern
+ * in case |from| was not zero-padded in advance.
+ */
+ for (from += flen, em += num, i = 0; i < num; i++) {
+ mask = ~constant_time_is_zero(flen);
+ flen -= 1 & mask;
+ from -= 1 & mask;
+ *--em = *from & mask;
}
+ from = em;
+
+ good = constant_time_is_zero(from[0]);
+ good &= constant_time_eq(from[1], 2);
+ err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02);
+ mask = ~good;
/* scan over padding data */
- j = flen - 1; /* one for type */
- for (i = 0; i < j; i++)
- if (*(p++) == 0)
- break;
-
- if ((i == j) || (i < 8)) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
- RSA_R_NULL_BEFORE_BLOCK_MISSING);
- return (-1);
- }
- for (k = -9; k < -1; k++) {
- if (p[k] != 0x03)
- break;
- }
- if (k == -1) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
- return (-1);
+ found_zero_byte = 0;
+ threes_in_row = 0;
+ for (i = 2; i < num; i++) {
+ unsigned int equals0 = constant_time_is_zero(from[i]);
+
+ zero_index = constant_time_select_int(~found_zero_byte & equals0,
+ i, zero_index);
+ found_zero_byte |= equals0;
+
+ threes_in_row += 1 & ~found_zero_byte;
+ threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3);
}
- i++; /* Skip over the '\0' */
- j -= i;
- if (j > tlen) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
- return (-1);
+ /*
+ * PS must be at least 8 bytes long, and it starts two bytes into |from|.
+ * If we never found a 0-byte, then |zero_index| is 0 and the check
+ * also fails.
+ */
+ good &= constant_time_ge(zero_index, 2 + 8);
+ err = constant_time_select_int(mask | good, err,
+ RSA_R_NULL_BEFORE_BLOCK_MISSING);
+ mask = ~good;
+
+ good &= constant_time_lt(threes_in_row, 8);
+ err = constant_time_select_int(mask | good, err,
+ RSA_R_SSLV3_ROLLBACK_ATTACK);
+ mask = ~good;
+
+ /*
+ * Skip the zero byte. This is incorrect if we never found a zero-byte
+ * but in this case we also do not copy the message out.
+ */
+ msg_index = zero_index + 1;
+ mlen = num - msg_index;
+
+ /*
+ * For good measure, do this check in constant time as well.
+ */
+ good &= constant_time_ge(tlen, mlen);
+ err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
+
+ /*
+ * Even though we can't fake result's length, we can pretend copying
+ * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
+ * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+ * where |mlen'| is "saturated" |mlen| value. Deducing information
+ * about failure or |mlen| would take attacker's ability to observe
+ * memory access pattern with byte granularity *as it occurs*. It
+ * should be noted that failure is indistinguishable from normal
+ * operation if |tlen| is fixed by protocol.
+ */
+ tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
+ msg_index = constant_time_select_int(good, msg_index, num - tlen);
+ mlen = num - msg_index;
+ for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
+ unsigned int equals = constant_time_eq(i, mlen);
+
+ from -= tlen & equals; /* if (i == mlen) rewind */
+ mask &= mask ^ equals; /* if (i == mlen) mask = 0 */
+ to[i] = constant_time_select_8(mask, from[i], to[i]);
}
- memcpy(to, p, (unsigned int)j);
- return (j);
+ OPENSSL_cleanse(em, num);
+ OPENSSL_free(em);
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err);
+ err_clear_last_constant_time(1 & good);
+
+ return constant_time_select_int(good, mlen, -1);
}
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod
index def1d3f72343..4e9655bd1096 100644
--- a/crypto/openssl/doc/apps/ca.pod
+++ b/crypto/openssl/doc/apps/ca.pod
@@ -214,7 +214,7 @@ the section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to B<x509_extensions>
unless the B<-extfile> option is used). If no extension section is
present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created. See the:w
+is present (even if it is empty), then a V3 certificate is created. See the
L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
extension section format.
diff --git a/crypto/openssl/doc/crypto/PKCS12_parse.pod b/crypto/openssl/doc/crypto/PKCS12_parse.pod
index c54cf2ad613e..cd648d39b0d1 100644
--- a/crypto/openssl/doc/crypto/PKCS12_parse.pod
+++ b/crypto/openssl/doc/crypto/PKCS12_parse.pod
@@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure
#include <openssl/pkcs12.h>
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+ STACK_OF(X509) **ca);
=head1 DESCRIPTION
diff --git a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
index f20f815d4786..800e777869f4 100644
--- a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -109,7 +109,12 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
The RSA_padding_check_PKCS1_type_2() padding check leaks timing
information which can potentially be used to mount a Bleichenbacher
padding oracle attack. This is an inherent weakness in the PKCS #1
-v1.5 padding design. Prefer PKCS1_OAEP padding.
+v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can
+be recommended to pass zero-padded B<f>, so that B<fl> equals to
+B<rsa_len>, and if fixed by protocol, B<tlen> being set to the
+expected length. In such case leakage would be minimal, it would
+take attacker's ability to observe memory access pattern with byte
+granilarity as it occurs, post-factum timing analysis won't do.
=head1 SEE ALSO
diff --git a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
index 4716e7ee7542..403725fd48a5 100644
--- a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -44,9 +44,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
used to examine an B<X509_NAME_ENTRY> function as returned by
X509_NAME_get_entry() for example.
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an
-
X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
are seldom used in practice because B<X509_NAME_ENTRY> structures
diff --git a/crypto/openssl/doc/man3/X509_cmp_time.pod b/crypto/openssl/doc/crypto/X509_cmp_time.pod
index 5bf51114511a..f3c0750efe0d 100644
--- a/crypto/openssl/doc/man3/X509_cmp_time.pod
+++ b/crypto/openssl/doc/crypto/X509_cmp_time.pod
@@ -29,7 +29,7 @@ B<cmp_time>, and 1 otherwise. It returns 0 on error.
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/doc/ssl/SSL_get_error.pod b/crypto/openssl/doc/ssl/SSL_get_error.pod
index 2a93894096e7..7537616d475c 100644
--- a/crypto/openssl/doc/ssl/SSL_get_error.pod
+++ b/crypto/openssl/doc/ssl/SSL_get_error.pod
@@ -90,14 +90,17 @@ Details depend on the application.
=item SSL_ERROR_SYSCALL
-Some non-recoverable I/O error occurred.
-The OpenSSL error queue may contain more information on the error.
-For socket I/O on Unix systems, consult B<errno> for details.
+Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
+contain more information on the error. For socket I/O on Unix systems, consult
+B<errno> for details. If this error occurs then no further I/O operations should
+be performed on the connection and SSL_shutdown() must not be called.
=item SSL_ERROR_SSL
-A failure in the SSL library occurred, usually a protocol error. The
-OpenSSL error queue contains more information on the error.
+A non-recoverable, fatal error in the SSL library occurred, usually a protocol
+error. The OpenSSL error queue contains more information on the error. If this
+error occurs then no further I/O operations should be performed on the
+connection and SSL_shutdown() must not be called.
=back
diff --git a/crypto/openssl/doc/ssl/SSL_shutdown.pod b/crypto/openssl/doc/ssl/SSL_shutdown.pod
index efbff5a0a323..e2a776cf1c73 100644
--- a/crypto/openssl/doc/ssl/SSL_shutdown.pod
+++ b/crypto/openssl/doc/ssl/SSL_shutdown.pod
@@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
a currently open session is considered closed and good and will be kept in the
session cache for further reuse.
+Note that SSL_shutdown() must not be called if a previous fatal error has
+occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
+or SSL_ERROR_SSL.
+
The shutdown procedure consists of 2 steps: the sending of the "close notify"
shutdown alert and the reception of the peer's "close notify" shutdown
alert. According to the TLS standard, it is acceptable for an application
diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c
index 23aa9dbce484..c7fe97727bfa 100644
--- a/crypto/openssl/ssl/d1_pkt.c
+++ b/crypto/openssl/ssl/d1_pkt.c
@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index 6527df8ce228..830b7237a2f3 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
* protocol_version alerts */
if (desc < 0)
return -1;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->session_ctx, s->session);
+ /* If a fatal one, remove from cache and go into the error state */
+ if (level == SSL3_AL_FATAL) {
+ if (s->session != NULL)
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
+ }
s->s3->alert_dispatch = 1;
s->s3->send_alert[0] = level;
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index 55f918d10851..8c1f3ae57079 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -3697,6 +3697,12 @@ int tls12_get_sigid(const EVP_PKEY *pk)
sizeof(tls12_sig) / sizeof(tls12_lookup));
}
+static int tls12_get_hash_nid(unsigned char hash_alg)
+{
+ return tls12_find_nid(hash_alg, tls12_md,
+ sizeof(tls12_md) / sizeof(tls12_lookup));
+}
+
const EVP_MD *tls12_get_hash(unsigned char hash_alg)
{
switch (hash_alg) {
@@ -3887,6 +3893,8 @@ int tls1_process_sigalgs(SSL *s)
const EVP_MD *md;
CERT *c = s->cert;
TLS_SIGALGS *sigptr;
+ int mandatory_mdnid;
+
if (!tls1_set_shared_sigalgs(s))
return 0;
@@ -3918,6 +3926,18 @@ int tls1_process_sigalgs(SSL *s)
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++) {
idx = tls12_get_pkey_idx(sigptr->rsign);
+ if (s->cert->pkeys[idx].privatekey) {
+ ERR_set_mark();
+ if (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+ &mandatory_mdnid) == 2 &&
+ mandatory_mdnid != tls12_get_hash_nid(sigptr->rhash))
+ continue;
+ /*
+ * If EVP_PKEY_get_default_digest_nid() failed, don't pollute
+ * the error stack.
+ */
+ ERR_pop_to_mark();
+ }
if (idx > 0 && c->pkeys[idx].digest == NULL) {
md = tls12_get_hash(sigptr->rhash);
c->pkeys[idx].digest = md;
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index e64fd01c14a4..77e3544455c3 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 1.0.2q
-OPENSSL_DATE= 2018-11-20
+OPENSSL_VER= 1.0.2r
+OPENSSL_DATE= 2019-02-26
LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
@@ -64,9 +64,6 @@ MANDIR= ${SHAREDIR}/openssl/man/man
.if defined(LIB)
_docs= ${LIB}
-.if ${LIB} == crypto
-_docs+= man3
-.endif
_skip= SSLeay_version des_modes
_sec= 3
.else
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index f960b15b9842..40a1e5b3e1f0 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,24 +153,24 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an
\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0
.PP
-\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure.
+\&\fBASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure.
.PP
-\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR.
+\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR.
.SH "NOTES"
.IX Header "NOTES"
-Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it
+Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it
is almost never used in applications. The \s-1ASN1\s0 object utility functions
-such as \fIOBJ_nid2obj()\fR are used instead.
+such as \fBOBJ_nid2obj()\fR are used instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3).
+If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3).
Otherwise it returns a pointer to the newly allocated structure.
.PP
-\&\fIASN1_OBJECT_free()\fR returns no value.
+\&\fBASN1_OBJECT_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL.
+\&\fBASN1_OBJECT_new()\fR and \fBASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index 8afa7adc56d2..55309493f856 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ASN1_STRING_length 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,28 +164,28 @@ ASN1_STRING utility functions
.IX Header "DESCRIPTION"
These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated.
.PP
-\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
+\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
.PP
-\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR.
+\&\fBASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR.
Since this is an internal pointer it should \fBnot\fR be freed or
modified in any way.
.PP
-\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR.
+\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR.
.PP
-\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two
+\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two
are identical. The string types and content are compared.
.PP
-\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer
+\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer
\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR
is \-1 then the length is determined by strlen(data).
.PP
-\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants
+\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants
such as \fBV_ASN1_OCTET_STRING\fR.
.PP
-\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the
+\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the
converted data is allocated in a buffer in \fB*out\fR. The length of
\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR
-should be free using \fIOPENSSL_free()\fR.
+should be free using \fBOPENSSL_free()\fR.
.SH "NOTES"
.IX Header "NOTES"
Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR
@@ -195,18 +199,18 @@ These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGE
or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR
utility functions should be used instead.
.PP
-In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
+In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per
character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format.
.PP
Similar care should be take to ensure the data is in the correct format
-when calling \fIASN1_STRING_set()\fR.
+when calling \fBASN1_STRING_set()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index ea388d7861db..4202bb672bc3 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ASN1_STRING_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,26 +152,26 @@ ASN1_STRING allocation functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type
+\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type
is undefined.
.PP
-\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of
+\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of
type \fBtype\fR.
.PP
-\&\fIASN1_STRING_free()\fR frees up \fBa\fR.
+\&\fBASN1_STRING_free()\fR frees up \fBa\fR.
.SH "NOTES"
.IX Header "NOTES"
Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example
-\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
+\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid
+\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid
\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred.
.PP
-\&\fIASN1_STRING_free()\fR does not return a value.
+\&\fBASN1_STRING_free()\fR does not return a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index 350625217488..6530b98b4e4e 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,16 +154,16 @@ ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \- ASN1_STRING
These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to
represent all the \s-1ASN1\s0 string types.
.PP
-\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by
-the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs
+\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by
+the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs
to \fBfp\fR instead.
.PP
-\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
-\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0)
+\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
+\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0)
with '.'.
.SH "NOTES"
.IX Header "NOTES"
-\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications.
+\&\fBASN1_STRING_print()\fR is a legacy function which should be avoided in new applications.
.PP
Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is
suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR.
@@ -194,7 +198,7 @@ all: everything is assumed to be one byte per character. This is primarily for
debugging purposes and can result in confusing output in multi character strings.
.PP
If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out
-before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR.
+before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR.
.PP
The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just
outputs the value of the string using the form #XXXX using hex format for each
@@ -216,8 +220,8 @@ equivalent to:
\s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIASN1_tag2str\fR\|(3)
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBASN1_tag2str\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3
index 6414a09b764d..654379cb31f3 100644
--- a/secure/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TIME_set 3"
-.TH ASN1_TIME_set 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ASN1_TIME_set 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,30 +156,30 @@ ASN1_TIME_print, ASN1_TIME_diff \- ASN.1 Time functions.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The function \fIASN1_TIME_set()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the
+The function \fBASN1_TIME_set()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the
time represented by the time_t value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new \s-1ASN1_TIME\s0
structure is allocated and returned.
.PP
-\&\fIASN1_TIME_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented
+\&\fBASN1_TIME_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented
by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR.
The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a
time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of
seconds in a day. If \fBs\fR is \s-1NULL\s0 a new \s-1ASN1_TIME\s0 structure is allocated
and returned.
.PP
-\&\fIASN1_TIME_set_string()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time
+\&\fBASN1_TIME_set_string()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time
represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 time
format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0).
.PP
-\&\fIASN1_TIME_check()\fR checks the syntax of \s-1ASN1_TIME\s0 structure \fBs\fR.
+\&\fBASN1_TIME_check()\fR checks the syntax of \s-1ASN1_TIME\s0 structure \fBs\fR.
.PP
-\&\fIASN1_TIME_print()\fR prints out the time \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable
+\&\fBASN1_TIME_print()\fR prints out the time \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable
format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example
\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time
structure has invalid format it prints out \*(L"Bad time value\*(R" and returns
an error.
.PP
-\&\fIASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between
+\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between
\&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then
one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR
will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then
@@ -192,21 +196,21 @@ in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else
GeneralizedTime is used.
.PP
The \s-1ASN1_TIME\s0 structure is represented as an \s-1ASN1_STRING\s0 internally and can
-be freed up using \fIASN1_STRING_free()\fR.
+be freed up using \fBASN1_STRING_free()\fR.
.PP
The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt
is made to correct ancient calendar changes (for example from Julian to
Gregorian calendars).
.PP
Some applications add offset times directly to a time_t value and pass the
-results to \fIASN1_TIME_set()\fR (or equivalent). This can cause problems as the
+results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the
time_t value can overflow on some systems resulting in unexpected results.
-New applications should use \fIASN1_TIME_adj()\fR instead and pass the offset value
+New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value
in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly
manipulating a time_t value.
.SH "BUGS"
.IX Header "BUGS"
-\&\fIASN1_TIME_print()\fR currently does not print out the time zone: it either prints
+\&\fBASN1_TIME_print()\fR currently does not print out the time zone: it either prints
out \*(L"\s-1GMT\*(R"\s0 or nothing. But all certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0
anyway.
.SH "EXAMPLES"
@@ -244,17 +248,17 @@ Determine if one time is later or sooner than the current time:
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIASN1_TIME_set()\fR and \fIASN1_TIME_adj()\fR return a pointer to an \s-1ASN1_TIME\s0 structure
+\&\fBASN1_TIME_set()\fR and \fBASN1_TIME_adj()\fR return a pointer to an \s-1ASN1_TIME\s0 structure
or \s-1NULL\s0 if an error occurred.
.PP
-\&\fIASN1_TIME_set_string()\fR returns 1 if the time value is successfully set and
+\&\fBASN1_TIME_set_string()\fR returns 1 if the time value is successfully set and
0 otherwise.
.PP
-\&\fIASN1_TIME_check()\fR returns 1 if the structure is syntactically correct and 0
+\&\fBASN1_TIME_check()\fR returns 1 if the structure is syntactically correct and 0
otherwise.
.PP
-\&\fIASN1_TIME_print()\fR returns 1 if the time is successfully printed out and 0 if
+\&\fBASN1_TIME_print()\fR returns 1 if the time is successfully printed out and 0 if
an error occurred (I/O error or invalid time format).
.PP
-\&\fIASN1_TIME_diff()\fR returns 1 for sucess and 0 for failure. It can fail if the
+\&\fBASN1_TIME_diff()\fR returns 1 for sucess and 0 for failure. It can fail if the
pass \s-1ASN1_TIME\s0 structure has invalid syntax for example.
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index 9e3d04f47c22..aa0a7dbf753c 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -360,13 +364,13 @@ structure:
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded
+\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded
data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred.
.PP
-The error codes that can be obtained by \fIERR_get_error\fR\|(3).
+The error codes that can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR were added to OpenSSL 0.9.8
+\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR were added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index cf4ec2cfaeea..f3032d13720a 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_ctrl 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +172,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BIO control operations
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR
+\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR
are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types.
These functions are not normally called directly, various macros
are used instead. The standard macros are described below, macros
@@ -176,82 +180,82 @@ specific to a particular type of \s-1BIO\s0 are described in the specific
BIOs manual page as well as any special features of the standard
calls.
.PP
-\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case
+\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case
of file related BIOs for example it rewinds the file pointer to the
start of the file.
.PP
-\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
+\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file.
.PP
-\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0
+\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0
.PP
-\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some
+\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some
cases it is used to signal \s-1EOF\s0 and that no more data will be written.
.PP
-\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
+\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type.
.PP
-\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
+\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used
in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should
be closed when the \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_get_close()\fR returns the BIOs close flag.
+\&\fBBIO_get_close()\fR returns the BIOs close flag.
.PP
-\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
+\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR
return the number of pending characters in the BIOs read and write buffers.
-Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR
-return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are
-macros which call \fIBIO_ctrl()\fR.
+Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR
+return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are
+macros which call \fBBIO_ctrl()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File
+\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File
BIOs are an exception, they return 0 for success and \-1 for failure.
.PP
-\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success
-and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0
+\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success
+and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0
for success and \-1 for failure.
.PP
-\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure.
+\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure.
.PP
-\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise.
+\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise.
.PP
-\&\fIBIO_set_close()\fR always returns 1.
+\&\fBBIO_set_close()\fR always returns 1.
.PP
-\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
+\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
.PP
-\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
+\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR
return the amount of pending data.
.SH "NOTES"
.IX Header "NOTES"
-\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating
-that the call should be retried later in a similar manner to \fIBIO_write()\fR.
-The \fIBIO_should_retry()\fR call should be used and appropriate action taken
+\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating
+that the call should be retried later in a similar manner to \fBBIO_write()\fR.
+The \fBBIO_should_retry()\fR call should be used and appropriate action taken
is the call fails.
.PP
-The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably
+The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably
determine the amount of pending data in all cases. For example in the
case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures
internal buffers but it is not possible to determine this in a
portably way. For other types of \s-1BIO\s0 they may not be supported.
.PP
-Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR
+Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR
operation usually pass the operation to the next \s-1BIO\s0 in the chain.
This often means there is no need to locate the required \s-1BIO\s0 for
a particular operation, it can be called on a chain and it will
be automatically passed to the relevant \s-1BIO.\s0 However this can cause
unexpected results: for example no current filter BIOs implement
-\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
+\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
or file descriptor \s-1BIO.\s0
.PP
-Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR
+Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR
operation.
.SH "BUGS"
.IX Header "BUGS"
Some of the return values are ambiguous and care should be taken. In
particular a return value of 0 can be returned if an operation is not
supported, if an error occurred, if \s-1EOF\s0 has not been reached and in
-the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation.
+the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index 5e3f08671e57..45c6ffdbd1a3 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_f_base64 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,17 +150,17 @@ BIO_f_base64 \- base64 BIO filter
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter
+\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter
\&\s-1BIO\s0 that base64 encodes any data written through it and decodes
any data read through it.
.PP
-Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
+Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR.
.PP
-\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
+\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
used to signal that no more data is to be encoded: this is used
to flush the final block through the \s-1BIO.\s0
.PP
-The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR
+The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR
to encode the data all on one line or expect the data to be all
on one line.
.SH "NOTES"
@@ -165,7 +169,7 @@ Because of the format of base64 encoding the end of the encoded
block cannot always be reliably determined.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method.
+\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Base64 encode the string \*(L"Hello World\en\*(R" and write the result
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index 4f679f1b7818..e2ccb87e9ef9 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_f_buffer 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,54 +155,54 @@ BIO_f_buffer \- buffering BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
+\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
.PP
Data written to a buffering \s-1BIO\s0 is buffered and periodically written
to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from
an internal buffer which is filled from the next \s-1BIO\s0 in the chain.
-Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported.
+Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported.
.PP
-Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data.
+Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data.
.PP
-\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered.
+\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered.
.PP
-\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
+\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR
set the read, write or both read and write buffer sizes to \fBsize\fR. The initial
buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the
buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared
when the buffer is resized.
.PP
-\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR
+\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR
bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer
is expanded.
.SH "NOTES"
.IX Header "NOTES"
-Buffering BIOs implement \fIBIO_gets()\fR by using \fIBIO_read()\fR operations on the
+Buffering BIOs implement \fBBIO_gets()\fR by using \fBBIO_read()\fR operations on the
next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore
-possible to provide \fIBIO_gets()\fR functionality if the following BIOs do not
+possible to provide \fBBIO_gets()\fR functionality if the following BIOs do not
support it (for example \s-1SSL\s0 BIOs).
.PP
Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills
-or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR
+or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR
whenever any pending data should be written such as when removing a buffering
-\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate
+\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate
source/sink \s-1BIO\s0 is non blocking.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
+\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
.PP
-\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0).
+\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0).
.PP
-\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
+\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR
return 1 if the buffer was successfully resized or 0 for failure.
.PP
-\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if
+\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if
there was an error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\s-1\fIBIO\s0\fR\|(3),
-\&\fIBIO_reset\fR\|(3),
-\&\fIBIO_flush\fR\|(3),
-\&\fIBIO_pop\fR\|(3),
-\&\fIBIO_ctrl\fR\|(3),
-\&\fIBIO_int_ctrl\fR\|(3)
+\&\s-1\fBBIO\s0\fR\|(3),
+\&\fBBIO_reset\fR\|(3),
+\&\fBBIO_flush\fR\|(3),
+\&\fBBIO_pop\fR\|(3),
+\&\fBBIO_ctrl\fR\|(3),
+\&\fBBIO_int_ctrl\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index 7a99d46d2ff3..881cd5d86b38 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_f_cipher 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,53 +154,53 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- ciphe
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter
+\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter
\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data
read from it. It is a \s-1BIO\s0 wrapper for the cipher routines
-\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR.
+\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR.
.PP
-Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
+Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR.
.PP
-\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
+\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
used to signal that no more data is to be encrypted: this is used
to flush and possibly pad the final block through the \s-1BIO.\s0
.PP
-\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
+\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
decryption.
.PP
When reading from an encryption \s-1BIO\s0 the final block is automatically
-decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR
-is a \fIBIO_ctrl()\fR macro which can be called to determine whether the
+decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR
+is a \fBBIO_ctrl()\fR macro which can be called to determine whether the
decryption operation was successful.
.PP
-\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal
+\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal
\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction
with the standard cipher routines to set it up. This is useful when
-\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs.
+\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs.
.SH "NOTES"
.IX Header "NOTES"
-When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block
+When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block
through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent
decrypt.
.PP
When decrypting an error on the final block is signalled by a zero
return value from the read operation. A successful decrypt followed
-by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR
+by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR
should be called to determine if the decrypt was successful.
.PP
-As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can
+As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can
be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
+\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
.PP
-\&\fIBIO_set_cipher()\fR does not return a value.
+\&\fBBIO_set_cipher()\fR does not return a value.
.PP
-\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0
+\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0
for failure.
.PP
-\&\fIBIO_get_cipher_ctx()\fR currently always returns 1.
+\&\fBBIO_get_cipher_ctx()\fR currently always returns 1.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index bea60841f491..1d9b66ed4ebb 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_f_md 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,57 +153,57 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter
+\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter
\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper
-for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR
-and \fIEVP_DigestFinal()\fR.
+for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR
+and \fBEVP_DigestFinal()\fR.
.PP
-Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and
-\&\fIBIO_write()\fR is digested.
+Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read()\fR and
+\&\fBBIO_write()\fR is digested.
.PP
-\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the
-digest calculation and returns the digest value. \fIBIO_puts()\fR is
+\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the
+digest calculation and returns the digest value. \fBBIO_puts()\fR is
not supported.
.PP
-\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
+\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
.PP
-\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
+\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
must be called to initialize a digest \s-1BIO\s0 before any data is
-passed through it. It is a \fIBIO_ctrl()\fR macro.
+passed through it. It is a \fBBIO_ctrl()\fR macro.
.PP
-\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method
-in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro.
+\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method
+in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro.
.PP
-\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR.
+\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR.
.SH "NOTES"
.IX Header "NOTES"
-The context returned by \fIBIO_get_md_ctx()\fR can be used in calls
-to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR
-and \fIEVP_VerifyFinal()\fR.
+The context returned by \fBBIO_get_md_ctx()\fR can be used in calls
+to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR
+and \fBEVP_VerifyFinal()\fR.
.PP
-The context returned by \fIBIO_get_md_ctx()\fR is an internal context
+The context returned by \fBBIO_get_md_ctx()\fR is an internal context
structure. Changes made to this context will affect the digest
\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest
\&\s-1BIO\s0 is freed.
.PP
After the digest has been retrieved from a digest \s-1BIO\s0 it must be
-reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more
+reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more
data is passed through it.
.PP
-If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through
+If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through
a chain containing digest BIOs then this can be done by prepending
a buffering \s-1BIO.\s0
.PP
-Before OpenSSL 1.0.0 the call to \fIBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0
-had been initialized for example by calling \fIBIO_set_md()\fR ). In OpenSSL
+Before OpenSSL 1.0.0 the call to \fBBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0
+had been initialized for example by calling \fBBIO_set_md()\fR ). In OpenSSL
1.0.0 and later the context is always returned and the \s-1BIO\s0 is state is set
to initialized. This allows applications to initialize the context externally
-if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible.
+if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
+\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
.PP
-\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and
+\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and
0 for failure.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
@@ -268,11 +272,11 @@ outputs them. This could be used with the examples above.
.Ve
.SH "BUGS"
.IX Header "BUGS"
-The lack of support for \fIBIO_puts()\fR and the non standard behaviour of
-\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR
-and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest
+The lack of support for \fBBIO_puts()\fR and the non standard behaviour of
+\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR
+and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest
the data passed through and that digests should be retrieved using a
-separate \fIBIO_ctrl()\fR call.
+separate \fBBIO_ctrl()\fR call.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index fdf7d4518fab..581dd4783796 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_f_null 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +149,7 @@ BIO_f_null \- null filter
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0
+\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0
that does nothing.
.PP
All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in
@@ -156,7 +160,7 @@ behaves just as though the \s-1BIO\s0 was not there.
As may be apparent a null filter \s-1BIO\s0 is not particularly useful.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method.
+\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index f7364a2ddfd2..f5cf4f7d109a 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_f_ssl 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -167,7 +171,7 @@ BIO_ssl_shutdown \- SSL BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
+\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
\&\s-1SSL I/O.\s0
.PP
@@ -175,63 +179,63 @@ I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol wi
the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
then an attempt is made to establish one on the first I/O call.
.PP
-If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically
+If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically
used as the \s-1SSL\s0 BIOs read and write BIOs.
.PP
-Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
-by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
+Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
+by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
the chain: this will typically disconnect the underlying transport.
The \s-1SSL BIO\s0 is then reset to the initial accept or connect state.
.PP
If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal
-\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
+\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR.
.PP
-\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
+\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
the close flag \fBc\fR.
.PP
-\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
+\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
manipulated using the standard \s-1SSL\s0 library functions.
.PP
-\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
+\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
is 1 client mode is set. If \fBclient\fR is 0 server mode is set.
.PP
-\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
+\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write)
the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at
least 512 bytes.
.PP
-\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to
+\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to
\&\fBseconds\fR. When the renegotiate timeout elapses the session is
automatically renegotiated.
.PP
-\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
+\&\fBBIO_get_num_renegotiates()\fR returns the total number of session
renegotiations due to I/O or timeout.
.PP
-\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
+\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
client mode if \fBclient\fR is non zero.
.PP
-\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
+\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0
.PP
-\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
+\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect
\&\s-1BIO.\s0
.PP
-\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
+\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the
-\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on
+\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on
the internal \s-1SSL\s0 pointer.
.PP
-\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
+\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the
-chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0
+chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0
pointer.
.PP
-\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the
+\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the
supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
-call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
+call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs
to determine if the call should be retried. If an \s-1SSL\s0 connection has
already been established this call has no effect.
.SH "NOTES"
@@ -239,7 +243,7 @@ already been established this call has no effect.
\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport
is non blocking they can still request a retry in exceptional
circumstances. Specifically this will happen if a session
-renegotiation takes place during a \fIBIO_read()\fR operation, one
+renegotiation takes place during a \fBBIO_read()\fR operation, one
case where this happens is when step up occurs.
.PP
In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be
@@ -247,12 +251,12 @@ set to disable this behaviour. That is when this flag is set
an \s-1SSL BIO\s0 using a blocking transport will never request a
retry.
.PP
-Since unknown \fIBIO_ctrl()\fR operations are sent through filter
-BIOs the servers name and port can be set using \fIBIO_set_host()\fR
-on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having
+Since unknown \fBBIO_ctrl()\fR operations are sent through filter
+BIOs the servers name and port can be set using \fBBIO_set_host()\fR
+on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having
to locate the connect \s-1BIO\s0 first.
.PP
-Applications do not have to call \fIBIO_do_handshake()\fR but may wish
+Applications do not have to call \fBBIO_do_handshake()\fR but may wish
to do so to separate the handshake process from other I/O
processing.
.SH "RETURN VALUES"
@@ -262,7 +266,7 @@ processing.
.IX Header "EXAMPLE"
This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an
\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the
-unencrypted example in \fIBIO_s_connect\fR\|(3).
+unencrypted example in \fBBIO_s_connect\fR\|(3).
.PP
.Vb 5
\& BIO *sbio, *out;
@@ -443,7 +447,7 @@ a client and also echoes the request to standard output.
.Ve
.SH "BUGS"
.IX Header "BUGS"
-In OpenSSL versions before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly,
+In OpenSSL versions before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly,
the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of
decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not
explicitly being popped (e.g. a pop higher up the chain). Applications which
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index 865c19316d24..67fd5a501ff9 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_find_type 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,31 +177,31 @@ BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
+The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as
\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is
-searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
+searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
found.
.PP
Note: not all the \fBBIO_TYPE_*\fR types above have corresponding \s-1BIO\s0 implementations.
.PP
-\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs
-in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a
+\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs
+in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a
certain type.
.PP
-\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0
+\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
+\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
.PP
-\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
+\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
.PP
-\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
+\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
.SH "NOTES"
.IX Header "NOTES"
-\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0
-chain or find multiple matches using \fIBIO_find_type()\fR. Previous versions had to
+\&\fBBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0
+chain or find multiple matches using \fBBIO_find_type()\fR. Previous versions had to
use:
.PP
.Vb 1
@@ -205,7 +209,7 @@ use:
.Ve
.SH "BUGS"
.IX Header "BUGS"
-\&\fIBIO_find_type()\fR in OpenSSL 0.9.5a and earlier could not be safely passed a
+\&\fBBIO_find_type()\fR in OpenSSL 0.9.5a and earlier could not be safely passed a
\&\s-1NULL\s0 pointer for the \fBb\fR argument.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index e8de943dbef1..ac54a43d4684 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new 3"
-.TH BIO_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,35 +153,35 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- BIO allocation and freein
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
+The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
.PP
-\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO.\s0
+\&\fBBIO_set()\fR sets the method of an already existing \s-1BIO.\s0
.PP
-\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
-but it does not return a value. Calling \fIBIO_free()\fR may also have some effect
+\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0
+but it does not return a value. Calling \fBBIO_free()\fR may also have some effect
on the underlying I/O structure, for example it may close the file being
referred to under certain circumstances. For more details see the individual
\&\s-1BIO_METHOD\s0 descriptions.
.PP
-\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error
+\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error
occurs freeing up an individual \s-1BIO\s0 in the chain.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails.
+\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails.
.PP
-\&\fIBIO_set()\fR, \fIBIO_free()\fR return 1 for success and 0 for failure.
+\&\fBBIO_set()\fR, \fBBIO_free()\fR return 1 for success and 0 for failure.
.PP
-\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values.
+\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values.
.SH "NOTES"
.IX Header "NOTES"
Some BIOs (such as memory BIOs) can be used immediately after calling
-\&\fIBIO_new()\fR. Others (such as file BIOs) need some additional initialization,
+\&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization,
and frequently a utility function exists to create and initialize such BIOs.
.PP
-If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting
+If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting
in a memory leak.
.PP
-Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR
+Calling \fBBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR
on it other than the discarded return value.
.PP
Normally the \fBtype\fR argument is supplied by a function which returns a
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
index 891e7e1d67c2..af20ea6eb890 100644
--- a/secure/lib/libcrypto/man/BIO_new_CMS.3
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new_CMS 3"
-.TH BIO_new_CMS 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_new_CMS 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output
+\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output
of the filter is written to \fBout\fR. Any data written to the chain is
automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type.
.SH "NOTES"
@@ -155,15 +159,15 @@ automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appr
The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It
supports non blocking I/O. Content is processed and streamed on the fly and not
all held in memory at once: so it is possible to encode very large structures.
-After all content has been written through the chain \fIBIO_flush()\fR must be called
+After all content has been written through the chain \fBBIO_flush()\fR must be called
to finalise the structure.
.PP
The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR
parameter of the \fBcms\fR creation function.
.PP
If an application wishes to write additional data to \fBout\fR BIOs should be
-removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR
-is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be
+removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR
+is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be
called to free up the whole chain.
.PP
Any content written through the filter is used verbatim: no canonical
@@ -176,19 +180,19 @@ structures.
.PP
Large numbers of small writes through the chain should be avoided as this will
produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending
-a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this.
+a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this.
.SH "BUGS"
.IX Header "BUGS"
There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode
a \s-1CMS\s0 structure on the fly.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_encrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBIO_new_CMS()\fR was added to OpenSSL 1.0.0
+\&\fBBIO_new_CMS()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index 1767c4defd57..e99dc6d34f44 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_push 3"
-.TH BIO_push 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_push 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,20 +150,20 @@ BIO_push, BIO_pop \- add and remove BIOs from a chain.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
+The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
\&\fBb\fR.
.PP
-\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
+\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then
becomes a single \s-1BIO\s0 with no association with the original chain,
it can thus be freed or attached to a different chain.
.SH "NOTES"
.IX Header "NOTES"
-The names of these functions are perhaps a little misleading. \fIBIO_push()\fR
-joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain,
+The names of these functions are perhaps a little misleading. \fBBIO_push()\fR
+joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain,
the deleted \s-1BIO\s0 does not need to be at the end of a chain.
.PP
-The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional
+The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional
consequences (a control call is made to the affected BIOs) any effects will
be noted in the descriptions of individual BIOs.
.SH "EXAMPLES"
@@ -195,9 +199,9 @@ The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data
be written to \fBmd1\fR as before.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR.
+\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR.
.PP
-\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
+\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
\&\s-1BIO.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index 67985fe04d2e..ad220414c05c 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_read 3"
-.TH BIO_read 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_read 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,18 +152,18 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
+\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
the data in \fBbuf\fR.
.PP
-\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
+\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
in \fBbuf\fR. Usually this operation will attempt to read a line of data
from the \s-1BIO\s0 of maximum length \fBlen\fR. There are exceptions to this
-however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
-return the digest and other BIOs may not support \fIBIO_gets()\fR at all.
+however, for example \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
+return the digest and other BIOs may not support \fBBIO_gets()\fR at all.
.PP
-\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
.PP
-\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+\&\fBBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
All these functions return either the amount of data successfully read or
@@ -174,23 +178,23 @@ it may merely be an indication that no data is currently available and that
the application should retry the operation later.
.PP
One technique sometimes used with blocking sockets is to use a system call
-(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available
-and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call
-\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to
-read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR
+(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available
+and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call
+\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to
+read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR
can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying
-I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent)
+I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent)
should be combined with non blocking I/O so successive reads will request
a retry instead of blocking.
.PP
-See \fIBIO_should_retry\fR\|(3) for details of how to
+See \fBBIO_should_retry\fR\|(3) for details of how to
determine the cause of a retry and other I/O issues.
.PP
-If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
-work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3)
+If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
+work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3)
to the chain.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIBIO_should_retry\fR\|(3)
+\&\fBBIO_should_retry\fR\|(3)
.PP
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index 0ba70595ca63..b86b1fa5bb78 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_accept 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,7 +168,7 @@ BIO_get_bind_mode, BIO_do_accept \- accept BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper
+\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper
round the platform's \s-1TCP/IP\s0 socket accept routines.
.PP
Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data
@@ -176,43 +180,43 @@ on the underlying connection. If no connection is established
and the port (see below) is set up properly then the \s-1BIO\s0
waits for an incoming connection.
.PP
-Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR.
+Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR.
.PP
If the close flag is set on an accept \s-1BIO\s0 then any active
connection on that chain is shutdown and the socket closed when
the \s-1BIO\s0 is freed.
.PP
-Calling \fIBIO_reset()\fR on a accept \s-1BIO\s0 will close any active
+Calling \fBBIO_reset()\fR on a accept \s-1BIO\s0 will close any active
connection and reset the \s-1BIO\s0 into a state where it awaits another
incoming connection.
.PP
-\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set
-the accept socket. See \fIBIO_s_fd\fR\|(3)
+\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set
+the accept socket. See \fBBIO_s_fd\fR\|(3)
.PP
-\&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept
+\&\fBBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept
port. The port is represented as a string of the form \*(L"host:port\*(R",
where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port.
The host can be can be \*(L"*\*(R" which is interpreted as meaning
any interface; \*(L"port\*(R" has the same syntax
-as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs,
+as the port specified in \fBBIO_set_conn_port()\fR for connect BIOs,
that is it can be a numerical port string or a string to lookup
-using \fIgetservbyname()\fR and a string table.
+using \fBgetservbyname()\fR and a string table.
.PP
-\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_port()\fR into
+\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_port()\fR into
a single call: that is it creates a new accept \s-1BIO\s0 with port
\&\fBhost_port\fR.
.PP
-\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode
+\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode
(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1.
.PP
-\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
+\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
will be duplicated and prepended to the chain when an incoming
connection is received. This is useful if, for example, a
buffering or \s-1SSL BIO\s0 is required for each connection. The
chain of BIOs must not be freed after this call, they will
be automatically freed when the accept \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve
+\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve
the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set
then another socket cannot be bound to the same port. If
\&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the
@@ -221,10 +225,10 @@ attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails
and the port is not in use then a second attempt is made
using \s-1BIO_BIND_REUSEADDR.\s0
.PP
-\&\fIBIO_do_accept()\fR serves two functions. When it is first
+\&\fBBIO_do_accept()\fR serves two functions. When it is first
called, after the accept \s-1BIO\s0 has been setup, it will attempt
to create the accept socket and bind an address to it. Second
-and subsequent calls to \fIBIO_do_accept()\fR will await an incoming
+and subsequent calls to \fBBIO_do_accept()\fR will await an incoming
connection, or request a retry in non blocking mode.
.SH "NOTES"
.IX Header "NOTES"
@@ -239,7 +243,7 @@ accept\->socket. This effectively means that attempting I/O on
an initial accept socket will await an incoming connection then
perform I/O on it.
.PP
-If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR
+If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR
then they are placed between the socket and the accept \s-1BIO,\s0
that is the chain will be accept\->otherbios\->socket.
.PP
@@ -256,24 +260,24 @@ After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently
established connection and \fBaccept\fR will now be a single \s-1BIO\s0
again which can be used to await further incoming connections.
If no further connections will be accepted the \fBaccept\fR can
-be freed using \fIBIO_free()\fR.
+be freed using \fBBIO_free()\fR.
.PP
If only a single connection will be processed it is possible to
perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable
however because the accept \s-1BIO\s0 will still accept additional incoming
-connections. This can be resolved by using \fIBIO_pop()\fR (see above)
+connections. This can be resolved by using \fBBIO_pop()\fR (see above)
and freeing up the accept \s-1BIO\s0 after the initial connection.
.PP
-If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is
+If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is
called to await an incoming connection it is possible for
-\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens
+\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens
then it is an indication that an accept attempt would block: the application
should take appropriate action to wait until the underlying socket has
accepted a connection and retry the call.
.PP
-\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR,
-\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and
-\&\fIBIO_do_accept()\fR are macros.
+\&\fBBIO_set_accept_port()\fR, \fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR,
+\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and
+\&\fBBIO_do_accept()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index 103f3b3ffc3a..a3653c32e977 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_bio 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,7 +170,7 @@ BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink
+\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink
BIOs where data written to either half of the pair is buffered and can be read from
the other half. Both halves must usually by handled by the same application thread
since no locking is done on the internal data structures.
@@ -179,47 +183,47 @@ One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under applica
can be used when the application wishes to use a non standard transport for
\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate.
.PP
-Calls to \fIBIO_read()\fR will read data from the buffer or request a retry if no
+Calls to \fBBIO_read()\fR will read data from the buffer or request a retry if no
data is available.
.PP
-Calls to \fIBIO_write()\fR will place data in the buffer or request a retry if the
+Calls to \fBBIO_write()\fR will place data in the buffer or request a retry if the
buffer is full.
.PP
-The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to
+The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to
determine the amount of pending data in the read or write buffer.
.PP
-\&\fIBIO_reset()\fR clears any data in the write buffer.
+\&\fBBIO_reset()\fR clears any data in the write buffer.
.PP
-\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair.
+\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair.
.PP
-\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
+\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
up any half of the pair will automatically destroy the association.
.PP
-\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
+\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other
half of the pair will return any pending data or \s-1EOF\s0 when all pending data has
been read.
.PP
-\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
+\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
If the size is not initialized a default value is used. This is currently
17K, sufficient for a maximum size \s-1TLS\s0 record.
.PP
-\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer.
+\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer.
.PP
-\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and
-\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
+\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and
+\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is
-zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether
+zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether
\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten,
-\&\fIBIO_free()\fR is not called.
+\&\fBBIO_free()\fR is not called.
.PP
-\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum
+\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum
length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this
-value will return a value from \fIBIO_write()\fR less than the amount requested or if the
-buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function
-whereas \fIBIO_get_write_guarantee()\fR is a macro.
+value will return a value from \fBBIO_write()\fR less than the amount requested or if the
+buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a function
+whereas \fBBIO_get_write_guarantee()\fR is a macro.
.PP
-\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the
+\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the
amount of data requested, or the buffer size if it is less, if the
last read attempt at the other half of the \s-1BIO\s0 pair failed due to an
empty buffer. This can be used to determine how much data should be
@@ -228,35 +232,35 @@ in \s-1TLS/SSL\s0 applications where the amount of data read is usually
meaningful rather than just a buffer size. After a successful read
this call will return zero. It also will return zero once new data
has been written satisfying the read request or part of it.
-Note that \fIBIO_get_read_request()\fR never returns an amount larger
-than that returned by \fIBIO_get_write_guarantee()\fR.
+Note that \fBBIO_get_read_request()\fR never returns an amount larger
+than that returned by \fBBIO_get_write_guarantee()\fR.
.PP
-\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by
-\&\fIBIO_get_read_request()\fR to zero.
+\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by
+\&\fBBIO_get_read_request()\fR to zero.
.SH "NOTES"
.IX Header "NOTES"
Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit
-freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed.
+freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed.
.PP
When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to
-flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR
+flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR
on the other half of the pair and, if any data is pending, reading it and sending
it to the underlying transport. This must be done before any normal processing
-(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true.
+(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true.
.PP
To see why this is important consider a case where a request is sent using
-\&\fIBIO_write()\fR and a response read with \fIBIO_read()\fR, this can occur during an
-\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write()\fR will succeed and place data in the write
-buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be true. If
+\&\fBBIO_write()\fR and a response read with \fBBIO_read()\fR, this can occur during an
+\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write()\fR will succeed and place data in the write
+buffer. \fBBIO_read()\fR will initially fail and \fBBIO_should_read()\fR will be true. If
the application then waits for data to be available on the underlying transport
before flushing the write buffer it will never succeed because the request was
never sent!
.PP
-\&\fIBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been
+\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been
shutdown.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in
+\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in
\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the
locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information.
.PP
@@ -264,7 +268,7 @@ locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more informat
.SH "EXAMPLE"
.IX Header "EXAMPLE"
The \s-1BIO\s0 pair can be used to have full control over the network access of an
-application. The application can call \fIselect()\fR on the socket as required
+application. The application can call \fBselect()\fR on the socket as required
without having to go through the SSL-interface.
.PP
.Vb 6
@@ -296,18 +300,18 @@ connection, it behaves non-blocking and will return as soon as the write
buffer is full or the read buffer is drained. Then the application has to
flush the write buffer and/or fill the read buffer.
.PP
-Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
-and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to
+Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
+and must be transfered to the network. Use \fBBIO_ctrl_get_read_request()\fR to
find out, how many bytes must be written into the buffer before the
-\&\fISSL_operation()\fR can successfully be continued.
+\&\fBSSL_operation()\fR can successfully be continued.
.SH "WARNING"
.IX Header "WARNING"
-As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0
+As the data is buffered, \fBSSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0
condition, but there is still data in the write buffer. An application must
-not rely on the error value of \fISSL_operation()\fR but must assure that the
+not rely on the error value of \fBSSL_operation()\fR but must assure that the
write buffer is always flushed first. Otherwise a deadlock may occur as
the peer might be waiting for the data before being able to continue.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3),
-\&\fIBIO_should_retry\fR\|(3), \fIBIO_read\fR\|(3)
+\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(3), \fBbio\fR\|(3),
+\&\fBBIO_should_retry\fR\|(3), \fBBIO_read\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index 6d38e4cb4ba5..097e418d62ac 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_connect 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,7 +167,7 @@ BIO_set_nbio, BIO_do_connect \- connect BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper
+\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper
round the platform's \s-1TCP/IP\s0 socket connection routines.
.PP
Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data
@@ -175,60 +179,60 @@ on the underlying connection. If no connection is established
and the port and hostname (see below) is set up properly then
a connection is established first.
.PP
-Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR.
+Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR.
.PP
If the close flag is set on a connect \s-1BIO\s0 then any active
connection is shutdown and the socket closed when the \s-1BIO\s0
is freed.
.PP
-Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active
+Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active
connection and reset the \s-1BIO\s0 into a state where it can connect
to the same host again.
.PP
-\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0
+\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0
it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of
type (int *).
.PP
-\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname.
+\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname.
The hostname can be an \s-1IP\s0 address. The hostname can also include the
port in the form hostname:port . It is also acceptable to use the
form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R".
.PP
-\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the
+\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the
numerical form or a string such as \*(L"http\*(R". A string will be looked
-up first using \fIgetservbyname()\fR on the host platform but if that
+up first using \fBgetservbyname()\fR on the host platform but if that
fails a standard table of port names will be used. Currently the
list is http, telnet, socks, https, ssl, ftp, gopher and wais.
.PP
-\&\fIBIO_set_conn_ip()\fR sets the \s-1IP\s0 address to \fBip\fR using binary form,
+\&\fBBIO_set_conn_ip()\fR sets the \s-1IP\s0 address to \fBip\fR using binary form,
that is four bytes specifying the \s-1IP\s0 address in big-endian form.
.PP
-\&\fIBIO_set_conn_int_port()\fR sets the port using \fBport\fR. \fBport\fR should
+\&\fBBIO_set_conn_int_port()\fR sets the port using \fBport\fR. \fBport\fR should
be of type (int *).
.PP
-\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or
+\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or
\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set.
This return value is an internal pointer which should not be modified.
.PP
-\&\fIBIO_get_conn_port()\fR returns the port as a string.
+\&\fBBIO_get_conn_port()\fR returns the port as a string.
.PP
-\&\fIBIO_get_conn_ip()\fR returns the \s-1IP\s0 address in binary form.
+\&\fBBIO_get_conn_ip()\fR returns the \s-1IP\s0 address in binary form.
.PP
-\&\fIBIO_get_conn_int_port()\fR returns the port as an int.
+\&\fBBIO_get_conn_int_port()\fR returns the port as an int.
.PP
-\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is
+\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is
zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O
-is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR
+is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR
should be made before the connection is established because
non blocking I/O is set during the connect process.
.PP
-\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into
+\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into
a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR.
.PP
-\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1
+\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
-call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
+call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs
to determine if the call should be retried.
.SH "NOTES"
.IX Header "NOTES"
@@ -237,58 +241,58 @@ I/O call is caused by an error condition, although a zero return
will normally mean that the connection was closed.
.PP
If the port name is supplied as part of the host name then this will
-override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable
+override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable
if the application does not wish to allow connection to arbitrary
ports. This can be avoided by checking for the presence of the ':'
character in the passed hostname and either indicating an error or
truncating the string at that point.
.PP
-The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR,
-\&\fIBIO_get_conn_ip()\fR and \fIBIO_get_conn_int_port()\fR are updated when a
+The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_port()\fR,
+\&\fBBIO_get_conn_ip()\fR and \fBBIO_get_conn_int_port()\fR are updated when a
connection attempt is made. Before any connection attempt the values
returned are those set by the application itself.
.PP
-Applications do not have to call \fIBIO_do_connect()\fR but may wish to do
+Applications do not have to call \fBBIO_do_connect()\fR but may wish to do
so to separate the connection process from other I/O processing.
.PP
If non blocking I/O is set then retries will be requested as appropriate.
.PP
-It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also
-possible for \fIBIO_should_io_special()\fR to be true during the initial
+It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also
+possible for \fBBIO_should_io_special()\fR to be true during the initial
connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned
then this is an indication that a connection attempt would block,
the application should then take appropriate action to wait until
the underlying socket has connected and retry the call.
.PP
-\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR,
-\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR,
-\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and
-\&\fIBIO_do_connect()\fR are macros.
+\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_set_conn_ip()\fR,
+\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_port()\fR,
+\&\fBBIO_get_conn_ip()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_nbio()\fR and
+\&\fBBIO_do_connect()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method.
+\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method.
.PP
-\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not
+\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not
been initialized.
.PP
-\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR and
-\&\fIBIO_set_conn_int_port()\fR always return 1.
+\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_set_conn_ip()\fR and
+\&\fBBIO_set_conn_int_port()\fR always return 1.
.PP
-\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 is
+\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 is
none was set.
.PP
-\&\fIBIO_get_conn_port()\fR returns a string representing the connected
+\&\fBBIO_get_conn_port()\fR returns a string representing the connected
port or \s-1NULL\s0 if not set.
.PP
-\&\fIBIO_get_conn_ip()\fR returns a pointer to the connected \s-1IP\s0 address in
+\&\fBBIO_get_conn_ip()\fR returns a pointer to the connected \s-1IP\s0 address in
binary form or all zeros if not set.
.PP
-\&\fIBIO_get_conn_int_port()\fR returns the connected port or 0 if none was
+\&\fBBIO_get_conn_int_port()\fR returns the connected port or 0 if none was
set.
.PP
-\&\fIBIO_set_nbio()\fR always returns 1.
+\&\fBBIO_set_nbio()\fR always returns 1.
.PP
-\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully
+\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully
established and 0 or \-1 if the connection failed.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index d6a4d7d2bd62..bd5d003089bb 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_fd 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,56 +154,56 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper
-round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR.
+\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper
+round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR.
.PP
-\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying descriptor.
-\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not.
+\&\fBBIO_read()\fR and \fBBIO_write()\fR read or write the underlying descriptor.
+\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not.
.PP
-If the close flag is set then then \fIclose()\fR is called on the underlying
+If the close flag is set then then \fBclose()\fR is called on the underlying
file descriptor when the \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file
+\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file
using lseek(fd, 0, 0).
.PP
-\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
+\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
using lseek(fd, ofs, 0).
.PP
-\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1).
+\&\fBBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1).
.PP
-\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
flag to \fBc\fR.
.PP
-\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
+\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type
(int *).
.PP
-\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR.
+\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fIBIO_read()\fR and \fIBIO_write()\fR depends on the behavior of the
-platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying
+The behaviour of \fBBIO_read()\fR and \fBBIO_write()\fR depends on the behavior of the
+platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying
file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the
-manner described in the \fIBIO_read\fR\|(3) and \fIBIO_should_retry\fR\|(3)
+manner described in the \fBBIO_read\fR\|(3) and \fBBIO_should_retry\fR\|(3)
manual pages.
.PP
File descriptor BIOs should not be used for socket I/O. Use socket BIOs
instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method.
+\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method.
.PP
-\&\fIBIO_reset()\fR returns zero for success and \-1 if an error occurred.
-\&\fIBIO_seek()\fR and \fIBIO_tell()\fR return the current file position or \-1
-if an error occurred. These values reflect the underlying \fIlseek()\fR
+\&\fBBIO_reset()\fR returns zero for success and \-1 if an error occurred.
+\&\fBBIO_seek()\fR and \fBBIO_tell()\fR return the current file position or \-1
+if an error occurred. These values reflect the underlying \fBlseek()\fR
behaviour.
.PP
-\&\fIBIO_set_fd()\fR always returns 1.
+\&\fBBIO_set_fd()\fR always returns 1.
.PP
-\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not
+\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not
been initialized.
.PP
-\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
+\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
occurred.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
@@ -213,8 +217,8 @@ This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R":
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3),
-\&\fIBIO_reset\fR\|(3), \fIBIO_read\fR\|(3),
-\&\fIBIO_write\fR\|(3), \fIBIO_puts\fR\|(3),
-\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3),
-\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3)
+\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3),
+\&\fBBIO_reset\fR\|(3), \fBBIO_read\fR\|(3),
+\&\fBBIO_write\fR\|(3), \fBBIO_puts\fR\|(3),
+\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3),
+\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index c7b4d5b64805..8389a70fc127 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_file 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,48 +161,48 @@ BIO_rw_filename \- FILE bio
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
+\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
is a wrapper round the stdio \s-1FILE\s0 structure and it is a
source/sink \s-1BIO.\s0
.PP
-Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the
-underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs.
+Calls to \fBBIO_read()\fR and \fBBIO_write()\fR read and write data to the
+underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs.
.PP
-\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped
+\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped
stream.
.PP
-\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file
+\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file
using fseek(stream, 0, 0).
.PP
-\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
+\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
using fseek(stream, ofs, 0).
.PP
-\&\fIBIO_eof()\fR calls \fIfeof()\fR.
+\&\fBBIO_eof()\fR calls \fBfeof()\fR.
.PP
-Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0
+Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0
is freed.
.PP
-\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
-of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0
+\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
+of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0
flag is set on the returned \s-1BIO.\s0
.PP
-\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
+\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying
stream to text mode, default is binary: this only has any effect under
Win32).
.PP
-\&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
-meaning as in \fIBIO_new_fp()\fR, it is a macro.
+\&\fBBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
+meaning as in \fBBIO_new_fp()\fR, it is a macro.
.PP
-\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro.
+\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro.
.PP
-\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
+\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
from the start of file.
.PP
-\&\fIBIO_tell()\fR returns the value of the position pointer.
+\&\fBBIO_tell()\fR returns the value of the position pointer.
.PP
-\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
+\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and
+\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
reading, writing, append or read write respectively.
.SH "NOTES"
.IX Header "NOTES"
@@ -253,32 +257,32 @@ Alternative technique:
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method.
+\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method.
.PP
-\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error
+\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error
occurred.
.PP
-\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure
+\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure
(although the current implementation never return 0).
.PP
-\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function:
+\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function:
0 for success or \-1 for failure.
.PP
-\&\fIBIO_tell()\fR returns the current file position.
+\&\fBBIO_tell()\fR returns the current file position.
.PP
-\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure.
+\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and
+\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure.
.SH "BUGS"
.IX Header "BUGS"
-\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying
-stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error
+\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying
+stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error
occurred this differs from other types of \s-1BIO\s0 which will typically return
1 for success and a non positive value if an error occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3),
-\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3),
-\&\fIBIO_read\fR\|(3),
-\&\fIBIO_write\fR\|(3), \fIBIO_puts\fR\|(3),
-\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3),
-\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3)
+\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3),
+\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3),
+\&\fBBIO_read\fR\|(3),
+\&\fBBIO_write\fR\|(3), \fBBIO_puts\fR\|(3),
+\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3),
+\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index 7f8673dbae5e..628dd298bd7e 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_mem 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +157,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_mem()\fR return the memory \s-1BIO\s0 method function.
+\&\fBBIO_s_mem()\fR return the memory \s-1BIO\s0 method function.
.PP
A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data
written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended
@@ -163,37 +167,37 @@ Any data written to a memory \s-1BIO\s0 can be recalled by reading from it.
Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from
the \s-1BIO.\s0
.PP
-Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR.
+Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR.
.PP
If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying
\&\s-1BUF_MEM\s0 structure is also freed.
.PP
-Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it. On a
+Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it. On a
read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only
data can be read again.
.PP
-\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0
+\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0
.PP
-\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored.
+\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored.
.PP
-\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
+\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is
it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non
zero then it will return \fBv\fR when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
positive return value \fBv\fR should be set to a negative value, typically \-1.
.PP
-\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data
+\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data
and returns the total amount of data available. It is implemented as a macro.
.PP
-\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
+\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
It is a macro.
.PP
-\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is
+\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is
a macro.
.PP
-\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR,
+\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR,
if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its
length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and
as a result cannot be written to. This is useful when some data needs to be
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index 093e7e1dc641..471e294afbc5 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_null 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +149,7 @@ BIO_s_null \- null data sink
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
+\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
the null sink is discarded, reads return \s-1EOF.\s0
.SH "NOTES"
.IX Header "NOTES"
@@ -161,7 +165,7 @@ Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can
by adding a null sink \s-1BIO\s0 to the end of the chain
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method.
+\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index 049131f926eb..3aa7e842584b 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_s_socket 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,22 +154,22 @@ BIO_s_socket, BIO_new_socket \- socket BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper
+\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper
round the platform's socket routines.
.PP
-\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying socket.
-\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not.
+\&\fBBIO_read()\fR and \fBBIO_write()\fR read or write the underlying socket.
+\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not.
.PP
If the close flag is set then the socket is shut down and closed
when the \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fBBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
flag to \fBclose_flag\fR.
.PP
-\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also
+\&\fBBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also
returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *).
.PP
-\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
+\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
.SH "NOTES"
.IX Header "NOTES"
Socket BIOs also support any relevant functionality of file descriptor
@@ -176,17 +180,17 @@ platforms sockets are not file descriptors and use distinct I/O routines,
Windows is one such platform. Any code mixing the two will not work on
all platforms.
.PP
-\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros.
+\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method.
+\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method.
.PP
-\&\fIBIO_set_fd()\fR always returns 1.
+\&\fBBIO_set_fd()\fR always returns 1.
.PP
-\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been
+\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been
initialized.
.PP
-\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
+\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index 9cdc7471e7cb..6fdab6203375 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_set_callback 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,20 +159,20 @@ BIO_debug_callback \- BIO callback functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the \s-1BIO\s0 callback,
+\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the \s-1BIO\s0 callback,
they are both macros. The callback is called during most high level \s-1BIO\s0
operations. It can be used for debugging purposes to trace operations on
a \s-1BIO\s0 or to modify its operation.
.PP
-\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be
+\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be
used to set and retrieve an argument for use in the callback.
.PP
-\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints
+\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints
out information relating to each \s-1BIO\s0 operation. If the callback
argument is set if is interpreted as a \s-1BIO\s0 to send the information
to, otherwise stderr is used.
.PP
-\&\fIcallback()\fR is the callback function itself. The meaning of each
+\&\fBcallback()\fR is the callback function itself. The meaning of each
argument is described below.
.PP
The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR.
@@ -222,7 +226,7 @@ callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-The \fIBIO_debug_callback()\fR function is a good example, its source is
+The \fBBIO_debug_callback()\fR function is a good example, its source is
in crypto/bio/bio_cb.c
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index 8c8541d42d91..2f3729a6d042 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BIO_should_retry 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,42 +165,42 @@ BIO_get_retry_BIO, BIO_get_retry_reason \- BIO retry functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions determine why a \s-1BIO\s0 is not able to read or write data.
-They will typically be called after a failed \fIBIO_read()\fR or \fIBIO_write()\fR
+They will typically be called after a failed \fBBIO_read()\fR or \fBBIO_write()\fR
call.
.PP
-\&\fIBIO_should_retry()\fR is true if the call that produced this condition
+\&\fBBIO_should_retry()\fR is true if the call that produced this condition
should then be retried at a later time.
.PP
-If \fIBIO_should_retry()\fR is false then the cause is an error condition.
+If \fBBIO_should_retry()\fR is false then the cause is an error condition.
.PP
-\&\fIBIO_should_read()\fR is true if the cause of the condition is that a \s-1BIO\s0
+\&\fBBIO_should_read()\fR is true if the cause of the condition is that a \s-1BIO\s0
needs to read data.
.PP
-\&\fIBIO_should_write()\fR is true if the cause of the condition is that a \s-1BIO\s0
+\&\fBBIO_should_write()\fR is true if the cause of the condition is that a \s-1BIO\s0
needs to read data.
.PP
-\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a
+\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a
reason other than reading or writing is the cause of the condition.
.PP
-\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition
+\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition
consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR,
\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of
these.
.PP
-\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special
+\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special
condition, it returns the \s-1BIO\s0 that caused this condition and if
\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of
the reason code and the action that should be taken depends on
the type of \s-1BIO\s0 that resulted in this condition.
.PP
-\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if
-passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR.
+\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if
+passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR.
.SH "NOTES"
.IX Header "NOTES"
-If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
+If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0
-operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns
-0 and \fIBIO_should_retry()\fR is false then the cause will be that the
+operation. For example if a call to \fBBIO_read()\fR on a socket \s-1BIO\s0 returns
+0 and \fBBIO_should_retry()\fR is false then the cause will be that the
connection closed. A similar condition on a file \s-1BIO\s0 will mean that it
has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on
the error queue. For more details see the individual \s-1BIO\s0 type manual
@@ -205,12 +209,12 @@ pages.
If the underlying I/O structure is in a blocking mode almost all current
\&\s-1BIO\s0 types will not request a retry, because the underlying I/O
calls will not. If the application knows that the \s-1BIO\s0 type will never
-signal a retry then it need not call \fIBIO_should_retry()\fR after a failed
+signal a retry then it need not call \fBBIO_should_retry()\fR after a failed
\&\s-1BIO I/O\s0 call. This is typically done with file BIOs.
.PP
\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a
retry even if the underlying I/O structure is blocking, if a handshake
-occurs during a call to \fIBIO_read()\fR. An application can retry the failed
+occurs during a call to \fBBIO_read()\fR. An application can retry the failed
call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0
on the underlying \s-1SSL\s0 structure.
.PP
@@ -220,10 +224,10 @@ repeatedly until data can be processed or is available. An application
will normally wait until the necessary condition is satisfied. How
this is done depends on the underlying I/O structure.
.PP
-For example if the cause is ultimately a socket and \fIBIO_should_read()\fR
-is true then a call to \fIselect()\fR may be made to wait until data is
+For example if the cause is ultimately a socket and \fBBIO_should_read()\fR
+is true then a call to \fBselect()\fR may be made to wait until data is
available and then retry the \s-1BIO\s0 operation. By combining the retry
-conditions of several non blocking BIOs in a single \fIselect()\fR call
+conditions of several non blocking BIOs in a single \fBselect()\fR call
it is possible to service several BIOs in a single thread, though
the performance may be poor if \s-1SSL\s0 BIOs are present because long delays
can occur during the initial handshake process.
@@ -231,7 +235,7 @@ can occur during the initial handshake process.
It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O
structure cannot process or return any data. This depends on the behaviour of
the platforms I/O functions. This is often not desirable: one solution
-is to use non blocking I/O and use a timeout on the \fIselect()\fR (or
+is to use non blocking I/O and use a timeout on the \fBselect()\fR (or
equivalent) call.
.SH "BUGS"
.IX Header "BUGS"
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index 5c1e39e0c4e5..44ba2843a053 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_BLINDING_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,65 +174,65 @@ functions.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies
+\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies
the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object.
.PP
-\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure.
+\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure.
.PP
-\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring
+\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring
the \fBA\fR and \fBAi\fR or, after specific number of uses and if the
necessary parameters are set, by re-creating the blinding parameters.
.PP
-\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR.
+\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR.
If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be
returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among
-several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the
+several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the
inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as
the inverse blinding.
.PP
-\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper
-functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR
+\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper
+functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR
with \fBr\fR set to \s-1NULL.\s0
.PP
-\&\fIBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR
+\&\fBBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR
object within the \fB\s-1BN_BLINDING\s0\fR structure. This is to help users
provide proper locking if needed for multi-threaded use. The \*(L"thread
id\*(R" object of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is
-initialised to the thread id in which \fIBN_BLINDING_new()\fR was called.
+initialised to the thread id in which \fBBN_BLINDING_new()\fR was called.
.PP
-\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently
+\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently
there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and
\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the
automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use
and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation
of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently
32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set.
-\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags.
+\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags.
.PP
-\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters
+\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters
using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and
\&\fBm_ctx\fR can be used to pass special functions for exponentiation
-(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR).
+(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure
+\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure
or \s-1NULL\s0 in case of an error.
.PP
-\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR,
-\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on
+\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR,
+\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on
success and 0 if an error occurred.
.PP
-\&\fIBN_BLINDING_thread_id()\fR returns a pointer to the thread id object
+\&\fBBN_BLINDING_thread_id()\fR returns a pointer to the thread id object
within a \fB\s-1BN_BLINDING\s0\fR object.
.PP
-\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags
+\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags
(a \fBunsigned long\fR value).
.PP
-\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR
+\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR
parameters or \s-1NULL\s0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3)
+\&\fBbn\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index 7555277e34e3..0052b80674d1 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_CTX_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -158,29 +162,29 @@ library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fR
is rather expensive when used in conjunction with repeated subroutine
calls, the \fB\s-1BN_CTX\s0\fR structure is used.
.PP
-\&\fIBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR
+\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR
structure.
.PP
-\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR, and if it was
-created by \fIBN_CTX_new()\fR, also the structure itself.
-If \fIBN_CTX_start\fR\|(3) has been used on the \fB\s-1BN_CTX\s0\fR,
-\&\fIBN_CTX_end\fR\|(3) must be called before the \fB\s-1BN_CTX\s0\fR
-may be freed by \fIBN_CTX_free()\fR.
+\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR, and if it was
+created by \fBBN_CTX_new()\fR, also the structure itself.
+If \fBBN_CTX_start\fR\|(3) has been used on the \fB\s-1BN_CTX\s0\fR,
+\&\fBBN_CTX_end\fR\|(3) must be called before the \fB\s-1BN_CTX\s0\fR
+may be freed by \fBBN_CTX_free()\fR.
.PP
-\&\fIBN_CTX_init()\fR (deprecated) initializes an existing uninitialized \fB\s-1BN_CTX\s0\fR.
-This should not be used for new programs. Use \fIBN_CTX_new()\fR instead.
+\&\fBBN_CTX_init()\fR (deprecated) initializes an existing uninitialized \fB\s-1BN_CTX\s0\fR.
+This should not be used for new programs. Use \fBBN_CTX_new()\fR instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_CTX_new()\fR returns a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails,
+\&\fBBN_CTX_new()\fR returns a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails,
it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
.PP
-\&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values.
+\&\fBBN_CTX_init()\fR and \fBBN_CTX_free()\fR have no return values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
-\&\fIBN_CTX_start\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3),
+\&\fBBN_CTX_start\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_CTX_new()\fR and \fIBN_CTX_free()\fR are available in all versions on SSLeay
-and OpenSSL. \fIBN_CTX_init()\fR was added in SSLeay 0.9.1b.
+\&\fBBN_CTX_new()\fR and \fBBN_CTX_free()\fR are available in all versions on SSLeay
+and OpenSSL. \fBBN_CTX_init()\fR was added in SSLeay 0.9.1b.
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 539ca79758ad..9312c2e39cf9 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_CTX_start 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,30 +154,30 @@ BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from
-a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3))
+a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3))
in order to save the overhead of repeatedly creating and
freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop.
.PP
-A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be
-called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR
+A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be
+called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR
calls must be made before calling any other functions that use the
\&\fBctx\fR as an argument.
.PP
-Finally, \fIBN_CTX_end()\fR must be called before returning from the function.
-When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from
-\&\fIBN_CTX_get()\fR become invalid.
+Finally, \fBBN_CTX_end()\fR must be called before returning from the function.
+When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from
+\&\fBBN_CTX_get()\fR become invalid.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values.
+\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values.
.PP
-\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error.
-Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR
+\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error.
+Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR
as well, so it is sufficient to check the return value of the last
-\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which
-can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which
+can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIBN_CTX_new\fR\|(3)
+\&\fBBN_CTX_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_CTX_start()\fR, \fIBN_CTX_get()\fR and \fIBN_CTX_end()\fR were added in OpenSSL 0.9.5.
+\&\fBBN_CTX_start()\fR, \fBBN_CTX_get()\fR and \fBBN_CTX_end()\fR were added in OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index d1e814153761..df52b694de36 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add 3"
-.TH BN_add 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_add 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,62 +182,62 @@ arithmetic operations on BIGNUMs
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
+\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
.PP
-\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
+\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
.PP
-\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
+\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
-For multiplication by powers of 2, use \fIBN_lshift\fR\|(3).
+For multiplication by powers of 2, use \fBBN_lshift\fR\|(3).
.PP
-\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR
+\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR
(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR.
This function is faster than BN_mul(r,a,a).
.PP
-\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the
+\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the
remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may
be \fB\s-1NULL\s0\fR, in which case the respective value is not returned.
The result is rounded towards zero; thus if \fIa\fR is negative, the
remainder will be zero or negative.
-For division by powers of 2, use \fIBN_rshift\fR\|(3).
+For division by powers of 2, use \fBBN_rshift\fR\|(3).
.PP
-\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR.
+\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR.
.PP
-\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative
+\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative
remainder in \fIr\fR.
.PP
-\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative
+\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative
result in \fIr\fR.
.PP
-\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the
+\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the
non-negative result in \fIr\fR.
.PP
-\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative
+\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative
remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be
the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for
repeated computations using the same modulus, see
-\&\fIBN_mod_mul_montgomery\fR\|(3) and
-\&\fIBN_mod_mul_reciprocal\fR\|(3).
+\&\fBBN_mod_mul_montgomery\fR\|(3) and
+\&\fBBN_mod_mul_reciprocal\fR\|(3).
.PP
-\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the
+\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the
result in \fIr\fR.
.PP
-\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR
+\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR
(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of
-\&\fIBN_mul()\fR.
+\&\fBBN_mul()\fR.
.PP
-\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
-m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this
+\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
+m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this
function when \fBm\fR is even and any of the parameters have the
\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set.
.PP
-\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
+\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or
\&\fIb\fR.
.PP
For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
-temporary variables; see \fIBN_CTX_new\fR\|(3).
+temporary variables; see \fBBN_CTX_new\fR\|(3).
.PP
Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from
the arguments.
@@ -241,16 +245,16 @@ the arguments.
.IX Header "RETURN VALUES"
For all functions, 1 is returned for success, 0 on error. The return
value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR).
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3),
-\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3),
+\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR,
-\&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and
-OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay
-0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0.
-\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in
+\&\fBBN_add()\fR, \fBBN_sub()\fR, \fBBN_sqr()\fR, \fBBN_div()\fR, \fBBN_mod()\fR, \fBBN_mod_mul()\fR,
+\&\fBBN_mod_exp()\fR and \fBBN_gcd()\fR are available in all versions of SSLeay and
+OpenSSL. The \fIctx\fR argument to \fBBN_mul()\fR was added in SSLeay
+0.9.1b. \fBBN_exp()\fR appeared in SSLeay 0.9.0.
+\&\fBBN_nnmod()\fR, \fBBN_mod_add()\fR, \fBBN_mod_sub()\fR, and \fBBN_mod_sqr()\fR were added in
OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index 4d6ac0cb13b2..8e6a1f993416 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_add_word 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -158,32 +162,32 @@ These functions perform arithmetic operations on BIGNUMs with unsigned
integers. They are much more efficient than the normal \s-1BIGNUM\s0
arithmetic operations.
.PP
-\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR).
+\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR).
.PP
-\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR).
+\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR).
.PP
-\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR).
+\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR).
.PP
-\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder.
+\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder.
.PP
-\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR).
+\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR).
.PP
-For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0.
+For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0
-on error. The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0
+on error. The error codes can be obtained by \fBERR_get_error\fR\|(3).
.PP
-\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and
+\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and
\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of
-SSLeay and OpenSSL. \fIBN_div_word()\fR was added in SSLeay 0.8, and
-\&\fIBN_sub_word()\fR and \fIBN_mul_word()\fR in SSLeay 0.9.0.
+\&\fBBN_add_word()\fR and \fBBN_mod_word()\fR are available in all versions of
+SSLeay and OpenSSL. \fBBN_div_word()\fR was added in SSLeay 0.8, and
+\&\fBBN_sub_word()\fR and \fBBN_mul_word()\fR in SSLeay 0.9.0.
.PP
-Before 0.9.8a the return value for \fIBN_div_word()\fR and \fIBN_mod_word()\fR
+Before 0.9.8a the return value for \fBBN_div_word()\fR and \fBBN_mod_word()\fR
in case of an error was 0.
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index 0a6da59b0293..935b9d27b6f4 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_bn2bin 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -158,69 +162,69 @@ BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form
+\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form
and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of
memory.
.PP
-\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length
+\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length
\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is
\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created.
.PP
-\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the
+\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the
hexadecimal and decimal encoding of \fBa\fR respectively. For negative
numbers, the string is prefaced with a leading '\-'. The string must be
-freed later using \fIOPENSSL_free()\fR.
+freed later using \fBOPENSSL_free()\fR.
.PP
-\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number
+\&\fBBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number
to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new
\&\fB\s-1BIGNUM\s0\fR is created. If \fBa\fR is \s-1NULL,\s0 it only computes the number's
length in hexadecimal digits. If the string starts with '\-', the
number is negative.
A \*(L"negative zero\*(R" is converted to zero.
-\&\fIBN_dec2bn()\fR is the same using the decimal system.
+\&\fBBN_dec2bn()\fR is the same using the decimal system.
.PP
-\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR,
+\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR,
with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR
\&\fBfp\fR.
.PP
-\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format
+\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format
that consists of the number's length in bytes represented as a 4\-byte
big-endian number, and the number itself in big-endian format, where
the most significant bit signals a negative number (the representation
of numbers with the \s-1MSB\s0 set is prefixed with null byte).
.PP
-\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR
+\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR
must be large enough to hold the result. The size can be determined by
calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0).
.PP
-\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
+\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR
if \fBret\fR is \s-1NULL.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
-\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error.
+\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
+\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error.
.PP
-\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0
-on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number of characters
+\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0
+on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters
used in parsing, or 0 on error, in which
case no new \fB\s-1BIGNUM\s0\fR will be created.
.PP
-\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors.
+\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors.
.PP
-\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR
+\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR
returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error.
.PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3),
-\&\fIASN1_INTEGER_to_BN\fR\|(3),
-\&\fIBN_num_bytes\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3),
+\&\fBASN1_INTEGER_to_BN\fR\|(3),
+\&\fBBN_num_bytes\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_bn2bin()\fR, \fIBN_bin2bn()\fR, \fIBN_print_fp()\fR and \fIBN_print()\fR are available
+\&\fBBN_bn2bin()\fR, \fBBN_bin2bn()\fR, \fBBN_print_fp()\fR and \fBBN_print()\fR are available
in all versions of SSLeay and OpenSSL.
.PP
-\&\fIBN_bn2hex()\fR, \fIBN_bn2dec()\fR, \fIBN_hex2bn()\fR, \fIBN_dec2bn()\fR, \fIBN_bn2mpi()\fR and
-\&\fIBN_mpi2bn()\fR were added in SSLeay 0.9.0.
+\&\fBBN_bn2hex()\fR, \fBBN_bn2dec()\fR, \fBBN_hex2bn()\fR, \fBBN_dec2bn()\fR, \fBBN_bn2mpi()\fR and
+\&\fBBN_mpi2bn()\fR were added in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index d8051bbea1c7..f89d4652ed80 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_cmp 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,26 +155,26 @@ BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparis
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their
+\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their
absolute values.
.PP
-\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1,
-or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd.
+\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1,
+or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd.
.PP
-\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros.
+\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if
-\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values
+\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if
+\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values
of \fBa\fR and \fBb\fR.
.PP
-\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if
+\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if
the condition is true, 0 otherwise.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3)
+\&\fBbn\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_cmp()\fR, \fIBN_ucmp()\fR, \fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR are
+\&\fBBN_cmp()\fR, \fBBN_ucmp()\fR, \fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR are
available in all versions of SSLeay and OpenSSL.
-\&\fIBN_is_odd()\fR was added in SSLeay 0.8.
+\&\fBBN_is_odd()\fR was added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index ccc03a133eb9..47149dea4cfd 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_copy 3"
-.TH BN_copy 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_copy 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,16 +151,16 @@ BN_copy, BN_dup \- copy BIGNUMs
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR
+\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR
containing the value \fBfrom\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns
+\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns
the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained
-by \fIERR_get_error\fR\|(3).
+by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
+\&\fBBN_copy()\fR and \fBBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index b9ef91a5d9cc..c5ce714e2c96 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_generate_prime 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,7 +177,7 @@ Deprecated:
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_generate_prime_ex()\fR generates a pseudo-random prime number of
+\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of
bit length \fBbits\fR.
If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number.
.PP
@@ -197,21 +201,21 @@ generator.
If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so
that (p\-1)/2 is also prime).
.PP
-The \s-1PRNG\s0 must be seeded prior to calling \fIBN_generate_prime_ex()\fR.
+The \s-1PRNG\s0 must be seeded prior to calling \fBBN_generate_prime_ex()\fR.
The prime number generation has a negligible error probability.
.PP
-\&\fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is
+\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is
prime. The following tests are performed until one of them shows that
\&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered
prime.
.PP
-\&\fIBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR,
+\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR,
first attempts trial division by a number of small primes;
if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR,
\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called.
If \fBdo_trial_division == 0\fR, this test is skipped.
.PP
-Both \fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin
+Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin
probabilistic primality test with \fBnchecks\fR iterations. If
\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that
yields a false positive rate of at most 2^\-64 for random input.
@@ -256,24 +260,24 @@ deprecated and can be compared to BN_is_prime_ex and
BN_is_prime_fasttest_ex respectively.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_generate_prime_ex()\fR return 1 on success or 0 on error.
+\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error.
.PP
-\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR and
-\&\fIBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is
+\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and
+\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is
prime with an error probability of less than 0.25^\fBnchecks\fR, and
\&\-1 on error.
.PP
-\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise.
+\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise.
.PP
Callback functions should return 1 on success or 0 on error.
.PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR
-were added in SSLeay 0.9.0. The \fBret\fR argument to \fIBN_generate_prime()\fR
+The \fBcb_arg\fR arguments to \fBBN_generate_prime()\fR and to \fBBN_is_prime()\fR
+were added in SSLeay 0.9.0. The \fBret\fR argument to \fBBN_generate_prime()\fR
was added in SSLeay 0.9.1.
-\&\fIBN_is_prime_fasttest()\fR was added in OpenSSL 0.9.5.
+\&\fBBN_is_prime_fasttest()\fR was added in OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index fd9b7d2534ae..45a894cc3519 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_mod_inverse 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +150,7 @@ BN_mod_inverse \- compute inverse modulo n
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
+\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0
a new \fB\s-1BIGNUM\s0\fR is created.
.PP
@@ -154,11 +158,11 @@ a new \fB\s-1BIGNUM\s0\fR is created.
variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and
-\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and
+\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index f58556c3c0aa..50a0dd964723 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,27 +166,27 @@ BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions implement Montgomery multiplication. They are used
-automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input,
+automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input,
but they may be useful when several operations are to be performed
using the same modulus.
.PP
-\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure.
-\&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR.
+\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure.
+\&\fBBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR.
.PP
-\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR
+\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR
by precomputing its inverse and a value R.
.PP
-\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR.
+\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR.
.PP
-\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if
-it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself.
+\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if
+it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself.
.PP
-\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places
+\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places
the result in \fIr\fR.
.PP
-\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1.
+\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1.
.PP
-\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R.
+\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R.
Note that \fIa\fR must be non-negative and smaller than the modulus.
.PP
For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
@@ -203,28 +207,28 @@ The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows:
\& } BN_MONT_CTX;
.Ve
.PP
-\&\fIBN_to_montgomery()\fR is a macro.
+\&\fBBN_to_montgomery()\fR is a macro.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0
+\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0
on error.
.PP
-\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_free()\fR have no return values.
+\&\fBBN_MONT_CTX_init()\fR and \fBBN_MONT_CTX_free()\fR have no return values.
.PP
For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "WARNING"
.IX Header "WARNING"
The inputs must be reduced modulo \fBm\fR, otherwise the result will be
outside the expected range.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
-\&\fIBN_CTX_new\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3),
+\&\fBBN_CTX_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_MONT_CTX_new()\fR, \fIBN_MONT_CTX_free()\fR, \fIBN_MONT_CTX_set()\fR,
-\&\fIBN_mod_mul_montgomery()\fR, \fIBN_from_montgomery()\fR and \fIBN_to_montgomery()\fR
+\&\fBBN_MONT_CTX_new()\fR, \fBBN_MONT_CTX_free()\fR, \fBBN_MONT_CTX_set()\fR,
+\&\fBBN_mod_mul_montgomery()\fR, \fBBN_from_montgomery()\fR and \fBBN_to_montgomery()\fR
are available in all versions of SSLeay and OpenSSL.
.PP
-\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_copy()\fR were added in SSLeay 0.9.1b.
+\&\fBBN_MONT_CTX_init()\fR and \fBBN_MONT_CTX_copy()\fR were added in SSLeay 0.9.1b.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index c66a093991ac..21d146e1f9a6 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,24 +161,24 @@ reciprocal
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient
-\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed
+\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient
+\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed
repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR
using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a
previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables.
.PP
-\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure.
-\&\fIBN_RECP_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_RECP\s0\fR.
+\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure.
+\&\fBBN_RECP_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_RECP\s0\fR.
.PP
-\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it
-was created by \fIBN_RECP_CTX_new()\fR, also the structure itself.
+\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it
+was created by \fBBN_RECP_CTX_new()\fR, also the structure itself.
.PP
-\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing
+\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing
1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an
integer. The result and the number of bits it was shifted left will
later be stored in \fBrecp\fR.
.PP
-\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient
+\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient
in \fBdv\fR and the remainder in \fBrem\fR.
.PP
The \fB\s-1BN_RECP_CTX\s0\fR structure is defined as follows:
@@ -193,19 +197,19 @@ The \fB\s-1BN_RECP_CTX\s0\fR structure is defined as follows:
It cannot be shared between threads.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0
+\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0
on error.
.PP
-\&\fIBN_RECP_CTX_init()\fR and \fIBN_RECP_CTX_free()\fR have no return values.
+\&\fBBN_RECP_CTX_init()\fR and \fBBN_RECP_CTX_free()\fR have no return values.
.PP
For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
-\&\fIBN_CTX_new\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3),
+\&\fBBN_CTX_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fB\s-1BN_RECP_CTX\s0\fR was added in SSLeay 0.9.0. Before that, the function
-\&\fIBN_reciprocal()\fR was used instead, and the \fIBN_mod_mul_reciprocal()\fR
+\&\fBBN_reciprocal()\fR was used instead, and the \fBBN_mod_mul_reciprocal()\fR
arguments were different.
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index 0e71ab7b9817..e84a1ea38963 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_new 3"
-.TH BN_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,31 +157,31 @@ BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \fIBN_init()\fR
+\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \fBBN_init()\fR
initializes an existing uninitialized \fB\s-1BIGNUM\s0\fR.
.PP
-\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they
+\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they
are no longer needed. It erases the memory used by \fBa\fR and sets it
to the value 0.
.PP
-\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created
-by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally
+\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created
+by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally
overwrites the data before the memory is returned to the system.
If \fBa\fR is \s-1NULL,\s0 nothing is done.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_new()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0.
+\&\fBBN_new()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0.
If the allocation fails,
it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained
-by \fIERR_get_error\fR\|(3).
+by \fBERR_get_error\fR\|(3).
.PP
-\&\fIBN_init()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return
+\&\fBBN_init()\fR, \fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return
values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in
-all versions on SSLeay and OpenSSL. \fIBN_init()\fR was added in SSLeay
+\&\fBBN_new()\fR, \fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR are available in
+all versions on SSLeay and OpenSSL. \fBBN_init()\fR was added in SSLeay
0.9.1b.
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index d4ad6e4d7eb6..cf197ae0d27f 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_num_bytes 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,36 +153,36 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes.
+\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes.
.PP
-\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word.
+\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word.
If we take 0x00000432 as an example, it returns 11, not 16, not 32.
Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR.
.PP
-\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR,
-following the same principle as \fIBN_num_bits_word()\fR.
+\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR,
+following the same principle as \fBBN_num_bits_word()\fR.
.PP
-\&\fIBN_num_bytes()\fR is a macro.
+\&\fBBN_num_bytes()\fR is a macro.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The size.
.SH "NOTES"
.IX Header "NOTES"
-Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys,
+Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys,
\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with
the number of bits they expected (something like 512, 1024, 2048,
\&...). This is because generating a number with some specific number
of bits doesn't always set the highest bits, thereby making the number
of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key
-size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR
-and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although
+size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR
+and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although
there's no real guarantee that will match the \*(L"key size\*(R", just a lot
more probability).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIDH_size\fR\|(3), \fIDSA_size\fR\|(3),
-\&\fIRSA_size\fR\|(3)
+\&\fBbn\fR\|(3), \fBDH_size\fR\|(3), \fBDSA_size\fR\|(3),
+\&\fBRSA_size\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_num_bytes()\fR, \fIBN_num_bits()\fR and \fIBN_num_bits_word()\fR are available in
+\&\fBBN_num_bytes()\fR, \fBBN_num_bits()\fR and \fBBN_num_bits_word()\fR are available in
all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index d74c71f01191..49835bb36563 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_rand 3"
-.TH BN_rand 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_rand 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +155,7 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range \- generate pseudo\
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of
+\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of
\&\fBbits\fR in length and stores it in \fBrnd\fR.
If \fBbits\fR is less than zero, or too small to
accomodate the requirements specified by the \fBtop\fR and \fBbottom\fR
@@ -164,28 +168,28 @@ numbers will always have 2*\fBbits\fR length. If \fBbottom\fR is true, the
number will be odd. The value of \fBbits\fR must be zero or greater. If \fBbits\fR is
1 then \fBtop\fR cannot also be 1.
.PP
-\&\fIBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by
+\&\fBBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by
this function are not necessarily unpredictable. They can be used for
non-cryptographic purposes and for certain purposes in cryptographic
protocols, but usually not for key generation etc.
.PP
-\&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random
+\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random
number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR.
-\&\fIBN_pseudo_rand_range()\fR does the same, but is based on \fIBN_pseudo_rand()\fR,
+\&\fBBN_pseudo_rand_range()\fR does the same, but is based on \fBBN_pseudo_rand()\fR,
and hence numbers generated by it are not necessarily unpredictable.
.PP
-The \s-1PRNG\s0 must be seeded prior to calling \fIBN_rand()\fR or \fIBN_rand_range()\fR.
+The \s-1PRNG\s0 must be seeded prior to calling \fBBN_rand()\fR or \fBBN_rand_range()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The functions return 1 on success, 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
-\&\fIRAND_add\fR\|(3), \fIRAND_bytes\fR\|(3)
+\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
+\&\fBRAND_add\fR\|(3), \fBRAND_bytes\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_rand()\fR is available in all versions of SSLeay and OpenSSL.
-\&\fIBN_pseudo_rand()\fR was added in OpenSSL 0.9.5. The \fBtop\fR == \-1 case
-and the function \fIBN_rand_range()\fR were added in OpenSSL 0.9.6a.
-\&\fIBN_pseudo_rand_range()\fR was added in OpenSSL 0.9.6c.
+\&\fBBN_rand()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBBN_pseudo_rand()\fR was added in OpenSSL 0.9.5. The \fBtop\fR == \-1 case
+and the function \fBBN_rand_range()\fR were added in OpenSSL 0.9.6a.
+\&\fBBN_pseudo_rand_range()\fR was added in OpenSSL 0.9.6c.
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index 6f8b6831a5f9..dc9d7b73bd3f 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_set_bit 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,38 +161,38 @@ BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The
+\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The
number is expanded if necessary.
.PP
-\&\fIBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An
+\&\fBBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An
error occurs if \fBa\fR is shorter than \fBn\fR bits.
.PP
-\&\fIBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set.
+\&\fBBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set.
.PP
-\&\fIBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number
+\&\fBBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number
(\f(CW\*(C`a&=~((~0)>>n)\*(C'\fR). An error occurs if \fBa\fR already is
shorter than \fBn\fR bits.
.PP
-\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in
-\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts
+\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in
+\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts
\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR).
.PP
-\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in
-\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts
+\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in
+\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts
\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR).
.PP
For the shift functions, \fBr\fR and \fBa\fR may be the same variable.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise.
+\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise.
.PP
All other functions return 1 for success, 0 on error. The error codes
-can be obtained by \fIERR_get_error\fR\|(3).
+can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3)
+\&\fBbn\fR\|(3), \fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_set_bit()\fR, \fIBN_clear_bit()\fR, \fIBN_is_bit_set()\fR, \fIBN_mask_bits()\fR,
-\&\fIBN_lshift()\fR, \fIBN_lshift1()\fR, \fIBN_rshift()\fR, and \fIBN_rshift1()\fR are available
+\&\fBBN_set_bit()\fR, \fBBN_clear_bit()\fR, \fBBN_is_bit_set()\fR, \fBBN_mask_bits()\fR,
+\&\fBBN_lshift()\fR, \fBBN_lshift1()\fR, \fBBN_rshift()\fR, and \fBBN_rshift1()\fR are available
in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index 6971ce1be2bb..f2b96aa68e62 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_swap 3"
-.TH BN_swap 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_swap 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,9 +149,9 @@ BN_swap \- exchange BIGNUMs
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR.
+\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR.
.PP
-\&\fIbn\fR\|(3)
+\&\fBbn\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
BN_swap was added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 374041e11370..7e3db12c4651 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_zero 3"
-.TH BN_zero 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH BN_zero 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,35 +159,35 @@ operations
\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimied
for the most efficient implementation on the local platform.
.PP
-\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and
-\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros.
+\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and
+\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros.
.PP
-\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant
+\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant
is useful for use in comparisons and assignment.
.PP
-\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR.
+\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot
+\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot
be represented as a \fB\s-1BN_ULONG\s0\fR.
.PP
-\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise.
-\&\fIBN_value_one()\fR returns the constant.
+\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise.
+\&\fBBN_value_one()\fR returns the constant.
.SH "BUGS"
.IX Header "BUGS"
If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide
-with the error condition returned by \fIBN_get_word()\fR which uses that
+with the error condition returned by \fBBN_get_word()\fR which uses that
as an error value.
.PP
\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIbn\fR\|(3), \fIBN_bn2bin\fR\|(3)
+\&\fBbn\fR\|(3), \fBBN_bn2bin\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of
-SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in
+\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR are available in all versions of
+SSLeay and OpenSSL. \fBBN_value_one()\fR and \fBBN_get_word()\fR were added in
SSLeay 0.8.
.PP
-\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL
+\&\fBBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL
0.9.7.
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
index f9e15ff58806..c111605ec24c 100644
--- a/secure/lib/libcrypto/man/CMS_add0_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add0_cert 3"
-.TH CMS_add0_cert 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_add0_cert 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,12 +155,12 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR.
+\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR.
must be of type signed data or enveloped data.
.PP
-\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR.
+\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR.
.PP
-\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
+\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR
returns any CRLs in \fBcms\fR.
.SH "NOTES"
.IX Header "NOTES"
@@ -167,26 +171,26 @@ For signed data certificates and CRLs are added to the \fBcertificates\fR and
\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to
\&\fBOriginatorInfo\fR.
.PP
-As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it
-must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR
+As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it
+must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR
must be freed up.
.PP
The same certificate or \s-1CRL\s0 must not be added to the same cms structure more
than once.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return
+\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return
1 for success and 0 for failure.
.PP
-\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs
+\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs
or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur
in practice is if the \fBcms\fR type is invalid.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fICMS_sign\fR\|(3),
-\&\fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBCMS_sign\fR\|(3),
+\&\fBCMS_encrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR, \fICMS_get1_certs()\fR, \fICMS_add0_crl()\fR
-and \fICMS_get1_crls()\fR were all first added to OpenSSL 0.9.8
+\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR, \fBCMS_get1_certs()\fR, \fBCMS_add0_crl()\fR
+and \fBCMS_get1_crls()\fR were all first added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
index c74917838ac1..39841d1ee813 100644
--- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_recipient_cert 3"
-.TH CMS_add1_recipient_cert 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_add1_recipient_cert 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,20 +153,20 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped
+\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped
data structure \fBcms\fR as a KeyTransRecipientInfo structure.
.PP
-\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using
+\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using
wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional
values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped
data structure \fBcms\fR as a KEKRecipientInfo structure.
.PP
The CMS_ContentInfo structure should be obtained from an initial call to
-\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set.
+\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set.
.SH "NOTES"
.IX Header "NOTES"
The main purpose of this function is to provide finer control over a \s-1CMS\s0
-enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are
+enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are
not appropriate. For example if one or more KEKRecipientInfo structures
need to be added. New attributes can also be added using the returned
CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions.
@@ -178,14 +182,14 @@ If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be
consistent with \fBkeylen\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal
+\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal
pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error
occurs.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3),
-\&\fICMS_final\fR\|(3),
+\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3),
+\&\fBCMS_final\fR\|(3),
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR were added to OpenSSL
+\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR were added to OpenSSL
0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3
index 10b38feec569..2374f4ec7475 100644
--- a/secure/lib/libcrypto/man/CMS_add1_signer.3
+++ b/secure/lib/libcrypto/man/CMS_add1_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_signer 3"
-.TH CMS_add1_signer 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_add1_signer 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,12 +153,12 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private
+\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private
key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData
structure \fBcms\fR.
.PP
The CMS_ContentInfo structure should be obtained from an initial call to
-\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a
+\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a
valid CMS_ContentInfo SignedData structure.
.PP
If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public
@@ -162,15 +166,15 @@ key algorithm will be used.
.PP
Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo
structure is not complete and must be finalized either by streaming (if
-applicable) or a call to \fICMS_final()\fR.
+applicable) or a call to \fBCMS_final()\fR.
.PP
-The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo
+The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo
structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags
are both set.
.SH "NOTES"
.IX Header "NOTES"
-The main purpose of \fICMS_add1_signer()\fR is to provide finer control
-over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults
+The main purpose of \fBCMS_add1_signer()\fR is to provide finer control
+over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults
are not appropriate. For example if multiple signers or non default digest
algorithms are needed. New attributes can also be added using the returned
CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the
@@ -187,7 +191,7 @@ flag is set.
.PP
If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the
CMS_SignerInfo structure will not be finalized so additional attributes
-can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is
+can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is
needed to finalize it.
.PP
If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the
@@ -213,17 +217,17 @@ bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bi
If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is
not loaded.
.PP
-\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
+\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
structure just added, this can be used to set additional attributes
before it is finalized.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
+\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
structure just added or \s-1NULL\s0 if an error occurs.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_final\fR\|(3),
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_final\fR\|(3),
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_add1_signer()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_add1_signer()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
index c51158e41b0d..c2d9a1f69db9 100644
--- a/secure/lib/libcrypto/man/CMS_compress.3
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_compress 3"
-.TH CMS_compress 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_compress 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +149,7 @@ CMS_compress \- create a CMS CompressedData structure
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR
+\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR
is the compression algorithm to use or \fBNID_undef\fR to use the default
algorithm (zlib compression). \fBin\fR is the content to be compressed.
\&\fBflags\fR is an optional set of flags.
@@ -154,7 +158,7 @@ algorithm (zlib compression). \fBin\fR is the content to be compressed.
The only currently supported compression algorithm is zlib using the \s-1NID\s0
NID_zlib_compression.
.PP
-If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return
+If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return
an error.
.PP
If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are
@@ -171,7 +175,7 @@ returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\f
.PP
The compressed data is included in the CMS_ContentInfo structure, unless
\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
-practice and is not supported by \fISMIME_write_CMS()\fR.
+practice and is not supported by \fBSMIME_write_CMS()\fR.
.SH "NOTES"
.IX Header "NOTES"
If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
@@ -179,21 +183,21 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st
properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
results.
.PP
-Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
-\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR,
+\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_CMS()\fR.
+\&\fBBIO_new_CMS()\fR.
.PP
Additional compression parameters such as the zlib compression level cannot
currently be set.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_compress()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_compress()\fR was added to OpenSSL 0.9.8
The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
index 7c598177cc6d..42d14a06dba4 100644
--- a/secure/lib/libcrypto/man/CMS_decrypt.3
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_decrypt 3"
-.TH CMS_decrypt 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_decrypt 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData
+\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData
structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the
recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and
\&\fBflags\fR is an optional set of flags.
@@ -156,7 +160,7 @@ The \fBdcont\fR parameter is used in the rare case where the encrypted content
is detached. It will normally be set to \s-1NULL.\s0
.SH "NOTES"
.IX Header "NOTES"
-\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
+\&\fBOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
function or errors about unknown algorithms will occur.
.PP
Although the recipients certificate is not needed to decrypt the data it is
@@ -168,7 +172,7 @@ is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on
\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or
not. If no recipient succeeds then a random symmetric key is used to decrypt
the content: this will typically output garbage and may (but is not guaranteed
-to) ultimately return a padding error only. If \fICMS_decrypt()\fR just returned an
+to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an
error when all recipient encrypted keys failed to decrypt an attacker could
use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set
then the above behaviour is modified and an error \fBis\fR returned if no
@@ -179,11 +183,11 @@ open to attack.
.PP
It is possible to determine the correct recipient key by other means (for
example looking them up in a database) and setting them in the \s-1CMS\s0 structure
-in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this
+in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this
case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0
.PP
-To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR
-and \fICMS_ReceipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and
+To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR
+and \fBCMS_ReceipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and
\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0
.PP
The following flags can be passed in the \fBflags\fR parameter.
@@ -193,15 +197,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i
returned.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure.
-The error can be obtained from \fIERR_get_error\fR\|(3)
+\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure.
+The error can be obtained from \fBERR_get_error\fR\|(3)
.SH "BUGS"
.IX Header "BUGS"
The lack of single pass processing and the need to hold all data in memory as
-mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR.
+mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_decrypt()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
index 4f62999cb3fd..358ea0d271c7 100644
--- a/secure/lib/libcrypto/man/CMS_encrypt.3
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_encrypt 3"
-.TH CMS_encrypt 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_encrypt 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR
+\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR
is a list of recipient certificates. \fBin\fR is the content to be encrypted.
\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
.SH "NOTES"
@@ -155,7 +159,7 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted.
Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this
function.
.PP
-\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
+\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
because most clients will support it.
.PP
The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
@@ -164,7 +168,7 @@ its parameters.
Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
envelopedData containing an S/MIME signed message. This can be readily produced
by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
-\&\fICMS_encrypt()\fR.
+\&\fBCMS_encrypt()\fR.
.PP
The following flags can be passed in the \fBflags\fR parameter.
.PP
@@ -191,7 +195,7 @@ finalization.
.PP
The data being encrypted is included in the CMS_ContentInfo structure, unless
\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
-practice and is not supported by \fISMIME_write_CMS()\fR.
+practice and is not supported by \fBSMIME_write_CMS()\fR.
.SH "NOTES"
.IX Header "NOTES"
If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
@@ -199,25 +203,25 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st
properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
results.
.PP
-Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
-\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR,
+\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_CMS()\fR.
+\&\fBBIO_new_CMS()\fR.
.PP
The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info
structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR
-and \fICMS_add0_recipient_key()\fR.
+and \fBCMS_add0_recipient_key()\fR.
.PP
The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients
-added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR.
+added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_decrypt()\fR was added to OpenSSL 0.9.8
The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
index 8a24886f6935..aa7e7aea5da4 100644
--- a/secure/lib/libcrypto/man/CMS_final.3
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_final 3"
-.TH CMS_final 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_final 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any
+\&\fBCMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any
operations necessary on \fBcms\fR (digest computation for example) and set the
appropriate fields. The parameter \fBdata\fR contains the content to be
processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after
@@ -160,11 +164,11 @@ should only be used when streaming is not performed because the streaming
I/O functions perform finalisation operations internally.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_final()\fR returns 1 for success or 0 for failure.
+\&\fBCMS_final()\fR returns 1 for success or 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_encrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_final()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_final()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index 714e74fb7dac..4d0f1f26ee60 100644
--- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_RecipientInfos 3"
-.TH CMS_get0_RecipientInfos 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_get0_RecipientInfos 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,27 +161,27 @@ CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_sig
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo
+The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo
structures associated with a \s-1CMS\s0 EnvelopedData structure.
.PP
-\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR.
+\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR.
It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE,
CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0
.PP
-\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient
+\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient
identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which
must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in
\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR.
.PP
-\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the
+\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the
CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0
It returns zero if the comparison is successful and non zero if not.
.PP
-\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with
+\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with
the CMS_RecipientInfo structure \fBri\fR, which must be of type
\&\s-1CMS_RECIPINFO_TRANS.\s0
.PP
-\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
+\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any
of the remaining parameters can be \s-1NULL\s0 if the application is not interested in
the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written
@@ -187,61 +191,61 @@ present is written to \fBpdate\fR, if the \fBother\fR field is present the compo
\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and
\&\fBpothertype\fR.
.PP
-\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
+\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR,
which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is
successful and non zero if not.
.PP
-\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
+\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type
\&\s-1CMS_RECIPINFO_KEK.\s0
.PP
-\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure
+\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure
\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure
first.
.PP
-\&\fICMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure
+\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure
\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure
first and the content encryption key must be available: for example by a
-previous call to \fICMS_RecipientInfo_decrypt()\fR.
+previous call to \fBCMS_RecipientInfo_decrypt()\fR.
.SH "NOTES"
.IX Header "NOTES"
The main purpose of these functions is to enable an application to lookup
recipient keys using any appropriate technique when the simpler method
-of \fICMS_decrypt()\fR is not appropriate.
+of \fBCMS_decrypt()\fR is not appropriate.
.PP
In typical usage and application will retrieve all CMS_RecipientInfo structures
-using \fICMS_get0_RecipientInfos()\fR and check the type of each using
-\&\fICMS_RecpientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure
+using \fBCMS_get0_RecipientInfos()\fR and check the type of each using
+\&\fBCMS_RecpientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure
can be ignored or its key identifier data retrieved using an appropriate
function. Then if the corresponding secret or private key can be obtained by
any appropriate means it can then associated with the structure and
-\&\fICMS_RecpientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called
+\&\fBCMS_RecpientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called
with a \s-1NULL\s0 key to decrypt the enveloped content.
.PP
-The \fICMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an
+The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an
existing enveloped data structure. Typically an application will first decrypt
an appropriate CMS_RecipientInfo structure to make the content encrypt key
available, it will then add a new recipient using a function such as
-\&\fICMS_add1_recipient_cert()\fR and finally encrypt the content encryption key
-using \fICMS_RecipientInfo_encrypt()\fR.
+\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key
+using \fBCMS_RecipientInfo_encrypt()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if
+\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if
an error occurs.
.PP
-\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR,
-\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and
-\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs.
-\&\fICMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs.
+\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR,
+\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and
+\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs.
+\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs.
.PP
-\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0
+\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0
for a successful comparison and non zero otherwise.
.PP
-Any error can be obtained from \fIERR_get_error\fR\|(3).
+Any error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
index 87a7f0b57cd2..54246bf10511 100644
--- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_SignerInfos 3"
-.TH CMS_get0_SignerInfos 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_get0_SignerInfos 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,59 +154,59 @@ CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signatu
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures
+The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures
associated with a \s-1CMS\s0 signedData structure.
.PP
-\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier
+\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier
associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the
keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number
in \fBissuer\fR and \fBsno\fR.
.PP
-\&\fICMS_SignerInfo_get0_signature()\fR retrieves the signature associated with
+\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with
\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned
corresponds to the internal signature value if \fBsi\fR so it may be read or
modified.
.PP
-\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer
+\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer
identifier \fBsi\fR. It returns zero if the comparison is successful and non zero
if not.
.PP
-\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to
+\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to
\&\fBsigner\fR.
.SH "NOTES"
.IX Header "NOTES"
The main purpose of these functions is to enable an application to lookup
signers certificates using any appropriate technique when the simpler method
-of \fICMS_verify()\fR is not appropriate.
+of \fBCMS_verify()\fR is not appropriate.
.PP
In typical usage and application will retrieve all CMS_SignerInfo structures
-using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using
+using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using
\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means
(or return and error if it cannot be found) and set it using
-\&\fICMS_SignerInfo_set1_signer_cert()\fR.
+\&\fBCMS_SignerInfo_set1_signer_cert()\fR.
.PP
-Once all signer certificates have been set \fICMS_verify()\fR can be used.
+Once all signer certificates have been set \fBCMS_verify()\fR can be used.
.PP
-Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if
+Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if
there are no signers this is not a problem in practice because the only
error which can occur is if the \fBcms\fR structure is not of type signedData
due to application error.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there
+\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there
are no signers or an error occurs.
.PP
-\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure.
+\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure.
.PP
-\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non
+\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non
zero otherwise.
.PP
-\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value.
+\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value.
.PP
-Any error can be obtained from \fIERR_get_error\fR\|(3)
+Any error can be obtained from \fBERR_get_error\fR\|(3)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
index 9b86e1338d4a..6b658497cf93 100644
--- a/secure/lib/libcrypto/man/CMS_get0_type.3
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_type 3"
-.TH CMS_get0_type 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_get0_type 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,29 +154,29 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as
+\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as
and \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the
CMS_ContentInfo structure based on this value.
.PP
-\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo
+\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo
structure. It should be called with \s-1CMS\s0 functions with the \fB\s-1CMS_PARTIAL\s0\fR
flag and \fBbefore\fR the structure is finalised, otherwise the results are
undefined.
.PP
-\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded
+\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded
content type.
.PP
-\&\fICMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer
+\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer
containing the embedded content.
.SH "NOTES"
.IX Header "NOTES"
-As the \fB0\fR implies \fICMS_get0_type()\fR, \fICMS_get0_eContentType()\fR and
-\&\fICMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up.
-\&\fICMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up
+As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and
+\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up.
+\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up
after use.
.PP
The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value
-using \fIOBJ_obj2nid()\fR. For the currently supported content types the following
+using \fBOBJ_obj2nid()\fR. For the currently supported content types the following
values are returned:
.PP
.Vb 6
@@ -184,7 +188,7 @@ values are returned:
\& NID_pkcs7_enveloped
.Ve
.PP
-The return value of \fICMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR
+The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR
content pointer. That means that for example:
.PP
.Vb 1
@@ -197,14 +201,14 @@ using this function. Applications usually will not need to modify the
embedded content as it is normally set by higher level functions.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure.
+\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure.
.PP
-\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The
-error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The
+error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_get0_type()\fR, \fICMS_set1_eContentType()\fR and \fICMS_get0_eContentType()\fR were all
+\&\fBCMS_get0_type()\fR, \fBCMS_set1_eContentType()\fR and \fBCMS_get0_eContentType()\fR were all
first added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
index 34b502984445..e62018f506e7 100644
--- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get1_ReceiptRequest 3"
-.TH CMS_get1_ReceiptRequest 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_get1_ReceiptRequest 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +154,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The
+\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The
\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set
to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0
the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of
@@ -158,13 +162,13 @@ the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBr
option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the
\&\fBreceiptsTo\fR field value.
.PP
-The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR
+The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR
to SignerInfo structure \fBsi\fR.
.PP
-int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if
+int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if
any is found it is decoded and written to \fBprr\fR.
.PP
-\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request.
+\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request.
The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR
option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR
otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR
@@ -175,24 +179,24 @@ For more details of the meaning of the fields see \s-1RFC2634.\s0
.PP
The contents of a signed receipt should only be considered meaningful if the
corresponding CMS_ContentInfo structure can be successfully verified using
-\&\fICMS_verify()\fR.
+\&\fBCMS_verify()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or
+\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or
\&\s-1NULL\s0 if an error occurred.
.PP
-\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred.
+\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred.
.PP
-\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and
+\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and
decoded. It returns 0 if a signed receipt request is not present and \-1 if
it is present but malformed.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3)
-\&\fICMS_verify_receipt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3)
+\&\fBCMS_verify_receipt\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_ReceiptRequest_create0()\fR, \fICMS_add1_ReceiptRequest()\fR,
-\&\fICMS_get1_ReceiptRequest()\fR and \fICMS_ReceiptRequest_get0_values()\fR were added to
+\&\fBCMS_ReceiptRequest_create0()\fR, \fBCMS_add1_ReceiptRequest()\fR,
+\&\fBCMS_get1_ReceiptRequest()\fR and \fBCMS_ReceiptRequest_get0_values()\fR were added to
OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
index 9922f49176e4..6c74f5dae251 100644
--- a/secure/lib/libcrypto/man/CMS_sign.3
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign 3"
-.TH CMS_sign 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_sign 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is
+\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is
the certificate to sign with, \fBpkey\fR is the corresponding private key.
\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0
structure (for example any intermediate CAs in the chain). Any or all of
@@ -213,10 +217,10 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st
properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
results.
.PP
-Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
-\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR,
+\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_CMS()\fR.
+\&\fBBIO_new_CMS()\fR.
.PP
If a signer is specified it will use the default digest for the signing
algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
@@ -224,26 +228,26 @@ algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is
output.
.PP
-The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be
+The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be
suitable for many purposes. For finer control of the output format the
\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the
\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the
-function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom
-attributes added. \fB\f(BICMS_final()\fB\fR must then be called to finalize the
+function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom
+attributes added. \fB\fBCMS_final()\fB\fR must then be called to finalize the
structure if streaming is not enabled.
.SH "BUGS"
.IX Header "BUGS"
Some attributes such as counter signatures are not supported.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_sign()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_sign()\fR was added to OpenSSL 0.9.8
.PP
The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8,
it is supported for embedded data in OpenSSL 1.0.0 and later.
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
index a71101b13791..248db1b518f1 100644
--- a/secure/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign_receipt 3"
-.TH CMS_sign_receipt 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_sign_receipt 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is
+\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is
the \fBCMS_SignerInfo\fR structure containing the signed receipt request.
\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding
private key. \fBcerts\fR is an optional additional set of certificates to include
@@ -156,19 +160,19 @@ in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain).
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
-This functions behaves in a similar way to \fICMS_sign()\fR except the flag values
+This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values
\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR
are not supported since they do not make sense in the context of signed
receipts.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if
-an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if
+an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fICMS_verify_receipt\fR\|(3),
-\&\fICMS_sign\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBCMS_verify_receipt\fR\|(3),
+\&\fBCMS_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_sign_receipt()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_sign_receipt()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
index 94ca7aa64032..d9d5a8400934 100644
--- a/secure/lib/libcrypto/man/CMS_uncompress.3
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_uncompress 3"
-.TH CMS_uncompress 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_uncompress 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0
+\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0
CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and
\&\fBflags\fR is an optional set of flags.
.PP
@@ -158,7 +162,7 @@ is detached. It will normally be set to \s-1NULL.\s0
The only currently supported compression algorithm is zlib: if the structure
indicates the use of any other algorithm an error is returned.
.PP
-If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always
+If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always
return an error.
.PP
The following flags can be passed in the \fBflags\fR parameter.
@@ -168,15 +172,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i
returned.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can
-be obtained from \fIERR_get_error\fR\|(3)
+\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can
+be obtained from \fBERR_get_error\fR\|(3)
.SH "BUGS"
.IX Header "BUGS"
The lack of single pass processing and the need to hold all data in memory as
-mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR.
+mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_uncompress()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_uncompress()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
index ed52dcc02a33..9e56831249b8 100644
--- a/secure/lib/libcrypto/man/CMS_verify.3
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify 3"
-.TH CMS_verify 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_verify 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@ CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo
+\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo
structure to verify. \fBcerts\fR is a set of certificates in which to search for
the signing certificate(s). \fBstore\fR is a trusted certificate store used for
chain verification. \fBindata\fR is the detached content if the content is not
@@ -156,8 +160,8 @@ present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.
\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
operation.
.PP
-\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must
-be called after a successful \fICMS_verify()\fR operation.
+\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must
+be called after a successful \fBCMS_verify()\fR operation.
.SH "VERIFY PROCESS"
.IX Header "VERIFY PROCESS"
Normally the verify process proceeds as follows.
@@ -229,12 +233,12 @@ signer it cannot be trusted without additional evidence (such as a trusted
timestamp).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error
+\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error
occurred.
.PP
-\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred.
+\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred.
.PP
-The error can be obtained from \fIERR_get_error\fR\|(3)
+The error can be obtained from \fBERR_get_error\fR\|(3)
.SH "BUGS"
.IX Header "BUGS"
The trusted certificate store is not searched for the signing certificate,
@@ -245,7 +249,7 @@ The lack of single pass processing means that the signed content must all
be held in memory if it is not detached.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_verify()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_verify()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
index cd983674826e..8911c991320f 100644
--- a/secure/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify_receipt 3"
-.TH CMS_verify_receipt 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CMS_verify_receipt 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed
+\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed
receipt to verify. \fBocms\fR is the original SignedData structure containing the
receipt request. \fBcerts\fR is a set of certificates in which to search for the
signing certificate. \fBstore\fR is a trusted certificate store (used for chain
@@ -157,20 +161,20 @@ verification).
operation.
.SH "NOTES"
.IX Header "NOTES"
-This functions behaves in a similar way to \fICMS_verify()\fR except the flag values
+This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values
\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not
supported since they do not make sense in the context of signed receipts.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an
+\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an
error occurred.
.PP
-The error can be obtained from \fIERR_get_error\fR\|(3)
+The error can be obtained from \fBERR_get_error\fR\|(3)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fICMS_sign_receipt\fR\|(3),
-\&\fICMS_verify\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBCMS_sign_receipt\fR\|(3),
+\&\fBCMS_verify\fR\|(3),
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICMS_verify_receipt()\fR was added to OpenSSL 0.9.8
+\&\fBCMS_verify_receipt()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index f3ae69fde747..9985d04f67cd 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CONF_modules_free 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,27 +154,27 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all
+\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all
configuration modules.
.PP
-\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler
+\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler
to free up any configuration that module may have performed.
.PP
-\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If
+\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If
\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If
\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded.
.SH "NOTES"
.IX Header "NOTES"
-Normally applications will only call \fICONF_modules_free()\fR at application to
+Normally applications will only call \fBCONF_modules_free()\fR at application to
tidy up any configuration performed.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
None of the functions return a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIconf\fR\|(5), \fIOPENSSL_config\fR\|(3),
-\&\fICONF_modules_load_file\fR\|(3)
+\&\fBconf\fR\|(5), \fBOPENSSL_config\fR\|(3),
+\&\fBCONF_modules_load_file\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICONF_modules_free()\fR, \fICONF_modules_unload()\fR, and \fICONF_modules_finish()\fR
+\&\fBCONF_modules_free()\fR, \fBCONF_modules_unload()\fR, and \fBCONF_modules_finish()\fR
first appeared in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index 61a8cf00e467..5bb5c6cc0dbd 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CONF_modules_load_file 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,13 +154,13 @@
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The function \fICONF_modules_load_file()\fR configures OpenSSL using file
+The function \fBCONF_modules_load_file()\fR configures OpenSSL using file
\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0
the standard OpenSSL configuration file is used. If \fBappname\fR is
\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used.
The behaviour can be cutomized using \fBflags\fR.
.PP
-\&\fICONF_modules_load()\fR is idential to \fICONF_modules_load_file()\fR except it
+\&\fBCONF_modules_load()\fR is idential to \fBCONF_modules_load_file()\fR except it
reads configuration information from \fBcnf\fR.
.SH "NOTES"
.IX Header "NOTES"
@@ -172,7 +176,7 @@ Normally any modules errors will add error information to the error queue. If
If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is
disabled.
.PP
-\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR
+\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR
ignore missing configuration files. Normally a missing configuration file
return an error.
.PP
@@ -180,12 +184,12 @@ return an error.
default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist.
.PP
Applications should call these functions after loading builtin modules using
-\&\fIOPENSSL_load_builtin_modules()\fR, any ENGINEs for example using
-\&\fIENGINE_load_builtin_engines()\fR, any algorithms for example
-\&\fIOPENSSL_add_all_algorithms()\fR and (if the application uses libssl)
-\&\fISSL_library_init()\fR.
+\&\fBOPENSSL_load_builtin_modules()\fR, any ENGINEs for example using
+\&\fBENGINE_load_builtin_engines()\fR, any algorithms for example
+\&\fBOPENSSL_add_all_algorithms()\fR and (if the application uses libssl)
+\&\fBSSL_library_init()\fR.
.PP
-By using \fICONF_modules_load_file()\fR with appropriate flags an application can
+By using \fBCONF_modules_load_file()\fR with appropriate flags an application can
customise application configuration to best suit its needs. In some cases the
use of a configuration file is optional and its absence is not an error: in
this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set.
@@ -195,7 +199,7 @@ applications. For example in some cases an error may simply print out a warning
message and the application continue. In other cases an application might
consider a configuration file error as fatal and exit immediately.
.PP
-Applications can use the \fICONF_modules_load()\fR function if they wish to load a
+Applications can use the \fBCONF_modules_load()\fR function if they wish to load a
configuration file themselves and have finer control over how errors are
treated.
.SH "EXAMPLES"
@@ -266,8 +270,8 @@ failure. If module errors are not ignored the return code will reflect the
return value of the failing module (this will always be zero or negative).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIconf\fR\|(5), \fIOPENSSL_config\fR\|(3),
-\&\fICONF_free\fR\|(3), \fIerr\fR\|(3)
+\&\fBconf\fR\|(5), \fBOPENSSL_config\fR\|(3),
+\&\fBCONF_free\fR\|(3), \fBerr\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
index 9fa783393e0b..7924eb7e0de5 100644
--- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,30 +156,30 @@ These functions are used internally by OpenSSL to manipulate application
specific data attached to a specific structure.
.PP
These functions should only be used by applications to manipulate
-\&\fB\s-1CRYPTO_EX_DATA\s0\fR structures passed to the \fB\f(BInew_func()\fB\fR, \fB\f(BIfree_func()\fB\fR and
-\&\fB\f(BIdup_func()\fB\fR callbacks: as passed to \fB\f(BIRSA_get_ex_new_index()\fB\fR for example.
+\&\fB\s-1CRYPTO_EX_DATA\s0\fR structures passed to the \fB\fBnew_func()\fB\fR, \fB\fBfree_func()\fB\fR and
+\&\fB\fBdup_func()\fB\fR callbacks: as passed to \fB\fBRSA_get_ex_new_index()\fB\fR for example.
.PP
-\&\fB\f(BICRYPTO_set_ex_data()\fB\fR is used to set application specific data, the data is
+\&\fB\fBCRYPTO_set_ex_data()\fB\fR is used to set application specific data, the data is
supplied in the \fBarg\fR parameter and its precise meaning is up to the
application.
.PP
-\&\fB\f(BICRYPTO_get_ex_data()\fB\fR is used to retrieve application specific data. The data
+\&\fB\fBCRYPTO_get_ex_data()\fB\fR is used to retrieve application specific data. The data
is returned to the application, this will be the same value as supplied to
-a previous \fB\f(BICRYPTO_set_ex_data()\fB\fR call.
+a previous \fB\fBCRYPTO_set_ex_data()\fB\fR call.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fB\f(BICRYPTO_set_ex_data()\fB\fR returns 1 on success or 0 on failure.
+\&\fB\fBCRYPTO_set_ex_data()\fB\fR returns 1 on success or 0 on failure.
.PP
-\&\fB\f(BICRYPTO_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also
+\&\fB\fBCRYPTO_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also
be valid application data but currently it can only fail if given an invalid \fBidx\fR
parameter.
.PP
-On failure an error code can be obtained from \fIERR_get_error\fR\|(3).
+On failure an error code can be obtained from \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIRSA_get_ex_new_index\fR\|(3),
-\&\fIDSA_get_ex_new_index\fR\|(3),
-\&\fIDH_get_ex_new_index\fR\|(3)
+\&\fBRSA_get_ex_new_index\fR\|(3),
+\&\fBDSA_get_ex_new_index\fR\|(3),
+\&\fBDH_get_ex_new_index\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fICRYPTO_set_ex_data()\fR and \fICRYPTO_get_ex_data()\fR have been available since SSLeay 0.9.0.
+\&\fBCRYPTO_set_ex_data()\fR and \fBCRYPTO_get_ex_data()\fR have been available since SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index d713790077d8..e8e1c766b31c 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DH_generate_key 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,32 +151,32 @@ DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key
+\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key
exchange by generating private and public \s-1DH\s0 values. By calling
-\&\fIDH_compute_key()\fR, these are combined with the other party's public
+\&\fBDH_compute_key()\fR, these are combined with the other party's public
value to compute the shared key.
.PP
-\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters
+\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters
\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value
unless \fBdh\->priv_key\fR is already set, and computes the
corresponding public value \fBdh\->pub_key\fR, which can then be
published.
.PP
-\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value
+\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value
in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores
it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise.
+\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise.
.PP
-\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1
+\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1
on error.
.PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIDH_size\fR\|(3)
+\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), \fBDH_size\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
+\&\fBDH_generate_key()\fR and \fBDH_compute_key()\fR are available in all versions
of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index 7156bbe640ad..b4e26cc956e9 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DH_generate_parameters 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,22 +159,22 @@ Deprecated:
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can
+\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can
be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR
structure. The pseudo-random number generator must be
-seeded prior to calling \fIDH_generate_parameters()\fR.
+seeded prior to calling \fBDH_generate_parameters()\fR.
.PP
\&\fBprime_len\fR is the length in bits of the safe prime to be generated.
\&\fBgenerator\fR is a small number > 1, typically 2 or 5.
.PP
A callback function may be used to provide feedback about the progress
of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be
-called as described in \fIBN_generate_prime\fR\|(3) while a random prime
+called as described in \fBBN_generate_prime\fR\|(3) while a random prime
number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR
-is called. See \fIBN_generate_prime\fR\|(3) for information on
-the \fIBN_GENCB_call()\fR function.
+is called. See \fBBN_generate_prime\fR\|(3) for information on
+the \fBBN_GENCB_call()\fR function.
.PP
-\&\fIDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is
+\&\fBDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is
a safe prime, and that \fBg\fR is a suitable generator. In the case of an
error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or
\&\s-1DH_NOT_SUITABLE_GENERATOR\s0 are set in \fB*codes\fR.
@@ -178,19 +182,19 @@ error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or
checked, i.e. it does not equal 2 or 5.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIDH_generate_parameters_ex()\fR and \fIDH_check()\fR return 1 if the check could be
+\&\fBDH_generate_parameters_ex()\fR and \fBDH_check()\fR return 1 if the check could be
performed, 0 otherwise.
.PP
-\&\fIDH_generate_parameters()\fR (deprecated) returns a pointer to the \s-1DH\s0 structure, or
+\&\fBDH_generate_parameters()\fR (deprecated) returns a pointer to the \s-1DH\s0 structure, or
\&\s-1NULL\s0 if the parameter generation fails.
.PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
-\&\fIDH_generate_parameters_ex()\fR and \fIDH_generate_parameters()\fR may run for several
+\&\fBDH_generate_parameters_ex()\fR and \fBDH_generate_parameters()\fR may run for several
hours before finding a suitable prime.
.PP
-The parameters generated by \fIDH_generate_parameters_ex()\fR and \fIDH_generate_parameters()\fR
+The parameters generated by \fBDH_generate_parameters_ex()\fR and \fBDH_generate_parameters()\fR
are not to be used in signature schemes.
.SH "BUGS"
.IX Header "BUGS"
@@ -198,12 +202,12 @@ If \fBgenerator\fR is not 2 or 5, \fBdh\->g\fR=\fBgenerator\fR is not
a usable generator.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
-\&\fIDH_free\fR\|(3)
+\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
+\&\fBDH_free\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.
-The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0.
+\&\fBDH_check()\fR is available in all versions of SSLeay and OpenSSL.
+The \fBcb_arg\fR argument to \fBDH_generate_parameters()\fR was added in SSLeay 0.9.0.
.PP
In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used
instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
index 9ea13d78f8ae..b3bfedcebdad 100644
--- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,12 +158,12 @@ DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific
.IX Header "DESCRIPTION"
These functions handle application specific data in \s-1DH\s0
structures. Their usage is identical to that of
-\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR
-as described in \fIRSA_get_ex_new_index\fR\|(3).
+\&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR and \fBRSA_get_ex_data()\fR
+as described in \fBRSA_get_ex_new_index\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIRSA_get_ex_new_index\fR\|(3), \fIdh\fR\|(3)
+\&\fBRSA_get_ex_new_index\fR\|(3), \fBdh\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDH_get_ex_new_index()\fR, \fIDH_set_ex_data()\fR and \fIDH_get_ex_data()\fR are
+\&\fBDH_get_ex_new_index()\fR, \fBDH_set_ex_data()\fR and \fBDH_get_ex_data()\fR are
available since OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index ea9297ecb929..6d967b7482c4 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_new 3"
-.TH DH_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DH_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,22 +151,22 @@ DH_new, DH_free \- allocate and free DH objects
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure.
+\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure.
.PP
-\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are
+\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are
erased before the memory is returned to the system.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns
+If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns
a pointer to the newly allocated structure.
.PP
-\&\fIDH_free()\fR returns no value.
+\&\fBDH_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIDH_generate_parameters\fR\|(3),
-\&\fIDH_generate_key\fR\|(3)
+\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBDH_generate_parameters\fR\|(3),
+\&\fBDH_generate_key\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL.
+\&\fBDH_new()\fR and \fBDH_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index fa3a188722e9..3cf27afef493 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DH_set_method 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,17 +166,17 @@ important information about how these \s-1DH API\s0 functions are affected by th
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
-returned by \fIDH_OpenSSL()\fR.
+returned by \fBDH_OpenSSL()\fR.
.PP
-\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
+\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
as a default for \s-1DH,\s0 so this function is no longer recommended.
.PP
-\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0
+\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0
However, the meaningfulness of this result is dependent on whether the \s-1ENGINE
API\s0 is being used, so this function is no longer recommended.
.PP
-\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
+\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method
was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the
change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0
@@ -180,10 +184,10 @@ implementations (eg. from an \s-1ENGINE\s0 module that supports embedded
hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0
for the key can have unexpected results.
.PP
-\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
+\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0
operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by
-\&\fIDH_set_default_method()\fR is used.
+\&\fBDH_set_default_method()\fR is used.
.SH "THE DH_METHOD STRUCTURE"
.IX Header "THE DH_METHOD STRUCTURE"
.Vb 4
@@ -217,17 +221,17 @@ operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective
+\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective
\&\fB\s-1DH_METHOD\s0\fRs.
.PP
-\&\fIDH_set_default_method()\fR returns no value.
+\&\fBDH_set_default_method()\fR returns no value.
.PP
-\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
+\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous
method was supplied by an \s-1ENGINE\s0).
.PP
-\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by
-\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it
+\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by
+\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it
returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
@@ -235,20 +239,20 @@ As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function,
that will override any \s-1DH\s0 defaults set using the \s-1DH API\s0 (ie.
-\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
+\&\fBDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DH\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdh\fR\|(3), \fIDH_new\fR\|(3)
+\&\fBdh\fR\|(3), \fBDH_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR,
-\&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4.
+\&\fBDH_set_default_method()\fR, \fBDH_get_default_method()\fR, \fBDH_set_method()\fR,
+\&\fBDH_new_method()\fR and \fBDH_OpenSSL()\fR were added in OpenSSL 0.9.4.
.PP
-\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced
-\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and
-\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
+\&\fBDH_set_default_openssl_method()\fR and \fBDH_get_default_openssl_method()\fR replaced
+\&\fBDH_set_default_method()\fR and \fBDH_get_default_method()\fR respectively, and
+\&\fBDH_set_method()\fR and \fBDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index bb20ee0319ce..ccb8d7ca7708 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_size 3"
-.TH DH_size 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DH_size 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +151,7 @@ DH_size \- get Diffie\-Hellman prime size
.IX Header "DESCRIPTION"
This function returns the Diffie-Hellman size in bytes. It can be used
to determine how much memory must be allocated for the shared secret
-computed by \fIDH_compute_key()\fR.
+computed by \fBDH_compute_key()\fR.
.PP
\&\fBdh\->p\fR must not be \fB\s-1NULL\s0\fR.
.SH "RETURN VALUE"
@@ -155,7 +159,7 @@ computed by \fIDH_compute_key()\fR.
The size in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdh\fR\|(3), \fIDH_generate_key\fR\|(3)
+\&\fBdh\fR\|(3), \fBDH_generate_key\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDH_size()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBDH_size()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 8b148b31085f..6a2e19093137 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_SIG_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,22 +151,22 @@ DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure.
+\&\fBDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure.
.PP
-\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The
+\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The
values are erased before the memory is returned to the system.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an
+If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an
error code that can be obtained by
-\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
+\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer
to the newly allocated structure.
.PP
-\&\fIDSA_SIG_free()\fR returns no value.
+\&\fBDSA_SIG_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIDSA_do_sign\fR\|(3)
+\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBDSA_do_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
+\&\fBDSA_SIG_new()\fR and \fBDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index 6c85d28f889f..b9b90c4571d0 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_do_sign 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,28 +152,28 @@ DSA_do_sign, DSA_do_verify \- raw DSA signature operations
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message
+\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message
digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a
newly allocated \fB\s-1DSA_SIG\s0\fR structure.
.PP
-\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part
+\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part
of the signing operation for each signature in case signature generation
is time-critical.
.PP
-\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
+\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public
key.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR
+\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR
returns 1 for a valid signature, 0 for an incorrect signature and \-1
on error. The error codes can be obtained by
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
-\&\fIDSA_SIG_new\fR\|(3),
-\&\fIDSA_sign\fR\|(3)
+\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
+\&\fBDSA_SIG_new\fR\|(3),
+\&\fBDSA_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_do_sign()\fR and \fIDSA_do_verify()\fR were added in OpenSSL 0.9.3.
+\&\fBDSA_do_sign()\fR and \fBDSA_do_verify()\fR were added in OpenSSL 0.9.3.
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index bacaec1be9b2..a377d32256d6 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_dup_DH 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,19 +149,19 @@ DSA_dup_DH \- create a DH structure out of DSA structure
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q
+\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q
is lost during that conversion, but the resulting \s-1DH\s0 parameters
contain its length.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
-\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The
-error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The
+error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "NOTE"
.IX Header "NOTE"
Be careful to avoid small subgroup attacks when using this.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIERR_get_error\fR\|(3)
+\&\fBdh\fR\|(3), \fBdsa\fR\|(3), \fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
+\&\fBDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index 1f5328b46239..e1ddf6ecd94d 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_generate_key 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,18 +149,18 @@ DSA_generate_key \- generate DSA key pair
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates
+\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates
a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR.
.PP
-The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR.
+The \s-1PRNG\s0 must be seeded prior to calling \fBDSA_generate_key()\fR.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
-\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise.
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
-\&\fIDSA_generate_parameters\fR\|(3)
+\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
+\&\fBDSA_generate_parameters\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
+\&\fBDSA_generate_key()\fR is available since SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index c40a5760eb44..5d3a2fa7554b 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_generate_parameters 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +159,7 @@ Deprecated:
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g
+\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g
for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR.
.PP
\&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a
@@ -166,7 +170,7 @@ generated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new random
seed is chosen.
.PP
-\&\fIDSA_generate_parameters_ex()\fR places the iteration count in
+\&\fBDSA_generate_parameters_ex()\fR places the iteration count in
*\fBcounter_ret\fR and a counter used for finding a generator in
*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR.
.PP
@@ -174,7 +178,7 @@ A callback function may be used to provide feedback about the progress
of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be
called as shown below. For information on the \s-1BN_GENCB\s0 structure and the
BN_GENCB_call function discussed below, refer to
-\&\fIBN_generate_prime\fR\|(3).
+\&\fBBN_generate_prime\fR\|(3).
.IP "\(bu" 4
When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called
(m is 0 for the first candidate).
@@ -203,31 +207,31 @@ When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called.
.IP "\(bu" 4
When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called.
.PP
-\&\fIDSA_generate_parameters()\fR (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no \fBdsa\fR parameter is passed and
+\&\fBDSA_generate_parameters()\fR (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no \fBdsa\fR parameter is passed and
instead a newly allocated \fB\s-1DSA\s0\fR structure is returned. Additionally \*(L"old
style\*(R" callbacks are used instead of the newer \s-1BN_GENCB\s0 based approach.
-Refer to \fIBN_generate_prime\fR\|(3) for further information.
+Refer to \fBBN_generate_prime\fR\|(3) for further information.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
-\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise.
+\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise.
.PP
-\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or
+\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or
\&\fB\s-1NULL\s0\fR if the parameter generation fails.
.PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH "BUGS"
.IX Header "BUGS"
Seed lengths > 20 are not supported.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
-\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3)
+\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
+\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR
+\&\fBDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR
argument was added in SSLeay 0.9.0.
In versions up to OpenSSL 0.9.4, \fBcallback(1, ...)\fR was called
in the inner loop of the Miller-Rabin test whenever it reached the
squaring step (the parameters to \fBcallback\fR did not reveal how many
witnesses had been tested); since OpenSSL 0.9.5, \fBcallback(1, ...)\fR
-is called as in \fIBN_is_prime\fR\|(3), i.e. once for each witness.
+is called as in \fBBN_is_prime\fR\|(3), i.e. once for each witness.
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
index 58d56667ba73..f74bc127618a 100644
--- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,12 +158,12 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specif
.IX Header "DESCRIPTION"
These functions handle application specific data in \s-1DSA\s0
structures. Their usage is identical to that of
-\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR
-as described in \fIRSA_get_ex_new_index\fR\|(3).
+\&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR and \fBRSA_get_ex_data()\fR
+as described in \fBRSA_get_ex_new_index\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIRSA_get_ex_new_index\fR\|(3), \fIdsa\fR\|(3)
+\&\fBRSA_get_ex_new_index\fR\|(3), \fBdsa\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_get_ex_new_index()\fR, \fIDSA_set_ex_data()\fR and \fIDSA_get_ex_data()\fR are
+\&\fBDSA_get_ex_new_index()\fR, \fBDSA_set_ex_data()\fR and \fBDSA_get_ex_data()\fR are
available since OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index 3a04d4dc6f40..70038587e300 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_new 3"
-.TH DSA_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,24 +151,24 @@ DSA_new, DSA_free \- allocate and free DSA objects
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
+\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
calling DSA_new_method(\s-1NULL\s0).
.PP
-\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
+\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
erased before the memory is returned to the system.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
code that can be obtained by
-\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
+\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer
to the newly allocated structure.
.PP
-\&\fIDSA_free()\fR returns no value.
+\&\fBDSA_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIDSA_generate_parameters\fR\|(3),
-\&\fIDSA_generate_key\fR\|(3)
+\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBDSA_generate_parameters\fR\|(3),
+\&\fBDSA_generate_key\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_new()\fR and \fIDSA_free()\fR are available in all versions of SSLeay and OpenSSL.
+\&\fBDSA_new()\fR and \fBDSA_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index 067a57c1b162..92baeb730b0f 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_set_method 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,18 +166,18 @@ important information about how these \s-1DSA API\s0 functions are affected by t
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,
-as returned by \fIDSA_OpenSSL()\fR.
+as returned by \fBDSA_OpenSSL()\fR.
.PP
-\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
+\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
been set as a default for \s-1DSA,\s0 so this function is no longer recommended.
.PP
-\&\fIDSA_get_default_method()\fR returns a pointer to the current default
+\&\fBDSA_get_default_method()\fR returns a pointer to the current default
\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP
-\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
+\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the
previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
be released during the change. It is possible to have \s-1DSA\s0 keys that only
@@ -182,10 +186,10 @@ that supports embedded hardware-protected keys), and in such cases
attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected
results.
.PP
-\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
+\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine
for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0
-controlled by \fIDSA_set_default_method()\fR is used.
+controlled by \fBDSA_set_default_method()\fR is used.
.SH "THE DSA_METHOD STRUCTURE"
.IX Header "THE DSA_METHOD STRUCTURE"
struct
@@ -231,17 +235,17 @@ struct
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective
+\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective
\&\fB\s-1DSA_METHOD\s0\fRs.
.PP
-\&\fIDSA_set_default_method()\fR returns no value.
+\&\fBDSA_set_default_method()\fR returns no value.
.PP
-\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
+\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous
method was supplied by an \s-1ENGINE\s0).
.PP
-\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be
-obtained by \fIERR_get_error\fR\|(3) if the allocation
+\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be
+obtained by \fBERR_get_error\fR\|(3) if the allocation
fails. Otherwise it returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
@@ -249,20 +253,20 @@ As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function,
that will override any \s-1DSA\s0 defaults set using the \s-1DSA API\s0 (ie.
-\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
+\&\fBDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DSA\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIDSA_new\fR\|(3)
+\&\fBdsa\fR\|(3), \fBDSA_new\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR,
-\&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4.
+\&\fBDSA_set_default_method()\fR, \fBDSA_get_default_method()\fR, \fBDSA_set_method()\fR,
+\&\fBDSA_new_method()\fR and \fBDSA_OpenSSL()\fR were added in OpenSSL 0.9.4.
.PP
-\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced
-\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and
-\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
+\&\fBDSA_set_default_openssl_method()\fR and \fBDSA_get_default_openssl_method()\fR replaced
+\&\fBDSA_set_default_method()\fR and \fBDSA_get_default_method()\fR respectively, and
+\&\fBDSA_set_method()\fR and \fBDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index bef97e6a4bf1..77cabf890377 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_sign 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,46 +156,46 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
+\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0
encoding at \fBsigret\fR. The length of the signature is places in
*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory.
.PP
-\&\fIDSA_sign_setup()\fR may be used to precompute part of the signing
+\&\fBDSA_sign_setup()\fR may be used to precompute part of the signing
operation in case signature generation is time-critical. It expects
\&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values
in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing
the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may
-be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
+be passed to \fBDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0
-The precomputed values from \fIDSA_sign_setup()\fR \fB\s-1MUST NOT\s0 be used\fR for
+The precomputed values from \fBDSA_sign_setup()\fR \fB\s-1MUST NOT\s0 be used\fR for
more than one signature: using the same \fBdsa\->kinv\fR and
\&\fBdsa\->r\fR pair twice under the same private key on different
plaintexts will result in permanently exposing the \s-1DSA\s0 private key.
.PP
-\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
+\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
matches a given message digest \fBdgst\fR of size \fBlen\fR.
\&\fBdsa\fR is the signer's public key.
.PP
The \fBtype\fR parameter is ignored.
.PP
-The \s-1PRNG\s0 must be seeded before \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR)
+The \s-1PRNG\s0 must be seeded before \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR)
is called.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error.
-\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect
+\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error.
+\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect
signature and \-1 on error. The error codes can be obtained by
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature
Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
-\&\fIDSA_do_sign\fR\|(3)
+\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
+\&\fBDSA_do_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_sign()\fR and \fIDSA_verify()\fR are available in all versions of SSLeay.
-\&\fIDSA_sign_setup()\fR was added in SSLeay 0.8.
+\&\fBDSA_sign()\fR and \fBDSA_verify()\fR are available in all versions of SSLeay.
+\&\fBDSA_sign_setup()\fR was added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index 564a2fed0e79..9d4e3364f665 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_size 3"
-.TH DSA_size 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH DSA_size 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +159,7 @@ for a \s-1DSA\s0 signature.
The size in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(3), \fIDSA_sign\fR\|(3)
+\&\fBdsa\fR\|(3), \fBDSA_sign\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIDSA_size()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBDSA_size()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
index 71508b2eaaf1..f2eb32c8b84a 100644
--- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3
+++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GFp_simple_method 3"
-.TH EC_GFp_simple_method 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EC_GFp_simple_method 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +159,7 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The Elliptic Curve library provides a number of different implementations through a single common interface.
-When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an
+When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an
implementation method must be provided. The functions described here all return a const pointer to an
\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation
type for the form of curve selected is used.
@@ -164,9 +168,9 @@ For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_meth
.PP
For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All
other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the
-use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method
+use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method
offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through
-EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)).
+EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)).
.PP
The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit
optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these
@@ -183,7 +187,7 @@ All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to
EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fId2i_ECPKParameters\fR\|(3),
-\&\fIBN_mod_mul_montgomery\fR\|(3)
+\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBd2i_ECPKParameters\fR\|(3),
+\&\fBBN_mod_mul_montgomery\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3
index 539e1e72edce..ad8dd1fb834c 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_copy.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_copy 3"
-.TH EC_GROUP_copy 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EC_GROUP_copy 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -199,7 +203,7 @@ The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided
with the respective order and cofactors for the \fBgroup\fR.
.PP
The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively
-(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name
+(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name
will return 0.
.PP
The asn1_flag value on a curve is used to determine whether there is a specific \s-1ASN1 OID\s0 to describe the curve or not.
@@ -299,6 +303,6 @@ EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasi
trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3
index 498a7f36b949..0aacf217ba37 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_new.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_new 3"
-.TH EC_GROUP_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EC_GROUP_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,7 +178,7 @@ Operations in a binary field are performed relative to an \fBirreducible polynom
use a trinomial or a pentanomial for this parameter.
.PP
A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see
-\&\fIEC_GFp_simple_method\fR\|(3)). It is then necessary to call either EC_GROUP_set_curve_GFp or
+\&\fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call either EC_GROUP_set_curve_GFp or
EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively.
.PP
EC_GROUP_set_curve_GFp sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR for a curve over Fp stored in \fBgroup\fR.
@@ -221,6 +225,6 @@ EC_get_builtin_curves returns the number of builtin curves that are available.
EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3
index 7cdf1a582675..ed82051be558 100644
--- a/secure/lib/libcrypto/man/EC_KEY_new.3
+++ b/secure/lib/libcrypto/man/EC_KEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC_KEY_new 3"
-.TH EC_KEY_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EC_KEY_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,7 +179,7 @@ An \s-1EC_KEY\s0 represents a public key and (optionaly) an associated private k
The reference count for the newly created \s-1EC_KEY\s0 is initially set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling
EC_KEY_set_group.
.PP
-Alternatively a new \s-1EC_KEY\s0 can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to \fIEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to EC_KEY_new and
+Alternatively a new \s-1EC_KEY\s0 can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to \fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to EC_KEY_new and
EC_GROUP_new_by_curve_name.
.PP
Calling EC_KEY_free decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated
@@ -201,16 +205,16 @@ on the key to confirm that it is valid.
The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the \s-1EC_GROUP\s0 object, the private key and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively.
.PP
The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the \fBkey\fR. For a description
-of point_conversion_forms please refer to \fIEC_POINT_new\fR\|(3).
+of point_conversion_forms please refer to \fBEC_POINT_new\fR\|(3).
.PP
EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitrary additional data specific to the
elliptic curve scheme being used with the \s-1EC_KEY\s0 object. This data is treated as a \*(L"black box\*(R" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the \fBdata\fR parameter, which must have associated functions for duplicating, freeing and \*(L"clear_freeing\*(R" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and \*(L"clear_freeing\*(R" the data item must be provided again, and they must be the same as they were when the data item was inserted.
.PP
EC_KEY_set_flags sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The currently defined standard flags are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH\s0 and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this \s-1EC_KEY.\s0 EC_KEY_clear_flags clears the flags indicated by the \fBflags\fR parameter. All other flags are left in their existing state.
.PP
-EC_KEY_set_asn1_flag sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object (if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the asn1_flag.
+EC_KEY_set_asn1_flag sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object (if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the asn1_flag.
.PP
-EC_KEY_precompute_mult stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fIEC_POINT_add\fR\|(3).
+EC_KEY_precompute_mult stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
EC_KEY_new, EC_KEY_new_by_curve_name and EC_KEY_dup return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error.
@@ -228,8 +232,8 @@ EC_KEY_get0_private_key returns the private key associated with the \s-1EC_KEY.\
EC_KEY_get_conv_form return the point_conversion_form for the \s-1EC_KEY.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3),
-\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3),
-\&\fIEC_POINT_add\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3),
-\&\fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3),
+\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3),
+\&\fBEC_POINT_add\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3),
+\&\fBd2i_ECPKParameters\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3
index 21d20fee3ac9..0387dda0a3fd 100644
--- a/secure/lib/libcrypto/man/EC_POINT_add.3
+++ b/secure/lib/libcrypto/man/EC_POINT_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_add 3"
-.TH EC_POINT_add 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EC_POINT_add 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +182,7 @@ EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR
\&\fBn\fR may be \s-1NULL.\s0
.PP
The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst
-EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information
+EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information
about the generator.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
@@ -194,6 +198,6 @@ EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on err
EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3
index f4a49e34fba1..5ccc13be97d7 100644
--- a/secure/lib/libcrypto/man/EC_POINT_new.3
+++ b/secure/lib/libcrypto/man/EC_POINT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_new 3"
-.TH EC_POINT_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EC_POINT_new 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -228,7 +232,7 @@ The function EC_POINT_point2oct must be supplied with a buffer long enough to st
octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will still return the required buffer length.
.PP
The function EC_POINT_point2hex will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free
-this memory with a subsequent call to \fIOPENSSL_free()\fR.
+this memory with a subsequent call to \fBOPENSSL_free()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
EC_POINT_new and EC_POINT_dup return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 on error.
@@ -251,6 +255,6 @@ EC_POINT_point2hex returns a pointer to the hex string, or \s-1NULL\s0 on error.
EC_POINT_hex2point returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index 656272add4e8..a573bf5b8903 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_GET_LIB 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,9 +154,9 @@ reason code
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The error code returned by \fIERR_get_error()\fR consists of a library
-number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR
-and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these.
+The error code returned by \fBERR_get_error()\fR consists of a library
+number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR
+and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these.
.PP
The library number and function code describe where the error
occurred, the reason code is the information about what went wrong.
@@ -166,14 +170,14 @@ reasons.
unique. However, when checking for sub-library specific reason codes,
be sure to also compare the library number.
.PP
-\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are macros.
+\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The library number, function code and reason code respectively.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in
+\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in
all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index 670d562b4ef3..59913b020c4f 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_clear_error 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,13 +149,13 @@ ERR_clear_error \- clear the error queue
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_clear_error()\fR empties the current thread's error queue.
+\&\fBERR_clear_error()\fR empties the current thread's error queue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIERR_clear_error()\fR has no return value.
+\&\fBERR_clear_error()\fR has no return value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_get_error\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index ad7dd8376ec9..5de76e643e5d 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_error_string 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,14 +156,14 @@ error message
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_error_string()\fR generates a human-readable string representing the
+\&\fBERR_error_string()\fR generates a human-readable string representing the
error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 120
bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a
static buffer.
-\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes
+\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes
at most \fIlen\fR characters (including the terminating 0)
and truncates the string if necessary.
-For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR.
+For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR.
.PP
The string will have the following format:
.PP
@@ -170,34 +174,34 @@ The string will have the following format:
\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR,
\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text.
.PP
-\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
-\&\fIERR_reason_error_string()\fR return the library name, function
+\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and
+\&\fBERR_reason_error_string()\fR return the library name, function
name and reason string respectively.
.PP
The OpenSSL error strings should be loaded by calling
-\&\fIERR_load_crypto_strings\fR\|(3) or, for \s-1SSL\s0
-applications, \fISSL_load_error_strings\fR\|(3)
+\&\fBERR_load_crypto_strings\fR\|(3) or, for \s-1SSL\s0
+applications, \fBSSL_load_error_strings\fR\|(3)
first.
If there is no text string registered for the given error code,
the error string will contain the numeric code.
.PP
-\&\fIERR_print_errors\fR\|(3) can be used to print
+\&\fBERR_print_errors\fR\|(3) can be used to print
all error codes currently in the queue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the
+\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the
string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise.
.PP
-\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
-\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if
+\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and
+\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if
none is registered for the error code.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIERR_load_crypto_strings\fR\|(3),
-\&\fISSL_load_error_strings\fR\|(3)
-\&\fIERR_print_errors\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBERR_load_crypto_strings\fR\|(3),
+\&\fBSSL_load_error_strings\fR\|(3)
+\&\fBERR_print_errors\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_error_string()\fR is available in all versions of SSLeay and OpenSSL.
-\&\fIERR_error_string_n()\fR was added in OpenSSL 0.9.6.
+\&\fBERR_error_string()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBERR_error_string_n()\fR was added in OpenSSL 0.9.6.
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index 9c6d217825d2..29a5fb7ea64a 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_get_error 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,47 +165,47 @@ ERR_peek_last_error_line_data \- obtain error code and data
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_get_error()\fR returns the earliest error code from the thread's error
+\&\fBERR_get_error()\fR returns the earliest error code from the thread's error
queue and removes the entry. This function can be called repeatedly
until there are no more error codes to return.
.PP
-\&\fIERR_peek_error()\fR returns the earliest error code from the thread's
+\&\fBERR_peek_error()\fR returns the earliest error code from the thread's
error queue without modifying it.
.PP
-\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's
+\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's
error queue without modifying it.
.PP
-See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining information about
+See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about
location and reason of the error, and
-\&\fIERR_error_string\fR\|(3) for human-readable error
+\&\fBERR_error_string\fR\|(3) for human-readable error
messages.
.PP
-\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and
-\&\fIERR_peek_last_error_line()\fR are the same as the above, but they
+\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and
+\&\fBERR_peek_last_error_line()\fR are the same as the above, but they
additionally store the file name and line number where
the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR.
.PP
-\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and
-\&\fIERR_peek_last_error_line_data()\fR store additional data and flags
+\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and
+\&\fBERR_peek_last_error_line_data()\fR store additional data and flags
associated with the error code in *\fBdata\fR
and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string
if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true.
.PP
An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
-returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled
+returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled
automatically by the error library.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The error code, or 0 if there is no error in the queue.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3),
-\&\s-1\fIERR_GET_LIB\s0\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_error_string\fR\|(3),
+\&\s-1\fBERR_GET_LIB\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_get_error()\fR, \fIERR_peek_error()\fR, \fIERR_get_error_line()\fR and
-\&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and
-OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR
+\&\fBERR_get_error()\fR, \fBERR_peek_error()\fR, \fBERR_get_error_line()\fR and
+\&\fBERR_peek_error_line()\fR are available in all versions of SSLeay and
+OpenSSL. \fBERR_get_error_line_data()\fR and \fBERR_peek_error_line_data()\fR
were added in SSLeay 0.9.0.
-\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and
-\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7.
+\&\fBERR_peek_last_error()\fR, \fBERR_peek_last_error_line()\fR and
+\&\fBERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index e37bdf0e3f9a..fabf1cc497fd 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,24 +155,24 @@ load and free error strings
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_load_crypto_strings()\fR registers the error strings for all
-\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same,
+\&\fBERR_load_crypto_strings()\fR registers the error strings for all
+\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same,
but also registers the \fBlibssl\fR error strings.
.PP
One of these functions should be called before generating
textual error messages. However, this is not required when memory
usage is an issue.
.PP
-\&\fIERR_free_strings()\fR frees all previously loaded error strings.
+\&\fBERR_free_strings()\fR frees all previously loaded error strings.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and
-\&\fIERR_free_strings()\fR return no values.
+\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and
+\&\fBERR_free_strings()\fR return no values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_error_string\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_load_error_strings()\fR, \fISSL_load_error_strings()\fR and
-\&\fIERR_free_strings()\fR are available in all versions of SSLeay and
+\&\fBERR_load_error_strings()\fR, \fBSSL_load_error_strings()\fR and
+\&\fBERR_free_strings()\fR are available in all versions of SSLeay and
OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 5a5d9fcb57e0..644095d1f58d 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_load_strings 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +154,7 @@ arbitrary error strings
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR.
+\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR.
.PP
\&\fBstr\fR is an array of error string data:
.PP
@@ -164,21 +168,21 @@ arbitrary error strings
.PP
The error code is generated from the library number and a function and
reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR).
-\&\s-1\fIERR_PACK\s0()\fR is a macro.
+\&\s-1\fBERR_PACK\s0()\fR is a macro.
.PP
The last entry in the array is {0,0}.
.PP
-\&\fIERR_get_next_error_library()\fR can be used to assign library numbers
+\&\fBERR_get_next_error_library()\fR can be used to assign library numbers
to user libraries at runtime.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
-\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code.
-\&\fIERR_get_next_error_library()\fR returns a new library number.
+\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code.
+\&\fBERR_get_next_error_library()\fR returns a new library number.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_load_strings\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_load_error_strings()\fR and \s-1\fIERR_PACK\s0()\fR are available in all versions
-of SSLeay and OpenSSL. \fIERR_get_next_error_library()\fR was added in
+\&\fBERR_load_error_strings()\fR and \s-1\fBERR_PACK\s0()\fR are available in all versions
+of SSLeay and OpenSSL. \fBERR_get_next_error_library()\fR was added in
SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index eadfbfeef282..c6aef538699a 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_print_errors 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,11 +150,11 @@ ERR_print_errors, ERR_print_errors_fp \- print error messages
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_print_errors()\fR is a convenience function that prints the error
+\&\fBERR_print_errors()\fR is a convenience function that prints the error
strings for all errors that OpenSSL has recorded to \fBbp\fR, thus
emptying the error queue.
.PP
-\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a
+\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a
\&\fB\s-1FILE\s0\fR.
.PP
The error strings will have the following format:
@@ -167,14 +171,14 @@ If there is no text string registered for the given error code,
the error string will contain the numeric code.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values.
+\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIERR_load_crypto_strings\fR\|(3),
-\&\fISSL_load_error_strings\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_error_string\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBERR_load_crypto_strings\fR\|(3),
+\&\fBSSL_load_error_strings\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR
+\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR
are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index 354c6ea6504c..8c49584da4b6 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_put_error 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,25 +152,25 @@ ERR_put_error, ERR_add_error_data \- record an error
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It
+\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It
signals that the error of reason code \fBreason\fR occurred in function
\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR.
This function is usually called by a macro.
.PP
-\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string
+\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string
arguments with the error code added last.
.PP
-\&\fIERR_load_strings\fR\|(3) can be used to register
+\&\fBERR_load_strings\fR\|(3) can be used to register
error strings so that the application can a generate human-readable
error messages for the error code.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return
+\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return
no values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3)
+\&\fBerr\fR\|(3), \fBERR_load_strings\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_put_error()\fR is available in all versions of SSLeay and OpenSSL.
-\&\fIERR_add_error_data()\fR was added in SSLeay 0.9.0.
+\&\fBERR_put_error()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fBERR_add_error_data()\fR was added in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index 12730d652ffd..9cadca591ea8 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_remove_state 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +155,7 @@ Deprecated:
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_remove_thread_state()\fR frees the error queue associated with thread \fBtid\fR.
+\&\fBERR_remove_thread_state()\fR frees the error queue associated with thread \fBtid\fR.
If \fBtid\fR == \fB\s-1NULL\s0\fR, the current thread will have its error queue removed.
.PP
Since error queue data structures are allocated automatically for new
@@ -164,12 +168,12 @@ by unsigned long values any argument to this function is ignored. Calling
ERR_remove_state is equivalent to \fBERR_remove_thread_state(\s-1NULL\s0)\fR.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
-ERR_remove_thread_state and \fIERR_remove_state()\fR return no value.
+ERR_remove_thread_state and \fBERR_remove_state()\fR return no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3)
+\&\fBerr\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL. It
+\&\fBERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL. It
was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state was introduced
and thread IDs were introduced to identify threads instead of 'unsigned long'.
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index e0e5dc7e77f7..7257af9fa72c 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH ERR_set_mark 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,20 +151,20 @@ ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there
+\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there
is one.
.PP
-\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found.
+\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found.
The mark is then removed. If there is no mark, the whole stack is removed.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1.
+\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1.
.PP
-\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which
+\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which
implies that the stack became empty, otherwise 1.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIerr\fR\|(3)
+\&\fBerr\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIERR_set_mark()\fR and \fIERR_pop_to_mark()\fR were added in OpenSSL 0.9.8.
+\&\fBERR_set_mark()\fR and \fBERR_pop_to_mark()\fR were added in OpenSSL 0.9.8.
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 6c68b49e1901..605e4032306a 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EVP_BytesToKey 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +152,7 @@ EVP_BytesToKey \- password based encryption routine
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
+\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.
The \fBsalt\fR parameter is used as a salt in the derivation: it should point to
an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing
@@ -187,13 +191,13 @@ The initial bytes are used for the key and the subsequent bytes for
the \s-1IV.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-If \fBdata\fR is \s-1NULL,\s0 then \fIEVP_BytesToKey()\fR returns the number of bytes
+If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes
needed to store the derived key.
-Otherwise, \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes,
+Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes,
or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIevp\fR\|(3), \fIrand\fR\|(3),
-\&\fIEVP_EncryptInit\fR\|(3)
+\&\fBevp\fR\|(3), \fBrand\fR\|(3),
+\&\fBEVP_EncryptInit\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index ed6e7ea095aa..a7c07105884d 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EVP_DigestInit 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,105 +206,105 @@ EVP digest routines
.IX Header "DESCRIPTION"
The \s-1EVP\s0 digest routines are a high level interface to message digests.
.PP
-\&\fIEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR.
+\&\fBEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR.
.PP
-\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
+\&\fBEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
.PP
-\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
+\&\fBEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this
-function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR.
+function. \fBtype\fR will typically be supplied by a functionsuch as \fBEVP_sha1()\fR.
If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
.PP
-\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
digest context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to hash additional data.
.PP
-\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places
+\&\fBEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places
it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of
bytes of data written (i.e. the length of the digest) will be written
to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.
-After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR
-can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new
+After calling \fBEVP_DigestFinal_ex()\fR no additional calls to \fBEVP_DigestUpdate()\fR
+can be made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new
digest operation.
.PP
-\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called
+\&\fBEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called
after a digest context is no longer needed.
.PP
-\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the
+\&\fBEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the
space allocated to it, it should be called only on a context created
-using \fIEVP_MD_CTX_create()\fR.
+using \fBEVP_MD_CTX_create()\fR.
.PP
-\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from
+\&\fBEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from
\&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be
hashed which only differ in the last few bytes. \fBout\fR must be initialized
before calling this function.
.PP
-\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except
+\&\fBEVP_DigestInit()\fR behaves in the same way as \fBEVP_DigestInit_ex()\fR except
the passed context \fBctx\fR does not have to be initialized, and it always
uses the default digest implementation.
.PP
-\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest
+\&\fBEVP_DigestFinal()\fR is similar to \fBEVP_DigestFinal_ex()\fR except the digest
context \fBctx\fR is automatically cleaned up.
.PP
-\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination
+\&\fBEVP_MD_CTX_copy()\fR is similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination
\&\fBout\fR does not have to be initialized.
.PP
-\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest
+\&\fBEVP_MD_size()\fR and \fBEVP_MD_CTX_size()\fR return the size of the message digest
when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the
hash.
.PP
-\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the
+\&\fBEVP_MD_block_size()\fR and \fBEVP_MD_CTX_block_size()\fR return the block size of the
message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure.
.PP
-\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0
+\&\fBEVP_MD_type()\fR and \fBEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0
representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure.
-For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
+For example EVP_MD_type(\fBEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
normally used when setting \s-1ASN1\s0 OIDs.
.PP
-\&\fIEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed
+\&\fBEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed
\&\fB\s-1EVP_MD_CTX\s0\fR.
.PP
-\&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated
-with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will
+\&\fBEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated
+with this digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will
return \fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms
are no longer linked this function is only retained for compatibility
reasons.
.PP
-\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_sha224()\fR, \fIEVP_sha256()\fR,
-\&\fIEVP_sha384()\fR, \fIEVP_sha512()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR
+\&\fBEVP_md2()\fR, \fBEVP_md5()\fR, \fBEVP_sha()\fR, \fBEVP_sha1()\fR, \fBEVP_sha224()\fR, \fBEVP_sha256()\fR,
+\&\fBEVP_sha384()\fR, \fBEVP_sha512()\fR, \fBEVP_mdc2()\fR and \fBEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR
structures for the \s-1MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2\s0
and \s-1RIPEMD160\s0 digest algorithms respectively.
.PP
-\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
+\&\fBEVP_dss()\fR and \fBEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is
no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
however retained for compatibility.
.PP
-\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
+\&\fBEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
returns is of zero length.
.PP
-\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
+\&\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR
return an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \s-1NID\s0 or
an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initialized
-using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work.
+using, for example, \fBOpenSSL_add_all_digests()\fR for these functions to work.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for
+\&\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR and \fBEVP_DigestFinal_ex()\fR return 1 for
success and 0 for failure.
.PP
-\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.
+\&\fBEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.
.PP
-\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
+\&\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR and \fBEVP_MD_type()\fR return the \s-1NID\s0 of the
corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists.
.PP
-\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR and
-\&\fIEVP_MD_CTX_block_size()\fR return the digest or block size in bytes.
+\&\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR and
+\&\fBEVP_MD_CTX_block_size()\fR return the digest or block size in bytes.
.PP
-\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR,
-\&\fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return pointers to the
+\&\fBEVP_md_null()\fR, \fBEVP_md2()\fR, \fBEVP_md5()\fR, \fBEVP_sha()\fR, \fBEVP_sha1()\fR, \fBEVP_dss()\fR,
+\&\fBEVP_dss1()\fR, \fBEVP_mdc2()\fR and \fBEVP_ripemd160()\fR return pointers to the
corresponding \s-1EVP_MD\s0 structures.
.PP
-\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
+\&\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR
return either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs.
.SH "NOTES"
.IX Header "NOTES"
@@ -311,13 +315,13 @@ transparent to the digest used and much more flexible.
New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256.\s0
The other digest algorithms are still in common use.
.PP
-For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
+For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be
set to \s-1NULL\s0 to use the default digest implementation.
.PP
-The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are
+The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are
obsolete but are retained to maintain compatibility with existing code. New
-applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and
-\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
+applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and
+\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
instead of initializing and cleaning it up on each call and allow non default
implementations of digests to be specified.
.PP
@@ -333,7 +337,7 @@ Stack allocation of \s-1EVP_MD_CTX\s0 structures is common, for example:
.PP
This will cause binary compatibility issues if the size of \s-1EVP_MD_CTX\s0
structure changes (this will only happen with a major release of OpenSSL).
-Applications wishing to avoid this should use \fIEVP_MD_CTX_create()\fR instead:
+Applications wishing to avoid this should use \fBEVP_MD_CTX_create()\fR instead:
.PP
.Vb 2
\& EVP_MD_CTX *mctx;
@@ -390,24 +394,24 @@ digest name passed on the command line.
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdgst\fR\|(1),
-\&\fIevp\fR\|(3)
+\&\fBdgst\fR\|(1),
+\&\fBevp\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are
+\&\fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR and \fBEVP_DigestFinal()\fR are
available in all versions of SSLeay and OpenSSL.
.PP
-\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR,
-\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR
-and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7.
+\&\fBEVP_MD_CTX_init()\fR, \fBEVP_MD_CTX_create()\fR, \fBEVP_MD_CTX_copy_ex()\fR,
+\&\fBEVP_MD_CTX_cleanup()\fR, \fBEVP_MD_CTX_destroy()\fR, \fBEVP_DigestInit_ex()\fR
+and \fBEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7.
.PP
-\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR,
-\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were
+\&\fBEVP_md_null()\fR, \fBEVP_md2()\fR, \fBEVP_md5()\fR, \fBEVP_sha()\fR, \fBEVP_sha1()\fR,
+\&\fBEVP_dss()\fR, \fBEVP_dss1()\fR, \fBEVP_mdc2()\fR and \fBEVP_ripemd160()\fR were
changed to return truly const \s-1EVP_MD\s0 * in OpenSSL 0.9.7.
.PP
The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
-later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to
-use \fIEVP_dss1()\fR any more.
+later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to
+use \fBEVP_dss1()\fR any more.
.PP
OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the
default configuration due to its security weaknesses.
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
index 91cfb1c4c595..e97ddd2e52fb 100644
--- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestSignInit 3"
-.TH EVP_DigestSignInit 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EVP_DigestSignInit 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,21 +154,21 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing fun
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
-\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
+\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
\&\s-1ENGINE\s0 \fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
-\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
+\&\fBEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can
be used to set alternative signing options. Note that any existing value in
\&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed
directly by the application (it will be freed automatically when the \s-1EVP_MD_CTX\s0
is freed). The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it.
.PP
-\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
signature context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to include additional data. This function is currently implemented
usig a macro.
.PP
-\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR.
+\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR.
If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to
the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the
\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer, if the
@@ -172,12 +176,12 @@ call is successful the signature is written to \fBsig\fR and the amount of data
written to \fBsiglen\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIEVP_DigestSignInit()\fR \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignaFinal()\fR return
+\&\fBEVP_DigestSignInit()\fR \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignaFinal()\fR return
1 for success and 0 or a negative value for failure. In particular a return
value of \-2 indicates the operation is not supported by the public key
algorithm.
.PP
-The error codes can be obtained from \fIERR_get_error\fR\|(3).
+The error codes can be obtained from \fBERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
@@ -185,33 +189,33 @@ preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
-and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
+and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR
needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
the use of clone digest is now discouraged.
.PP
For some key types and parameters the random number generator must be seeded
or the operation will fail.
.PP
-The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest
-context. This means that calls to \fIEVP_DigestSignUpdate()\fR and
-\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data.
+The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest
+context. This means that calls to \fBEVP_DigestSignUpdate()\fR and
+\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
+be cleaned up after use by calling \fBEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.PP
-The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some
+The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some
signature operations may have a signature length which depends on the
-parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value
+parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value
which indicates the maximum possible signature for any set of parameters.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIEVP_DigestVerifyInit\fR\|(3),
-\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
-\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
-\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
-\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+\&\fBEVP_DigestVerifyInit\fR\|(3),
+\&\fBEVP_DigestInit\fR\|(3), \fBerr\fR\|(3),
+\&\fBevp\fR\|(3), \fBhmac\fR\|(3), \fBmd2\fR\|(3),
+\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3),
+\&\fBsha\fR\|(3), \fBdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR
+\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR
were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
index 1c063d771115..a6ce6df843f6 100644
--- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestVerifyInit 3"
-.TH EVP_DigestVerifyInit 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EVP_DigestVerifyInit 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,35 +154,35 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signa
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
-\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
+\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
-with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
+with \fBEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
can be used to set alternative verification options. Note that any existing
value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be
freed directly by the application (it will be freed automatically when the
\&\s-1EVP_MD_CTX\s0 is freed).
.PP
-\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
verification context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to include additional data. This function is currently implemented
using a macro.
.PP
-\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
+\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
\&\fBsig\fR of length \fBsiglen\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0
+\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0
or a negative value for failure. In particular a return value of \-2 indicates
the operation is not supported by the public key algorithm.
.PP
-\&\fIEVP_DigestVerifyFinal()\fR returns 1 for success; any other value indicates
+\&\fBEVP_DigestVerifyFinal()\fR returns 1 for success; any other value indicates
failure. A return value of zero indicates that the signature did not verify
successfully (that is, tbs did not match the original data or the signature had
an invalid form), while other values indicate a more serious error (and
sometimes also indicate an invalid signature form).
.PP
-The error codes can be obtained from \fIERR_get_error\fR\|(3).
+The error codes can be obtained from \fBERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
@@ -186,28 +190,28 @@ preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
-and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
+and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR
needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
the use of clone digest is now discouraged.
.PP
For some key types and parameters the random number generator must be seeded
or the operation will fail.
.PP
-The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
-context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can
+The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
+context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can
be called later to digest and verify additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
+be cleaned up after use by calling \fBEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIEVP_DigestSignInit\fR\|(3),
-\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
-\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
-\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
-\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+\&\fBEVP_DigestSignInit\fR\|(3),
+\&\fBEVP_DigestInit\fR\|(3), \fBerr\fR\|(3),
+\&\fBevp\fR\|(3), \fBhmac\fR\|(3), \fBmd2\fR\|(3),
+\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3),
+\&\fBsha\fR\|(3), \fBdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR
+\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR
were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3
index b781bbb562ac..e6badc3fd649 100644
--- a/secure/lib/libcrypto/man/EVP_EncodeInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncodeInit 3"
-.TH EVP_EncodeInit 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EVP_EncodeInit 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,31 +178,31 @@ bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
still output for the final 1 or 2 bytes of input. Similarly a newline character
will also be output.
.PP
-\&\fIEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation.
+\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation.
.PP
-\&\fIEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by
+\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by
\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output
is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the
buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full
blocks of data (48 bytes) will be immediately processed and output by this
function. Any remainder is held in the \fBctx\fR object and will be processed by a
-subsequent call to \fIEVP_EncodeUpdate()\fR or \fIEVP_EncodeFinal()\fR. To calculate the
+subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the
required size of the output buffer add together the value of \fBinl\fR with the
amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore
any remainder). This gives the number of blocks of data that will be processed.
Ensure the output buffer contains 65 bytes of storage for each block, plus an
-additional byte for a \s-1NUL\s0 terminator. \fIEVP_EncodeUpdate()\fR may be called
+additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called
repeatedly to process large amounts of input data. In the event of an error
-\&\fIEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0.
+\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0.
.PP
-\&\fIEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will
+\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will
process any partial block of data remaining in the \fBctx\fR object. The output
data will be stored in \fBout\fR and the length of the data written will be stored
in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is
sufficiently large to accommodate the output data which will never be more than
65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total).
.PP
-\&\fIEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length
+\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length
\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of
output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is
encoded as a final block of data and the output is padded such that it is always
@@ -207,16 +211,16 @@ example if 16 bytes of input data is provided then 24 bytes of encoded data is
created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of
the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function.
.PP
-\&\fIEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation.
+\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation.
.PP
-\&\fIEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed
+\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed
to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes
output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that
the buffer at \fBout\fR is sufficiently large to accommodate the output data. This
function will attempt to decode as much data as possible in 4 byte chunks. Any
whitespace, newline or carriage return characters are ignored. Any partial chunk
of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
-the \fBctx\fR object and processed by a subsequent call to \fIEVP_DecodeUpdate()\fR. If
+the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If
any illegal base 64 characters are encountered or if the base 64 padding
character \*(L"=\*(R" is encountered in the middle of the data then the function returns
\&\-1 to indicate an error. A return value of 0 or 1 indicates successful
@@ -227,12 +231,12 @@ every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
line feeds), 3 bytes of binary output data will be produced (or less at the end
of the data where the padding character \*(L"=\*(R" has been used).
.PP
-\&\fIEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there
+\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there
is any unprocessed data still in \fBctx\fR then the input data must not have been
a multiple of 4 and therefore an error has occurred. The function will return \-1
in this case. Otherwise the function returns 1 on success.
.PP
-\&\fIEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data
+\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data
contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be
trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0
characters. After such trimming the length of the data in \fBf\fR must be divisbile
@@ -242,15 +246,15 @@ always 3 bytes for every 4 input bytes. This function will return the length of
the data decoded or \-1 on error.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0
+\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0
terminator.
.PP
-\&\fIEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned
+\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned
then no more non-padding base 64 characters are expected.
.PP
-\&\fIEVP_DecodeFinal()\fR returns \-1 on error or 1 on success.
+\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success.
.PP
-\&\fIEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error.
+\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIevp\fR\|(3)
+\&\fBevp\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index 4c7d4e9b38eb..dcd5c47ea545 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.TH EVP_EncryptInit 3 "2019-02-26" "1.0.2r" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -242,12 +246,12 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256
The \s-1EVP\s0 cipher routines are a high level interface to certain
symmetric ciphers.
.PP
-\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
+\&\fBEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
.PP
-\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
+\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized
before calling this function. \fBtype\fR is normally supplied
-by a function such as \fIEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
+by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
default implementation is used. \fBkey\fR is the symmetric key to use
and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes
used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
@@ -256,7 +260,7 @@ the remaining parameters in subsequent calls, all of which have \fBtype\fR
set to \s-1NULL.\s0 This is done when the default cipher parameters are not
appropriate.
.PP
-\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
+\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
writes the encrypted version to \fBout\fR. This function can be called
multiple times to encrypt successive blocks of data. The amount
of data written depends on the block alignment of the encrypted data:
@@ -264,170 +268,170 @@ as a result the amount of data written may be anything from zero bytes
to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient
room. The actual number of bytes written is placed in \fBoutl\fR.
.PP
-If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts
+If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts
the \*(L"final\*(R" data, that is any data that remains in a partial block.
It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted
final data is written to \fBout\fR which should have sufficient space for
one cipher block. The number of bytes written is placed in \fBoutl\fR. After
this function is called the encryption operation is finished and no further
-calls to \fIEVP_EncryptUpdate()\fR should be made.
+calls to \fBEVP_EncryptUpdate()\fR should be made.
.PP
-If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more
+If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more
data and it will return an error if any data remains in a partial block:
that is if the total data length is not a multiple of the block size.
.PP
-\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the
-corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an
+\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the
+corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an
error code if padding is enabled and the final block is not correctly
formatted. The parameters and restrictions are identical to the encryption
operations except that if padding is enabled the decrypted data buffer \fBout\fR
-passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for
+passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for
(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in
which case \fBinl\fR bytes is sufficient.
.PP
-\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are
+\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are
functions that can be used for decryption or encryption. The operation
performed depends on the value of the \fBenc\fR parameter. It should be set
to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged
(the actual value of 'enc' being supplied in a previous call).
.PP
-\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context
+\&\fBEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context
and free up any allocated memory associate with it. It should be called
after all operations using a cipher are complete so sensitive information
does not remain in memory.
.PP
-\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a
-similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and
-\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR parameter does not need to be
+\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a
+similar way to \fBEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and
+\&\fBEVP_CipherInit_ex()\fR except the \fBctx\fR parameter does not need to be
initialized and they always use the default cipher implementation.
.PP
-\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are
-identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and
-\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up
-the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR
+\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are
+identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and
+\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up
+the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR
must be called to free any context resources.
.PP
-\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
+\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR
return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an
\&\s-1ASN1_OBJECT\s0 structure.
.PP
-\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
+\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0
value is an internal value which may not have a corresponding \s-1OBJECT
IDENTIFIER.\s0
.PP
-\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
+\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
encryption operations are padded using standard block padding and the
padding is checked and removed when decrypting. If the \fBpad\fR parameter
is zero then no padding is performed, the total amount of data encrypted
or decrypted must then be a multiple of the block size or an error will
occur.
.PP
-\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
+\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length
-for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a
-given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different
+for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a
+given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different
for variable key length ciphers.
.PP
-\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx.
+\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx.
If the cipher is a fixed length cipher then attempting to set the key
length to any value other than the fixed value is an error.
.PP
-\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
+\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
It will return zero if the cipher does not use an \s-1IV.\s0 The constant
\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
.PP
-\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
+\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block
size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is also the maximum block
length for all ciphers.
.PP
-\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed
+\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed
cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT
IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object
identifier or does not have \s-1ASN1\s0 support this function will return
\&\fBNID_undef\fR.
.PP
-\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed
+\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed
an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
.PP
-\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
+\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or
\&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then
\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.
.PP
-\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
+\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
on the passed cipher. This will typically include any parameters and an
\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call
should be made before the cipher is actually \*(L"used\*(R" (before any
-\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
+\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function
may fail if the cipher does not have any \s-1ASN1\s0 support.
.PP
-\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
+\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher
In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length.
This function should be called after the base cipher type is set but before
-the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
-key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
-\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
+the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
+key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally
+\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support
or the parameters cannot be set (for example the \s-1RC2\s0 effective key length
is not supported.
.PP
-\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined
+\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined
and set.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR
+\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR
return 1 for success and 0 for failure.
.PP
-\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
-\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success.
+\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
+\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success.
.PP
-\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
-\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success.
+\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
+\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success.
.PP
-\&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure.
+\&\fBEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure.
.PP
-\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
+\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR
return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
.PP
-\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0
+\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0
.PP
-\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
+\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block
size.
.PP
-\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
+\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key
length.
.PP
-\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.
+\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1.
.PP
-\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
+\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length or zero if the cipher does not use an \s-1IV.\s0
.PP
-\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
+\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0
.PP
-\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
+\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
.PP
-\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return 1 for
+\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return 1 for
success or zero for failure.
.SH "CIPHER LISTING"
.IX Header "CIPHER LISTING"
All algorithms have a fixed key length unless otherwise stated.
-.IP "\fIEVP_enc_null()\fR" 4
+.IP "\fBEVP_enc_null()\fR" 4
.IX Item "EVP_enc_null()"
Null cipher: does nothing.
.IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4
.IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)"
\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
-.IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4
+.IP "EVP_des_ede_cbc(void), \fBEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4
.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
-.IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4
+.IP "EVP_des_ede3_cbc(void), \fBEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4
.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_desx_cbc(void)" 4
@@ -438,9 +442,9 @@ Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respect
\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with default key length 128 bits.
.IP "EVP_rc4_40(void)" 4
.IX Item "EVP_rc4_40(void)"
-\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should use \fIEVP_rc4()\fR
-and the \fIEVP_CIPHER_CTX_set_key_length()\fR function.
-.IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void)" 4
+\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should use \fBEVP_rc4()\fR
+and the \fBEVP_CIPHER_CTX_set_key_length()\fR function.
+.IP "\fBEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void)" 4
.IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void)"
\&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4
@@ -451,8 +455,8 @@ By default both are set to 128 bits.
.IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4
.IX Item "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)"
\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of 40 and 64 bits.
-These are obsolete and new code should use \fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and
-\&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length.
+These are obsolete and new code should use \fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and
+\&\fBEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length.
.IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4
.IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);"
Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
@@ -481,11 +485,11 @@ These ciphers require additional control operations to function correctly: see
For \s-1GCM\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly altered and
several \s-1GCM\s0 specific ctrl operations are supported.
.PP
-To specify any additional authenticated data (\s-1AAD\s0) a call to \fIEVP_CipherUpdate()\fR,
-\&\fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made with the output
+To specify any additional authenticated data (\s-1AAD\s0) a call to \fBEVP_CipherUpdate()\fR,
+\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output
parameter \fBout\fR set to \fB\s-1NULL\s0\fR.
.PP
-When decrypting the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR
+When decrypting the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR
indicates if the operation was successful. If it does not indicate success
the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR
be used as it is corrupted.
@@ -505,7 +509,7 @@ not called a default \s-1IV\s0 length is used (96 bits for \s-1AES\s0).
.PP
Writes \fBtaglen\fR bytes of the tag value to the buffer indicated by \fBtag\fR.
This call can only be made when encrypting data and \fBafter\fR all data has been
-processed (e.g. after an \fIEVP_EncryptFinal()\fR call).
+processed (e.g. after an \fBEVP_EncryptFinal()\fR call).
.PP
.Vb 1
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
@@ -519,10 +523,10 @@ The behaviour of \s-1CCM\s0 mode ciphers is similar to \s-1CCM\s0 mode but with
additional requirements and different ctrl values.
.PP
Like \s-1GCM\s0 mode any additional authenticated data (\s-1AAD\s0) is passed by calling
-\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR with the output
+\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output
parameter \fBout\fR set to \fB\s-1NULL\s0\fR. Additionally the total plaintext or ciphertext
-length \fB\s-1MUST\s0\fR be passed to \fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or