Merge OpenSSL 0.9.8k into head.

Approved by:	re

31 files changed, 211 insertions, 61 deletions

diff --git a/crypto/openssl/doc/apps/ciphers.pod b/crypto/openssl/doc/apps/ciphers.pod
index e16eade..694e433 100644
--- a/crypto/openssl/doc/apps/ciphers.pod
+++ b/crypto/openssl/doc/apps/ciphers.pod
@@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 
 the default cipher list. This is determined at compile time and is normally
-B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>
@@ -209,6 +209,10 @@ anonymous DH cipher suites.
 
 cipher suites using AES.
 
+=item B<CAMELLIA>
+
+cipher suites using Camellia.
+
 =item B<3DES>
 
 cipher suites using triple DES.
@@ -229,6 +233,10 @@ cipher suites using RC2.
 
 cipher suites using IDEA.
 
+=item B<SEED>
+
+cipher suites using SEED.
+
 =item B<MD5>
 
 cipher suites using MD5.
@@ -237,10 +245,6 @@ cipher suites using MD5.
 
 cipher suites using SHA1.
 
-=item B<Camellia>
-
-cipher suites using Camellia.
-
 =back
 
 =head1 CIPHER SUITE NAMES
@@ -323,10 +327,10 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
  TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
  TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
 
- TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
- TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
- TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
- TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
 
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
@@ -354,6 +358,18 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
 
+=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
+
+ TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+
+ TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
+ TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
+
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+
+ TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
+
 =head2 Additional Export 1024 and other cipher suites
 
 Note: these ciphers can also be used in SSL v3.
diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod
index b0d1987..908cd2a 100644
--- a/crypto/openssl/doc/apps/dgst.pod
+++ b/crypto/openssl/doc/apps/dgst.pod
@@ -18,6 +18,7 @@ B<openssl> B<dgst>
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
+[B<-hmac key>]
 [B<file...>]
 
 [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
@@ -78,6 +79,10 @@ verify the signature using the  the private key in "filename".
 
 the actual signature to verify.
 
+=item B<-hmac key>
+
+create a hashed MAC using "key".
+
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
diff --git a/crypto/openssl/doc/apps/enc.pod b/crypto/openssl/doc/apps/enc.pod
index c43da5b..4391c93 100644
--- a/crypto/openssl/doc/apps/enc.pod
+++ b/crypto/openssl/doc/apps/enc.pod
@@ -227,6 +227,14 @@ Blowfish and RC5 algorithms use a 128 bit key.
  rc5-ecb            RC5 cipher in ECB mode
  rc5-ofb            RC5 cipher in OFB mode
 
+ aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode
+ aes-[128|192|256]	Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb	128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb	128/192/256 bit AES in OFB mode
+
 =head1 EXAMPLES
 
 Just base64 encode a binary file:
diff --git a/crypto/openssl/doc/apps/ocsp.pod b/crypto/openssl/doc/apps/ocsp.pod
index 4f26605..b58ddc1 100644
--- a/crypto/openssl/doc/apps/ocsp.pod
+++ b/crypto/openssl/doc/apps/ocsp.pod
@@ -73,7 +73,7 @@ specify output filename, default is standard output.
 
 This specifies the current issuer certificate. This option can be used
 multiple times. The certificate specified in B<filename> must be in
-PEM format.
+PEM format. This option B<MUST> come before any B<-cert> options.
 
 =item B<-cert filename>
 
@@ -146,7 +146,7 @@ certificate in such cases.
 
 =item B<-trust_other>
 
-the certificates specified by the B<-verify_certs> option should be explicitly
+the certificates specified by the B<-verify_other> option should be explicitly
 trusted and no additional checks will be performed on them. This is useful
 when the complete responder certificate chain is not available or trusting a
 root CA is not appropriate.
@@ -154,7 +154,7 @@ root CA is not appropriate.
 =item B<-VAfile file>
 
 file containing explicitly trusted responder certificates. Equivalent to the
-B<-verify_certs> and B<-trust_other> options.
+B<-verify_other> and B<-trust_other> options.
 
 =item B<-noverify>
 
@@ -166,7 +166,7 @@ of the responders certificate.
 
 ignore certificates contained in the OCSP response when searching for the
 signers certificate. With this option the signers certificate must be specified
-with either the B<-verify_certs> or B<-VAfile> options.
+with either the B<-verify_other> or B<-VAfile> options.
 
 =item B<-no_signature_verify>
 
diff --git a/crypto/openssl/doc/apps/openssl.pod b/crypto/openssl/doc/apps/openssl.pod
index dc0f49d..964cdf0 100644
--- a/crypto/openssl/doc/apps/openssl.pod
+++ b/crypto/openssl/doc/apps/openssl.pod
@@ -227,6 +227,22 @@ SHA Digest
 
 SHA-1 Digest
 
+=item B<sha224>
+
+SHA-224 Digest
+
+=item B<sha256>
+
+SHA-256 Digest
+
+=item B<sha384>
+
+SHA-384 Digest
+
+=item B<sha512>
+
+SHA-512 Digest
+
 =back
 
 =head2 ENCODING AND CIPHER COMMANDS
diff --git a/crypto/openssl/doc/apps/rand.pod b/crypto/openssl/doc/apps/rand.pod
index 75745ca..d1d213e 100644
--- a/crypto/openssl/doc/apps/rand.pod
+++ b/crypto/openssl/doc/apps/rand.pod
@@ -10,6 +10,7 @@ B<openssl rand>
 [B<-out> I<file>]
 [B<-rand> I<file(s)>]
 [B<-base64>]
+[B<-hex>]
 I<num>
 
 =head1 DESCRIPTION
@@ -41,6 +42,10 @@ all others.
 
 Perform base64 encoding on the output.
 
+=item B<-hex>
+
+Show the output as a hex string.
+
 =back
 
 =head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/rsautl.pod b/crypto/openssl/doc/apps/rsautl.pod
index a7c1681..1a498c2 100644
--- a/crypto/openssl/doc/apps/rsautl.pod
+++ b/crypto/openssl/doc/apps/rsautl.pod
@@ -152,7 +152,7 @@ The final BIT STRING contains the actual signature. It can be extracted with:
 
 The certificate public key can be extracted with:
  
- openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
+ openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
 
 The signature can be analysed with:
 
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
index c17a83a..c44d357 100644
--- a/crypto/openssl/doc/apps/s_client.pod
+++ b/crypto/openssl/doc/apps/s_client.pod
@@ -38,6 +38,10 @@ B<openssl> B<s_client>
 [B<-cipher cipherlist>]
 [B<-starttls protocol>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
 [B<-rand file(s)>]
 
 =head1 DESCRIPTION
@@ -186,6 +190,26 @@ send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
 supported keywords are "smtp", "pop3", "imap", and "ftp".
 
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server. Note: this
+option is only available if extension support is explicitly enabled at compile
+time
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. Note: this option is only available
+if extension support is explicitly enabled at compile time
+
+=item B<-sess_out filename>
+
+output SSL session to B<filename>
+
+=item B<-sess_in sess.pem>
+
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
+
 =item B<-engine id>
 
 specifying an engine (by it's unique B<id> string) will cause B<s_client>
@@ -246,6 +270,13 @@ on the command line is no guarantee that the certificate works.
 If there are problems verifying a server certificate then the
 B<-showcerts> option can be used to show the whole chain.
 
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+B<-no_sslv2> option.
+
+TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the B<enable-tlsext> switch.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of
diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod
index 7c1a958..fdcc170 100644
--- a/crypto/openssl/doc/apps/s_server.pod
+++ b/crypto/openssl/doc/apps/s_server.pod
@@ -12,6 +12,8 @@ B<openssl> B<s_server>
 [B<-context id>]
 [B<-verify depth>]
 [B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
 [B<-cert filename>]
 [B<-certform DER|PEM>]
 [B<-key keyfile>]
@@ -48,6 +50,8 @@ B<openssl> B<s_server>
 [B<-WWW>]
 [B<-HTTP>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
 [B<-id_prefix arg>]
 [B<-rand file(s)>]
 
@@ -140,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the
 client does not have to send one, with the B<-Verify> option the client
 must supply a certificate or an error occurs.
 
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
 =item B<-CApath directory>
 
 The directory to use for client certificate verification. This directory
@@ -205,6 +215,14 @@ also included in the server list is used. Because the client specifies
 the preference order, the order of the server cipherlist irrelevant. See
 the B<ciphers> command for more information.
 
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. 
+
 =item B<-www>
 
 sends a status message back to the client when it connects. This includes
@@ -307,6 +325,9 @@ mean any CA is acceptable. This is useful for debugging purposes.
 
 The session parameters can printed out using the B<sess_id> program.
 
+TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the B<enable-tlsext> switch.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of
diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod
index ea5c29c..ff2629d 100644
--- a/crypto/openssl/doc/apps/verify.pod
+++ b/crypto/openssl/doc/apps/verify.pod
@@ -169,7 +169,7 @@ the operation was successful.
 the issuer certificate could not be found: this occurs if the issuer certificate
 of an untrusted certificate cannot be found.
 
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
 
 the CRL of a certificate could not be found. Unused.
 
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
index a925da4..f43c175 100644
--- a/crypto/openssl/doc/apps/x509.pod
+++ b/crypto/openssl/doc/apps/x509.pod
@@ -155,7 +155,7 @@ outputs the "hash" of the certificate issuer name.
 
 =item B<-hash>
 
-synonym for "-hash" for backward compatibility reasons.
+synonym for "-subject_hash" for backward compatibility reasons.
 
 =item B<-subject>
 
diff --git a/crypto/openssl/doc/c-indentation.el b/crypto/openssl/doc/c-indentation.el
index cbf01cb..90861d3 100644
--- a/crypto/openssl/doc/c-indentation.el
+++ b/crypto/openssl/doc/c-indentation.el
@@ -20,6 +20,7 @@
 
 (c-add-style "eay"
 	     '((c-basic-offset . 8)
+	       (indent-tabs-mode . t)
 	       (c-comment-only-line-offset . 0)
 	       (c-hanging-braces-alist)
 	       (c-offsets-alist	. ((defun-open . +)
diff --git a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
index ba6e3c2..1157cff 100644
--- a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
+++ b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
@@ -28,7 +28,11 @@ The actual data encoded is determined by the string B<str> and
 the configuration information. The general format of the string
 is:
 
- B<[modifier,]type[:value]>
+=over 2
+
+=item B<[modifier,]type[:value]>
+
+=back
 
 That is zero or more comma separated modifiers followed by a type
 followed by an optional colon and a value. The formats of B<type>,
@@ -81,13 +85,13 @@ the format B<YYYYMMDDHHMMSSZ>.
 
 =item B<OCTETSTRING>, B<OCT>
 
-Emcodes an ASN1 B<OCTET STRING>. B<value> represents the contents
+Encodes an ASN1 B<OCTET STRING>. B<value> represents the contents
 of this structure, the format strings B<ASCII> and B<HEX> can be
 used to specify the format of B<value>.
 
-=item B<BITSRING>, B<BITSTR>
+=item B<BITSTRING>, B<BITSTR>
 
-Emcodes an ASN1 B<BIT STRING>. B<value> represents the contents
+Encodes an ASN1 B<BIT STRING>. B<value> represents the contents
 of this structure, the format strings B<ASCII>, B<HEX> and B<BITLIST>
 can be used to specify the format of B<value>.
 
@@ -147,10 +151,11 @@ bits is set to zero.
 This specifies the format of the ultimate value. It should be followed
 by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>.
 
-If no format specifier is included then B<ASCII> is used. If B<UTF8> is specified
-then the value string must be a valid B<UTF8> string. For B<HEX> the output must
-be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a
-comma separated list of set bits.
+If no format specifier is included then B<ASCII> is used. If B<UTF8> is
+specified then the value string must be a valid B<UTF8> string. For B<HEX> the
+output must be a set of hex digits. B<BITLIST> (which is only valid for a BIT
+STRING) is a comma separated list of the indices of the set bits, all other
+bits are zero.
 
 =back
 
@@ -168,16 +173,20 @@ An IA5String explicitly tagged using APPLICATION tagging:
 
  EXPLICIT:0A,IA5STRING:Hello World
 
+A BITSTRING with bits 1 and 5 set and all others zero:
+
+ FORMAT=BITLIST,BITSTRING:1,5
+
 A more complex example using a config file to produce a
 SEQUENCE consiting of a BOOL an OID and a UTF8String:
 
-asn1 = SEQUENCE:seq_section
+ asn1 = SEQUENCE:seq_section
 
-[seq_section]
+ [seq_section]
 
-field1 = BOOLEAN:TRUE
-field2 = OID:commonName
-field3 = UTF8:Third field
+ field1 = BOOLEAN:TRUE
+ field2 = OID:commonName
+ field3 = UTF8:Third field
 
 This example produces an RSAPrivateKey structure, this is the
 key contained in the file client.pem in all OpenSSL distributions
diff --git a/crypto/openssl/doc/crypto/DH_set_method.pod b/crypto/openssl/doc/crypto/DH_set_method.pod
index 73261fc..d5cdc3b 100644
--- a/crypto/openssl/doc/crypto/DH_set_method.pod
+++ b/crypto/openssl/doc/crypto/DH_set_method.pod
@@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has been set
 as a default for DH, so this function is no longer recommended.
 
 DH_get_default_method() returns a pointer to the current default DH_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
+However, the meaningfulness of this result is dependent on whether the ENGINE
 API is being used, so this function is no longer recommended.
 
 DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
diff --git a/crypto/openssl/doc/crypto/DSA_set_method.pod b/crypto/openssl/doc/crypto/DSA_set_method.pod
index bc3cfb1..9c1434b 100644
--- a/crypto/openssl/doc/crypto/DSA_set_method.pod
+++ b/crypto/openssl/doc/crypto/DSA_set_method.pod
@@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has
 been set as a default for DSA, so this function is no longer recommended.
 
 DSA_get_default_method() returns a pointer to the current default
-DSA_METHOD. However, the meaningfulness of this result is dependant on
+DSA_METHOD. However, the meaningfulness of this result is dependent on
 whether the ENGINE API is being used, so this function is no longer 
 recommended.
 
diff --git a/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod b/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod
index 121a8dd..2e659d3 100644
--- a/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod
+++ b/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod
@@ -17,19 +17,27 @@ register after executing CPUID instruction with EAX=1 input value (see
 Intel Application Note #241618). Naturally it's meaningful on IA-32[E]
 platforms only. The variable is normally set up automatically upon
 toolkit initialization, but can be manipulated afterwards to modify
-crypto library behaviour. For the moment of this writing three bits are
-significant, namely bit #28 denoting Hyperthreading, which is used to
-distinguish Intel P4 core, bit #26 denoting SSE2 support, and bit #4
-denoting presence of Time-Stamp Counter. Clearing bit #26 at run-time
-for example disables high-performance SSE2 code present in the crypto
-library. You might have to do this if target OpenSSL application is
-executed on SSE2 capable CPU, but under control of OS which does not
-support SSE2 extentions. Even though you can manipulate the value
-programmatically, you most likely will find it more appropriate to set
-up an environment variable with the same name prior starting target
-application, e.g. 'env OPENSSL_ia32cap=0x10 apps/openssl', to achieve
-same effect without modifying the application source code.
-Alternatively you can reconfigure the toolkit with no-sse2 option and
-recompile.
+crypto library behaviour. For the moment of this writing six bits are
+significant, namely:
+
+1. bit #28 denoting Hyperthreading, which is used to distiguish
+   cores with shared cache;
+2. bit #26 denoting SSE2 support;
+3. bit #25 denoting SSE support;
+4. bit #23 denoting MMX support;
+5. bit #20, reserved by Intel, is used to choose between RC4 code
+   pathes;
+6. bit #4 denoting presence of Time-Stamp Counter.
+
+For example, clearing bit #26 at run-time disables high-performance
+SSE2 code present in the crypto library. You might have to do this if
+target OpenSSL application is executed on SSE2 capable CPU, but under
+control of OS which does not support SSE2 extentions. Even though you
+can manipulate the value programmatically, you most likely will find it
+more appropriate to set up an environment variable with the same name
+prior starting target application, e.g. on Intel P4 processor 'env
+OPENSSL_ia32cap=0x12900010 apps/openssl', to achieve same effect
+without modifying the application source code. Alternatively you can
+reconfigure the toolkit with no-sse2 option and recompile.
 
 =cut
diff --git a/crypto/openssl/doc/crypto/RAND_bytes.pod b/crypto/openssl/doc/crypto/RAND_bytes.pod
index ce6329c..1a9b91e 100644
--- a/crypto/openssl/doc/crypto/RAND_bytes.pod
+++ b/crypto/openssl/doc/crypto/RAND_bytes.pod
@@ -25,6 +25,9 @@ unpredictable. They can be used for non-cryptographic purposes and for
 certain purposes in cryptographic protocols, but usually not for key
 generation etc.
 
+The contents of B<buf> is mixed into the entropy pool before retrieving
+the new pseudo-random bytes unless disabled at compile time (see FAQ).
+
 =head1 RETURN VALUES
 
 RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
diff --git a/crypto/openssl/doc/crypto/RAND_egd.pod b/crypto/openssl/doc/crypto/RAND_egd.pod
index 079838e..8b8c61d 100644
--- a/crypto/openssl/doc/crypto/RAND_egd.pod
+++ b/crypto/openssl/doc/crypto/RAND_egd.pod
@@ -45,8 +45,11 @@ EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
 Makefile.PL; make; make install> to install). It is run as B<egd>
 I<path>, where I<path> is an absolute path designating a socket. When
 RAND_egd() is called with that path as an argument, it tries to read
-random bytes that EGD has collected. The read is performed in
-non-blocking mode.
+random bytes that EGD has collected. RAND_egd() retrieves entropy from the
+daemon using the daemon's "non-blocking read" command which shall
+be answered immediately by the daemon without waiting for additional
+entropy to be collected. The write and read socket operations in the
+communication are blocking.
 
 Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
 available from
diff --git a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
index c9bb6d9..e5b780f 100644
--- a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
+++ b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
@@ -30,7 +30,7 @@ true only whilst no ENGINE has been set as a default for RAND, so this function
 is no longer recommended.
 
 RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
+However, the meaningfulness of this result is dependent on whether the ENGINE
 API is being used, so this function is no longer recommended.
 
 =head1 THE RAND_METHOD STRUCTURE
diff --git a/crypto/openssl/doc/crypto/RSA_set_method.pod b/crypto/openssl/doc/crypto/RSA_set_method.pod
index 0a305f6..2c963d7 100644
--- a/crypto/openssl/doc/crypto/RSA_set_method.pod
+++ b/crypto/openssl/doc/crypto/RSA_set_method.pod
@@ -42,7 +42,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has
 been set as a default for RSA, so this function is no longer recommended.
 
 RSA_get_default_method() returns a pointer to the current default
-RSA_METHOD. However, the meaningfulness of this result is dependant on
+RSA_METHOD. However, the meaningfulness of this result is dependent on
 whether the ENGINE API is being used, so this function is no longer 
 recommended.
 
diff --git a/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod b/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
index 919b908..2579a5d 100644
--- a/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
+++ b/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
@@ -86,10 +86,10 @@ is equivalent to:
  B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
 
 
-B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
+B<XN_FLAG_ONELINE> is a more readable one line format which is the same as:
  B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
 
-B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
+B<XN_FLAG_MULTILINE> is a multiline format which is the same as:
  B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
 
 B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
diff --git a/crypto/openssl/doc/crypto/des_modes.pod b/crypto/openssl/doc/crypto/des_modes.pod
index 0266403..e883ca8 100644
--- a/crypto/openssl/doc/crypto/des_modes.pod
+++ b/crypto/openssl/doc/crypto/des_modes.pod
@@ -4,7 +4,7 @@
 
 =head1 NAME
 
-Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
+des_modes - the variants of DES and other crypto algorithms of OpenSSL
 
 =head1 DESCRIPTION
 
diff --git a/crypto/openssl/doc/crypto/engine.pod b/crypto/openssl/doc/crypto/engine.pod
index 75933fc..f5ab1c3 100644
--- a/crypto/openssl/doc/crypto/engine.pod
+++ b/crypto/openssl/doc/crypto/engine.pod
@@ -183,7 +183,7 @@ Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
 treated as handles - ie. not only as pointers, but also as references to
 the underlying ENGINE object. Ie. one should obtain a new reference when
 making copies of an ENGINE pointer if the copies will be used (and
-released) independantly.
+released) independently.
 
 ENGINE objects have two levels of reference-counting to match the way in
 which the objects are used. At the most basic level, each ENGINE pointer is
@@ -200,7 +200,7 @@ B<functional> reference. This kind of reference can be considered a
 specialised form of structural reference, because each functional reference
 implicitly contains a structural reference as well - however to avoid
 difficult-to-find programming bugs, it is recommended to treat the two
-kinds of reference independantly. If you have a functional reference to an
+kinds of reference independently. If you have a functional reference to an
 ENGINE, you have a guarantee that the ENGINE has been initialised ready to
 perform cryptographic operations and will remain uninitialised
 until after you have released your reference.
@@ -587,7 +587,7 @@ extension).
 The ENGINE API and internal architecture is currently being reviewed. Slated for
 possible release in 0.9.8 is support for transparent loading of "dynamic"
 ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
-implementations to be provided independantly of OpenSSL libraries and/or
+implementations to be provided independently of OpenSSL libraries and/or
 OpenSSL-based applications, and would also remove any requirement for
 applications to explicitly use the "dynamic" ENGINE to bind to shared-library
 implementations.
diff --git a/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod b/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
index f81f692..f62a869 100644
--- a/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
@@ -28,7 +28,7 @@ SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
 
 SSL_CIPHER_description() returns a textual description of the cipher used
 into the buffer B<buf> of length B<len> provided. B<len> must be at least
-128 bytes, otherwise a pointer to the the string "Buffer too small" is
+128 bytes, otherwise a pointer to the string "Buffer too small" is
 returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
 OPENSSL_malloc(). If the allocation fails, a pointer to the string
 "OPENSSL_malloc Error" is returned.
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
index fa63263..eaed190 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
@@ -201,6 +201,15 @@ When performing renegotiation as a server, always start a new session
 (i.e., session resumption requests are only accepted in the initial
 handshake).  This option is not needed for clients.
 
+=item SSL_OP_NO_TICKET
+
+Normally clients and servers will, where possible, transparently make use
+of RFC4507bis tickets for stateless session resumption if extension support
+is explicitly set when OpenSSL is compiled.
+
+If this option is set this functionality is disabled and tickets will
+not be used by clients or servers.
+
 =back
 
 =head1 RETURN VALUES
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
index ca8d81b..8156683 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
@@ -28,7 +28,7 @@ specifies the B<verify_callback> function to be used. If no callback function
 shall be specified, the NULL pointer can be used for B<verify_callback>. In
 this case last B<verify_callback> set specifically for this B<ssl> remains. If
 no special B<callback> was set before, the default callback for the underlying
-B<ctx> is used, that was valid at the the time B<ssl> was created with
+B<ctx> is used, that was valid at the time B<ssl> was created with
 L<SSL_new(3)|SSL_new(3)>.
 
 SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
diff --git a/crypto/openssl/doc/ssl/SSL_SESSION_free.pod b/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
index 558de01..110ec73 100644
--- a/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
+++ b/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
@@ -14,7 +14,7 @@ SSL_SESSION_free - free an allocated SSL_SESSION structure
 
 SSL_SESSION_free() decrements the reference count of B<session> and removes
 the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
-memory, if the the reference count has reached 0.
+memory, if the reference count has reached 0.
 
 =head1 NOTES
 
diff --git a/crypto/openssl/doc/ssl/SSL_free.pod b/crypto/openssl/doc/ssl/SSL_free.pod
index 2d4f8b6..13c1abd 100644
--- a/crypto/openssl/doc/ssl/SSL_free.pod
+++ b/crypto/openssl/doc/ssl/SSL_free.pod
@@ -14,7 +14,7 @@ SSL_free - free an allocated SSL structure
 
 SSL_free() decrements the reference count of B<ssl>, and removes the SSL
 structure pointed to by B<ssl> and frees up the allocated memory if the
-the reference count has reached 0.
+reference count has reached 0.
 
 =head1 NOTES
 
diff --git a/crypto/openssl/doc/ssl/SSL_read.pod b/crypto/openssl/doc/ssl/SSL_read.pod
index f6c37f7..7038cd2 100644
--- a/crypto/openssl/doc/ssl/SSL_read.pod
+++ b/crypto/openssl/doc/ssl/SSL_read.pod
@@ -64,6 +64,11 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 
+L<SSL_pending(3)|SSL_pending(3)> can be used to find out whether there
+are buffered bytes available for immediate retrieval. In this case
+SSL_read() can be called without blocking or actually receiving new
+data from the underlying socket.
+
 =head1 WARNING
 
 When an SSL_read() operation has to be repeated because of
@@ -112,6 +117,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
 L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
 L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_pending(3)|SSL_pending(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
 L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
 
diff --git a/crypto/openssl/doc/ssleay.txt b/crypto/openssl/doc/ssleay.txt
index c753129..a8b04d7 100644
--- a/crypto/openssl/doc/ssleay.txt
+++ b/crypto/openssl/doc/ssleay.txt
@@ -3800,9 +3800,9 @@ made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
 copies of the origional postings if people are interested.  RSA I believe 
 claim that they were 'trade-secrets' and that some-one broke an NDA in 
 revealing them.  Other claim they reverse engineered the algorithms from 
-compiled binaries.  If the algorithms were reverse engineered, I belive 
+compiled binaries.  If the algorithms were reverse engineered, I believe 
 RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
-Regardless, RSA, I belive, is willing to go to court over the issue so 
+Regardless, RSA, I believe, is willing to go to court over the issue so 
 licencing is probably the best idea, or at least talk to them.
 If there are people who actually know more about this, pease let me know, I 
 don't want to vilify or spread miss-information if I can help it.
diff --git a/crypto/openssl/doc/standards.txt b/crypto/openssl/doc/standards.txt
index bda55d1..a5ce778 100644
--- a/crypto/openssl/doc/standards.txt
+++ b/crypto/openssl/doc/standards.txt
@@ -100,6 +100,15 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
      (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
      bytes) (Status: PROPOSED STANDARD)
 
+4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
+     H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
+     (Status: PROPOSED STANDARD)
+
+4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
+     D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
+     (Obsoletes RFC4009) (Status: INFORMATIONAL)
+
+
 Related:
 --------