path: root/crypto/openssl/doc
diff options
Diffstat (limited to 'crypto/openssl/doc')
130 files changed, 14037 insertions, 67 deletions
diff --git a/crypto/openssl/doc/README b/crypto/openssl/doc/README
index a9a5882..14469a8 100644
--- a/crypto/openssl/doc/README
+++ b/crypto/openssl/doc/README
@@ -1,9 +1,9 @@
- openssl.pod ..... Documentation of OpenSSL `openssl' command
- crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a
- ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
- ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete]
- openssl.txt ..... Assembled documentation files for OpenSSL [not final]
+ apps/openssl.pod .... Documentation of OpenSSL `openssl' command
+ crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a
+ ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
+ openssl.txt ......... Assembled documentation files for OpenSSL [not final]
+ ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
An archive of HTML documents for the SSLeay library is available from
diff --git a/crypto/openssl/doc/apps/ b/crypto/openssl/doc/apps/
new file mode 100644
index 0000000..9d287f0
--- /dev/null
+++ b/crypto/openssl/doc/apps/
@@ -0,0 +1,167 @@
+=head1 NAME
+ - friendlier interface for OpenSSL certificate programs
+=head1 SYNOPSIS
+The B<> script is a perl script that supplies the relevant command line
+arguments to the B<openssl> command for some common certificate operations.
+It is intended to simplify the process of certificate creation and management
+by the use of some simple options.
+=over 4
+=item B<?>, B<-h>, B<-help>
+prints a usage message.
+=item B<-newcert>
+creates a new self signed certificate. The private key and certificate are
+written to the file "newreq.pem".
+=item B<-newreq>
+creates a new certificate request. The private key and request are
+written to the file "newreq.pem".
+=item B<-newca>
+creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
+and B<-xsign> options). The user is prompted to enter the filename of the CA
+certificates (which should also contain the private key) or by hitting ENTER
+details of the CA will be prompted for. The relevant files and directories
+are created in a directory called "demoCA" in the current directory.
+=item B<-pkcs12>
+create a PKCS#12 file containing the user certificate, private key and CA
+certificate. It expects the user certificate and private key to be in the
+file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
+it creates a file "newcert.p12". This command can thus be called after the
+B<-sign> option. The PKCS#12 file can be imported directly into a browser.
+If there is an additional argument on the command line it will be used as the
+"friendly name" for the certificate (which is typically displayed in the browser
+list box), otherwise the name "My Certificate" is used.
+=item B<-sign>, B<-signreq>, B<-xsign>
+calls the B<ca> program to sign a certificate request. It expects the request
+to be in the file "newreq.pem". The new certificate is written to the file
+"newcert.pem" except in the case of the B<-xcert> option when it is written
+to standard output.
+=item B<-signcert>
+this option is the same as B<-sign> except it expects a self signed certificate
+to be present in the file "newreq.pem".
+=item B<-verify>
+verifies certificates against the CA certificate for "demoCA". If no certificates
+are specified on the command line it tries to verify the file "newcert.pem".
+=item B<files>
+one or more optional certificate file names for use with the B<-verify> command.
+=head1 EXAMPLES
+Create a CA hierarchy:
+ -newca
+Complete certificate creation example: create a CA, create a request, sign
+the request and finally create a PKCS#12 file containing it.
+ -newca
+ -newreq
+ -signreq
+ -pkcs12 "My Test Certificate"
+Although the B<> creates RSA CAs and requests it is still possible to
+use it with DSA certificates and requests using the L<req(1)|req(1)> command
+directly. The following example shows the steps that would typically be taken.
+Create some DSA parameters:
+ openssl dsaparam -out dsap.pem 1024
+Create a DSA CA certificate and private key:
+ openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
+Create the CA directories and files:
+ -newca
+enter cacert.pem when prompted for the CA file name.
+Create a DSA certificate request and privat key (a different set of parameters
+can optionally be created first):
+ openssl req -out newreq.pem -newkey dsa:dsap.pem
+Sign the request:
+ -signreq
+=head1 NOTES
+Most of the filenames mentioned can be modified by editing the B<> script.
+If the demoCA directory already exists then the B<-newca> command will not
+overwrite it and will do nothing. This can happen if a previous call using
+the B<-newca> option terminated abnormally. To get the correct behaviour
+delete the demoCA directory if it already exists.
+Under some environments it may not be possible to run the B<> script
+directly (for example Win32) and the default configuration file location may
+be wrong. In this case the command:
+ perl -S
+can be used and the B<OPENSSL_CONF> environment variable changed to point to
+the correct path of the configuration file "openssl.cnf".
+The script is intended as a simple front end for the B<openssl> program for use
+by a beginner. Its behaviour isn't always what is wanted. For more control over the
+behaviour of the certificate commands call the B<openssl> command directly.
+The variable B<OPENSSL_CONF> if defined allows an alternative configuration
+file location to be specified, it should contain the full path to the
+configuration file, not just its directory.
+=head1 SEE ALSO
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>,
diff --git a/crypto/openssl/doc/apps/asn1parse.pod b/crypto/openssl/doc/apps/asn1parse.pod
new file mode 100644
index 0000000..e76e981
--- /dev/null
+++ b/crypto/openssl/doc/apps/asn1parse.pod
@@ -0,0 +1,129 @@
+=head1 NAME
+asn1parse - ASN.1 parsing tool
+=head1 SYNOPSIS
+B<openssl> B<asn1parse>
+[B<-inform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-offset number>]
+[B<-length number>]
+[B<-oid filename>]
+[B<-strparse offset>]
+The B<asn1parse> command is a diagnostic utility that can parse ASN.1
+structures. It can also be used to extract data from ASN.1 formatted data.
+=head1 OPTIONS
+=over 4
+=item B<-inform> B<DER|PEM>
+the input format. B<DER> is binary format and B<PEM> (the default) is base64
+=item B<-in filename>
+the input file, default is standard input
+=item B<-out filename>
+output file to place the DER encoded data into. If this
+option is not present then no data will be output. This is most useful when
+combined with the B<-strparse> option.
+=item B<-noout>
+don't output the parsed version of the input file.
+=item B<-offset number>
+starting offset to begin parsing, default is start of file.
+=item B<-length number>
+number of bytes to parse, default is until end of file.
+=item B<-i>
+indents the output according to the "depth" of the structures.
+=item B<-oid filename>
+a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
+file is described in the NOTES section below.
+=item B<-strparse offset>
+parse the contents octets of the ASN.1 object starting at B<offset>. This
+option can be used multiple times to "drill down" into a nested structure.
+=head2 OUTPUT
+The output will typically contain lines like this:
+ 0:d=0 hl=4 l= 681 cons: SEQUENCE
+ 229:d=3 hl=3 l= 141 prim: BIT STRING
+ 373:d=2 hl=3 l= 162 cons: cont [ 3 ]
+ 376:d=3 hl=3 l= 159 cons: SEQUENCE
+ 379:d=4 hl=2 l= 29 cons: SEQUENCE
+ 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
+ 386:d=5 hl=2 l= 22 prim: OCTET STRING
+ 410:d=4 hl=2 l= 112 cons: SEQUENCE
+ 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
+ 417:d=5 hl=2 l= 105 prim: OCTET STRING
+ 524:d=4 hl=2 l= 12 cons: SEQUENCE
+This example is part of a self signed certificate. Each line starts with the
+offset in decimal. B<d=XX> specifies the current depth. The depth is increased
+within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
+(tag and length octets) of the current type. B<l=XX> gives the length of
+the contents octets.
+The B<-i> option can be used to make the output more readable.
+Some knowledge of the ASN.1 structure is needed to interpret the output.
+In this example the BIT STRING at offset 229 is the certificate public key.
+The contents octets of this will contain the public key information. This can
+be examined using the option B<-strparse 229> to yield:
+ 0:d=0 hl=3 l= 137 cons: SEQUENCE
+ 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+ 135:d=1 hl=2 l= 3 prim: INTEGER :010001
+=head1 NOTES
+If an OID is not part of OpenSSL's internal table it will be represented in
+numerical form (for example The file passed to the B<-oid> option
+allows additional OIDs to be included. Each line consists of three columns,
+the first column is the OID in numerical format and should be followed by white
+space. The second column is the "short name" which is a single word followed
+by white space. The final column is the rest of the line and is the
+"long name". B<asn1parse> displays the long name. Example:
+C< shortName A long name>
+=head1 BUGS
+There should be options to change the format of input lines. The output of some
+ASN.1 types is not well handled (if at all).
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod
new file mode 100644
index 0000000..03209aa
--- /dev/null
+++ b/crypto/openssl/doc/apps/ca.pod
@@ -0,0 +1,479 @@
+=head1 NAME
+ca - sample minimal CA application
+=head1 SYNOPSIS
+B<openssl> B<ca>
+[B<-config filename>]
+[B<-name section>]
+[B<-revoke file>]
+[B<-crldays days>]
+[B<-crlhours hours>]
+[B<-crlexts section>]
+[B<-startdate date>]
+[B<-enddate date>]
+[B<-days arg>]
+[B<-md arg>]
+[B<-policy arg>]
+[B<-keyfile arg>]
+[B<-key arg>]
+[B<-cert file>]
+[B<-in file>]
+[B<-out file>]
+[B<-outdir dir>]
+[B<-spkac file>]
+[B<-ss_cert file>]
+[B<-extensions section>]
+The B<ca> command is a minimal CA application. It can be used
+to sign certificate requests in a variety of forms and generate
+CRLs it also maintains a text database of issued certificates
+and their status.
+The options descriptions will be divided into each purpose.
+=head1 CA OPTIONS
+=over 4
+=item B<-config filename>
+specifies the configuration file to use.
+=item B<-in filename>
+an input filename containing a single certificate request to be
+signed by the CA.
+=item B<-ss_cert filename>
+a single self signed certificate to be signed by the CA.
+=item B<-spkac filename>
+a file containing a single Netscape signed public key and challenge
+and additional field values to be signed by the CA. See the B<NOTES>
+section for information on the required format.
+=item B<-infiles>
+if present this should be the last option, all subsequent arguments
+are assumed to the the names of files containing certificate requests.
+=item B<-out filename>
+the output file to output certificates to. The default is standard
+output. The certificate details will also be printed out to this
+=item B<-outdir directory>
+the directory to output certificates to. The certificate will be
+written to a filename consisting of the serial number in hex with
+".pem" appended.
+=item B<-cert>
+the CA certificate file.
+=item B<-keyfile filename>
+the private key to sign requests with.
+=item B<-key password>
+the password used to encrypt the private key. Since on some
+systems the command line arguments are visible (e.g. Unix with
+the 'ps' utility) this option should be used with caution.
+=item B<-verbose>
+this prints extra details about the operations being performed.
+=item B<-notext>
+don't output the text form of a certificate to the output file.
+=item B<-startdate date>
+this allows the start date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+=item B<-enddate date>
+this allows the expiry date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+=item B<-days arg>
+the number of days to certify the certificate for.
+=item B<-md alg>
+the message digest to use. Possible values include md5, sha1 and mdc2.
+This option also applies to CRLs.
+=item B<-policy arg>
+this option defines the CA "policy" to use. This is a section in
+the configuration file which decides which fields should be mandatory
+or match the CA certificate. Check out the B<POLICY FORMAT> section
+for more information.
+=item B<-msie_hack>
+this is a legacy option to make B<ca> work with very old versions of
+the IE certificate enrollment control "certenr3". It used UniversalStrings
+for almost everything. Since the old control has various security bugs
+its use is strongly discouraged. The newer control "Xenroll" does not
+need this option.
+=item B<-preserveDN>
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order
+is the same as the request. This is largely for compatibility with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
+=item B<-batch>
+this sets the batch mode. In this mode no questions will be asked
+and all certificates will be certified automatically.
+=item B<-extensions section>
+the section of the configuration file containing certificate extensions
+to be added when a certificate is issued. If no extension section is
+present then a V1 certificate is created. If the extension section
+is present (even if it is empty) then a V3 certificate is created.
+=over 4
+=item B<-gencrl>
+this option generates a CRL based on information in the index file.
+=item B<-crldays num>
+the number of days before the next CRL is due. That is the days from
+now to place in the CRL nextUpdate field.
+=item B<-crlhours num>
+the number of hours before the next CRL is due.
+=item B<-revoke filename>
+a filename containing a certificate to revoke.
+=item B<-crlexts section>
+the section of the configuration file containing CRL extensions to
+include. If no CRL extension section is present then a V1 CRL is
+created, if the CRL extension section is present (even if it is
+empty) then a V2 CRL is created. The CRL extensions specified are
+CRL extensions and B<not> CRL entry extensions. It should be noted
+that some software (for example Netscape) can't handle V2 CRLs.
+The options for B<ca> are contained in the B<ca> section of the
+configuration file. Many of these are identical to command line
+options. Where the option is present in the configuration file
+and the command line the command line value is used. Where an
+option is described as mandatory then it must be present in
+the configuration file or the command line equivalent (if
+any) used.
+=over 4
+=item B<oid_file>
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+=item B<oid_section>
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+=item B<new_certs_dir>
+the same as the B<-outdir> command line option. It specifies
+the directory where new certificates will be placed. Mandatory.
+=item B<certificate>
+the same as B<-cert>. It gives the file containing the CA
+certificate. Mandatory.
+=item B<private_key>
+same as the B<-keyfile> option. The file containing the
+CA private key. Mandatory.
+=item B<RANDFILE>
+a file used to read and write random number seed information, or
+an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+=item B<default_days>
+the same as the B<-days> option. The number of days to certify
+a certificate for.
+=item B<default_startdate>
+the same as the B<-startdate> option. The start date to certify
+a certificate for. If not set the current time is used.
+=item B<default_enddate>
+the same as the B<-enddate> option. Either this option or
+B<default_days> (or the command line equivalents) must be
+=item B<default_crl_hours default_crl_days>
+the same as the B<-crlhours> and the B<-crldays> options. These
+will only be used if neither command line option is present. At
+least one of these must be present to generate a CRL.
+=item B<default_md>
+the same as the B<-md> option. The message digest to use. Mandatory.
+=item B<database>
+the text database file to use. Mandatory. This file must be present
+though initially it will be empty.
+=item B<serialfile>
+a text file containing the next serial number to use in hex. Mandatory.
+This file must be present and contain a valid serial number.
+=item B<x509_extensions>
+the same as B<-extensions>.
+=item B<crl_extensions>
+the same as B<-crlexts>.
+=item B<preserve>
+the same as B<-preserveDN>
+=item B<msie_hack>
+the same as B<-msie_hack>
+=item B<policy>
+the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
+for more information.
+The policy section consists of a set of variables corresponding to
+certificate DN fields. If the value is "match" then the field value
+must match the same field in the CA certificate. If the value is
+"supplied" then it must be present. If the value is "optional" then
+it may be present. Any fields not mentioned in the policy section
+are silently deleted, unless the B<-preserveDN> option is set but
+this can be regarded more of a quirk than intended behaviour.
+The input to the B<-spkac> command line option is a Netscape
+signed public key and challenge. This will usually come from
+the B<KEYGEN> tag in an HTML form to create a new private key.
+It is however possible to create SPKACs using the B<spkac> utility.
+The file should contain the variable SPKAC set to the value of
+the SPKAC and also the required DN components as name value pairs.
+If you need to include the same component twice then it can be
+preceded by a number and a '.'.
+=head1 EXAMPLES
+Note: these examples assume that the B<ca> directory structure is
+already set up and the relevant files already exist. This usually
+involves creating a CA certificate and private key with B<req>, a
+serial number file and an empty index file and placing them in
+the relevant directories.
+To use the sample configuration file below the directories demoCA,
+demoCA/private and demoCA/newcerts would be created. The CA
+certificate would be copied to demoCA/cacert.pem and its private
+key to demoCA/private/cakey.pem. A file demoCA/serial would be
+created containing for example "01" and the empty index file
+Sign a certificate request:
+ openssl ca -in req.pem -out newcert.pem
+Generate a CRL
+ openssl ca -gencrl -out crl.pem
+Sign several requests:
+ openssl ca -infiles req1.pem req2.pem req3.pem
+Certify a Netscape SPKAC:
+ openssl ca -spkac spkac.txt
+A sample SPKAC file (the SPKAC line has been truncated for clarity):
+ CN=Steve Test
+ 0.OU=OpenSSL Group
+ 1.OU=Another Group
+A sample configuration file with the relevant sections for B<ca>:
+ [ ca ]
+ default_ca = CA_default # The default ca section
+ [ CA_default ]
+ dir = ./demoCA # top dir
+ database = $dir/index.txt # index file.
+ new_certs_dir = $dir/newcerts # new certs dir
+ certificate = $dir/cacert.pem # The CA cert
+ serial = $dir/serial # serial no file
+ private_key = $dir/private/cakey.pem# CA private key
+ RANDFILE = $dir/private/.rand # random number file
+ default_days = 365 # how long to certify for
+ default_crl_days= 30 # how long before next CRL
+ default_md = md5 # md to use
+ policy = policy_any # default policy
+ [ policy_any ]
+ countryName = supplied
+ stateOrProvinceName = optional
+ organizationName = optional
+ organizationalUnitName = optional
+ commonName = supplied
+ emailAddress = optional
+=head1 WARNINGS
+The B<ca> command is quirky and at times downright unfriendly.
+The B<ca> utility was originally meant as an example of how to do things
+in a CA. It was not supposed be be used as a full blown CA itself:
+nevertheless some people are using it for this purpose.
+The B<ca> command is effectively a single user command: no locking is
+done on the various files and attempts to run more than one B<ca> command
+on the same database can have unpredictable results.
+=head1 FILES
+Note: the location of all files can change either by compile time options,
+configuration file entries, environment variables or command line options.
+The values below reflect the default values.
+ /usr/local/ssl/lib/openssl.cnf - master configuration file
+ ./demoCA - main CA directory
+ ./demoCA/cacert.pem - CA certificate
+ ./demoCA/private/cakey.pem - CA private key
+ ./demoCA/serial - CA serial number file
+ ./demoCA/serial.old - CA serial number backup file
+ ./demoCA/index.txt - CA text database file
+ ./demoCA/index.txt.old - CA text database backup file
+ ./demoCA/certs - certificate output file
+ ./demoCA/.rnd - CA random seed information
+B<OPENSSL_CONF> reflects the location of master configuration file it can
+be overridden by the B<-config> command line option.
+The text database index file is a critical part of the process and
+if corrupted it can be difficult to fix. It is theoretically possible
+to rebuild the index file from all the issued certificates and a current
+CRL: however there is no option to do this.
+CRL entry extensions cannot currently be created: only CRL extensions
+can be added.
+V2 CRL features like delta CRL support and CRL numbers are not currently
+Although several requests can be input and handled at once it is only
+possible to include one SPKAC or self signed certificate.
+=head1 BUGS
+The use of an in memory text database can cause problems when large
+numbers of certificates are present because, as the name implies
+the database has to be kept in memory.
+Certificate request extensions are ignored: some kind of "policy" should
+be included to use certain static extensions and certain extensions
+from the request.
+It is not possible to certify two certificates with the same DN: this
+is a side effect of how the text database is indexed and it cannot easily
+be fixed without introducing other problems. Some S/MIME clients can use
+two certificates with the same DN for separate signing and encryption
+The B<ca> command really needs rewriting or the required functionality
+exposed at either a command or interface level so a more friendly utility
+(perl script or GUI) can handle things properly. The scripts B<> and
+B<> help a little but not very much.
+Any fields in a request that are not present in a policy are silently
+deleted. This does not happen if the B<-preserveDN> option is used but
+the extra fields are not displayed when the user is asked to certify
+a request. The behaviour should be more friendly and configurable.
+Cancelling some commands by refusing to certify a certificate can
+create an empty file.
+=head1 SEE ALSO
+L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<|>,
diff --git a/crypto/openssl/doc/apps/ciphers.pod b/crypto/openssl/doc/apps/ciphers.pod
new file mode 100644
index 0000000..2301e28
--- /dev/null
+++ b/crypto/openssl/doc/apps/ciphers.pod
@@ -0,0 +1,342 @@
+=head1 NAME
+ciphers - SSL cipher display and cipher list tool.
+=head1 SYNOPSIS
+B<openssl> B<ciphers>
+The B<cipherlist> command converts OpenSSL cipher lists into ordered
+SSL cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+=over 4
+=item B<-v>
+verbose option. List ciphers with a complete description of the authentication,
+key exchange, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an "export" cipher.
+=item B<-ssl3>
+only include SSL v3 ciphers.
+=item B<-ssl2>
+only include SSL v2 ciphers.
+=item B<-tls1>
+only include TLS v1 ciphers.
+=item B<-h>, B<-?>
+print a brief usage message.
+=item B<cipherlist>
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+The cipher list consists of one or more I<cipher strings> separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+The actual cipher string can take several different forms.
+It can consist of a single cipher suite such as B<RC4-SHA>.
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example B<SHA1> represents all ciphers
+suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
+Lists of cipher suites can be combined in a single cipher string using the
+B<+> character. This is used as a logical B<and> operation. For example
+B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+Each cipher string can be optionally preceded by the characters B<!>,
+B<-> or B<+>.
+If B<!> is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+If B<-> is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+If B<+> is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+Additionally the cipher string B<@STRENGTH> can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+The following is a list of all permitted cipher strings and their meanings.
+=over 4
+=item B<DEFAULT>
+the default cipher list. This is determined at compile time and is normally
+B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+=item B<ALL>
+all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+=item B<HIGH>
+"high" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits.
+=item B<MEDIUM>
+"medium" encryption cipher suites, currently those using 128 bit encryption.
+=item B<LOW>
+"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+but excluding export cipher suites.
+=item B<EXP>, B<EXPORT>
+export encryption algorithms. Including 40 and 56 bits algorithms.
+=item B<EXPORT40>
+40 bit export encryption algorithms
+=item B<EXPORT56>
+56 bit export encryption algorithms.
+=item B<eNULL>, B<NULL>
+the "NULL" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are disabled unless explicitly
+=item B<aNULL>
+the cipher suites offering no authentication. This is currently the anonymous
+DH algorithms. These cipher suites are vulnerable to a "man in the middle"
+attack and so their use is normally discouraged.
+=item B<kRSA>, B<RSA>
+cipher suites using RSA key exchange.
+=item B<kEDH>
+cipher suites using ephemeral DH key agreement.
+=item B<kDHr>, B<kDHd>
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
+and DSS keys respectively. Not implemented.
+=item B<aRSA>
+cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
+=item B<aDSS>, B<DSS>
+cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
+=item B<aDH>
+cipher suites effectively using DH authentication, i.e. the certificates carry
+DH keys. Not implemented.
+=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
+ciphers suites using FORTEZZA key exchange, authentication, encryption or all
+FORTEZZA algorithms. Not implemented.
+=item B<TLSv1>, B<SSLv3>, B<SSLv2>
+TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
+=item B<DH>
+cipher suites using DH, including anonymous DH.
+=item B<ADH>
+anonymous DH cipher suites.
+=item B<3DES>
+cipher suites using triple DES.
+=item B<DES>
+cipher suites using DES (not triple DES).
+=item B<RC4>
+cipher suites using RC4.
+=item B<RC2>
+cipher suites using RC2.
+=item B<IDEA>
+cipher suites using IDEA.
+=item B<MD5>
+cipher suites using MD5.
+=item B<SHA1>, B<SHA>
+cipher suites using SHA1.
+The following lists give the SSL or TLS cipher suites names from the
+relevant specification and their OpenSSL equivalents.
+=head2 SSL v3.0 cipher suites.
+ SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+ SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+ SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
+=head2 TLS v1.0 cipher suites.
+ TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+ TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+=head2 Additional Export 1024 and other cipher suites
+Note: these ciphers can also be used in SSL v3.
+=head2 SSL v2.0 cipher suites.
+=head1 NOTES
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
+because there is no support for DH certificates.
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+=head1 EXAMPLES
+Verbose listing of all OpenSSL ciphers including NULL ciphers:
+ openssl ciphers -v 'ALL:eNULL'
+Include all ciphers except NULL and anonymous DH then sort by
+ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+Include only 3DES ciphers and then place RSA ciphers last:
+ openssl ciphers -v '3DES:+RSA'
+=head1 SEE ALSO
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
diff --git a/crypto/openssl/doc/apps/config.pod b/crypto/openssl/doc/apps/config.pod
new file mode 100644
index 0000000..ce874a4
--- /dev/null
+++ b/crypto/openssl/doc/apps/config.pod
@@ -0,0 +1,138 @@
+=head1 NAME
+config - OpenSSL CONF library configuration files
+The OpenSSL CONF library can be used to read configuration files.
+It is used for the OpenSSL master configuration file B<openssl.cnf>
+and in a few other places like B<SPKAC> files and certificate extension
+files for the B<x509> utility.
+A configuration file is divided into a number of sections. Each section
+starts with a line B<[ section_name ]> and ends when a new section is
+started or end of file is reached. A section name can consist of
+alphanumeric characters and underscores.
+The first section of a configuration file is special and is referred
+to as the B<default> section this is usually unnamed and is from the
+start of file until the first named section. When a name is being looked up
+it is first looked up in a named section (if any) and then the
+default section.
+The environment is mapped onto a section called B<ENV>.
+Comments can be included by preceding them with the B<#> character
+Each section in a configuration file consists of a number of name and
+value pairs of the form B<name=value>
+The B<name> string can contain any alphanumeric characters as well as
+a few punctuation symbols such as B<.> B<,> B<;> and B<_>.
+The B<value> string consists of the string following the B<=> character
+until end of line with any leading and trailing white space removed.
+The value string undergoes variable expansion. This can be done by
+including the form B<$var> or B<${var}>: this will substitute the value
+of the named variable in the current section. It is also possible to
+substitute a value from another section using the syntax B<$section::name>
+or B<${section::name}>. By using the form B<$ENV::name> environment
+variables can be substituted. It is also possible to assign values to
+environment variables by using the name B<ENV::name>, this will work
+if the program looks up environment variables using the B<CONF> library
+instead of calling B<getenv()> directly.
+It is possible to escape certain characters by using any kind of quote
+or the B<\> character. By making the last character of a line a B<\>
+a B<value> string can be spread across multiple lines. In addition
+the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
+=head1 NOTES
+If a configuration file attempts to expand a variable that doesn't exist
+then an error is flagged and the file will not load. This can happen
+if an attempt is made to expand an environment variable that doesn't
+exist. For example the default OpenSSL master configuration file used
+the value of B<HOME> which may not be defined on non Unix systems.
+This can be worked around by including a B<default> section to provide
+a default value: then if the environment lookup fails the default value
+will be used instead. For this to work properly the default value must
+be defined earlier in the configuration file than the expansion. See
+the B<EXAMPLES> section for an example of how to do this.
+If the same variable exists in the same section then all but the last
+value will be silently ignored. In certain circumstances such as with
+DNs the same field may occur multiple times. This is usually worked
+around by ignoring any characters before an initial B<.> e.g.
+ 1.OU="My first OU"
+ 2.OU="My Second OU"
+=head1 EXAMPLES
+Here is a sample configuration file using some of the features
+mentioned above.
+ # This is the default section.
+ HOME=/temp
+ configdir=$ENV::HOME/config
+ [ section_one ]
+ # We are now in section one.
+ # Quotes permit leading and trailing whitespace
+ any = " any variable name "
+ other = A string that can \
+ cover several lines \
+ by including \\ characters
+ message = Hello World\n
+ [ section_two ]
+ greeting = $section_one::message
+This next example shows how to expand environment variables safely.
+Suppose you want a variable called B<tmpfile> to refer to a
+temporary filename. The directory it is placed in can determined by
+the the B<TEMP> or B<TMP> environment variables but they may not be
+set to any value at all. If you just include the environment variable
+names and the variable doesn't exist then this will cause an error when
+an attempt is made to load the configuration file. By making use of the
+default section both values can be looked up with B<TEMP> taking
+priority and B</tmp> used if neither is defined:
+ TMP=/tmp
+ # The above value is used if TMP isn't in the environment
+ # The above value is used if TEMP isn't in the environment
+ tmpfile=${ENV::TEMP}/tmp.filename
+=head1 BUGS
+Currently there is no way to include characters using the octal B<\nnn>
+form. Strings are all null terminated so nulls cannot form part of
+the value.
+The escaping isn't quite right: if you want to use sequences like B<\n>
+you can't use any quote escaping on the same line.
+Files are loaded in a single pass. This means that an variable expansion
+will only work if the variables referenced are defined earlier in the
+=head1 SEE ALSO
+L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)>
diff --git a/crypto/openssl/doc/apps/crl.pod b/crypto/openssl/doc/apps/crl.pod
new file mode 100644
index 0000000..a40c873
--- /dev/null
+++ b/crypto/openssl/doc/apps/crl.pod
@@ -0,0 +1,117 @@
+=head1 NAME
+crl - CRL utility
+=head1 SYNOPSIS
+B<openssl> B<crl>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+The B<crl> command processes CRL files in DER or PEM format.
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. B<DER> format is DER encoded CRL
+structure. B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read from or standard input if this
+option is not specified.
+=item B<-out filename>
+specifies the output filename to write to or standard output by
+=item B<-text>
+print out the CRL in text form.
+=item B<-noout>
+don't output the encoded version of the CRL.
+=item B<-hash>
+output a hash of the issuer name. This can be use to lookup CRLs in
+a directory by issuer name.
+=item B<-issuer>
+output the issuer name.
+=item B<-lastupdate>
+output the lastUpdate field.
+=item B<-nextupdate>
+output the nextUpdate field.
+=item B<-CAfile file>
+verify the signature on a CRL by looking up the issuing certificate in
+=item B<-CApath dir>
+verify the signature on a CRL by looking up the issuing certificate in
+B<dir>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+=head1 NOTES
+The PEM CRL format uses the header and footer lines:
+ -----BEGIN X509 CRL-----
+ -----END X509 CRL-----
+=head1 EXAMPLES
+Convert a CRL file from PEM to DER:
+ openssl crl -in crl.pem -outform DER -out crl.der
+Output the text form of a DER encoded certificate:
+ openssl crl -in crl.der -text -noout
+=head1 BUGS
+Ideally it should be possible to create a CRL using appropriate options
+and files too.
+=head1 SEE ALSO
+L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
diff --git a/crypto/openssl/doc/apps/crl2pkcs7.pod b/crypto/openssl/doc/apps/crl2pkcs7.pod
new file mode 100644
index 0000000..da199b0
--- /dev/null
+++ b/crypto/openssl/doc/apps/crl2pkcs7.pod
@@ -0,0 +1,90 @@
+=head1 NAME
+crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
+=head1 SYNOPSIS
+B<openssl> B<pkcs7>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+The B<crl2pkcs7> command takes an optional CRL and one or more
+certificates and converts them into a PKCS#7 degenerate "certificates
+only" structure.
+=over 4
+=item B<-inform DER|PEM>
+This specifies the CRL input format. B<DER> format is DER encoded CRL
+structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+=item B<-outform DER|PEM>
+This specifies the PKCS#7 structure output format. B<DER> format is DER
+encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+=item B<-in filename>
+This specifies the input filename to read a CRL from or standard input if this
+option is not specified.
+=item B<-out filename>
+specifies the output filename to write the PKCS#7 structure to or standard
+output by default.
+=item B<-certfile filename>
+specifies a filename containing one or more certificates in B<PEM> format.
+All certificates in the file will be added to the PKCS#7 structure. This
+option can be used more than once to read certificates form multiple
+=item B<-nocrl>
+normally a CRL is included in the output file. With this option no CRL is
+included in the output file and a CRL is not read from the input file.
+=head1 EXAMPLES
+Create a PKCS#7 structure from a certificate and CRL:
+ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+Creates a PKCS#7 structure in DER format with no CRL from several
+different certificates:
+ openssl crl2pkcs7 -nocrl -certfile newcert.pem
+ -certfile demoCA/cacert.pem -outform DER -out p7.der
+=head1 NOTES
+The output file is a PKCS#7 signed data structure containing no signers and
+just certificates and an optional CRL.
+This utility can be used to send certificates and CAs to Netscape as part of
+the certificate enrollment process. This involves sending the DER encoded output
+as MIME type application/x-x509-user-cert.
+The B<PEM> encoded form with the header and footer lines removed can be used to
+install user certificates and CAs in MSIE using the Xenroll control.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod
new file mode 100644
index 0000000..fcfd3ec
--- /dev/null
+++ b/crypto/openssl/doc/apps/dgst.pod
@@ -0,0 +1,49 @@
+=head1 NAME
+dgst, md5, md2, sha1, sha, mdc2, ripemd160 - message digests
+=head1 SYNOPSIS
+B<openssl> B<dgst>
+The digest functions print out the message digest of a supplied file or files
+in hexadecimal form.
+=head1 OPTIONS
+=over 4
+=item B<-c>
+print out the digest in two digit groups separated by colons.
+=item B<-d>
+print out BIO debugging information.
+=item B<file...>
+file or files to digest. If no files are specified then standard input is
+=head1 NOTES
+The digest of choice for all new applications is SHA1. Other digests are
+however still widely used.
diff --git a/crypto/openssl/doc/apps/dhparam.pod b/crypto/openssl/doc/apps/dhparam.pod
new file mode 100644
index 0000000..15aabf4
--- /dev/null
+++ b/crypto/openssl/doc/apps/dhparam.pod
@@ -0,0 +1,133 @@
+=head1 NAME
+dhparam - DH parameter manipulation and generation
+=head1 SYNOPSIS
+B<openssl dhparam>
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in> I<filename>]
+[B<-out> I<filename>]
+[B<-rand> I<file(s)>]
+This command is used to manipulate DH parameter files.
+=head1 OPTIONS
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#3 DHparameter structure. The PEM form is the
+default format: it consists of the B<DER> format base64 encoded with
+additional header and footer lines.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in> I<filename>
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+=item B<-out> I<filename>
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+=item B<-dsaparam>
+If this option is used, DSA rather than DH parameters are read or created;
+they are converted to DH format. Otherwise, "strong" primes (such
+that (p-1)/2 is also prime) will be used for DH parameter generation.
+DH parameter generation with the B<-dsaparam> option is much faster,
+and the recommended exponent length is shorter, which makes DH key
+exchange more efficient. Beware that with such DSA-style DH
+parameters, a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+=item B<-2>, B<-5>
+The generator to use, either 2 or 5. 2 is the default. If present then the
+input file is ignored and parameters are generated instead.
+=item B<-rand> I<file(s)>
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=item I<numbits>
+this option specifies that a parameter set should be generated of size
+I<numbits>. It must be the last option. If not present then a value of 512
+is used. If this option is present then the input file is ignored and
+parameters are generated instead.
+=item B<-noout>
+this option inhibits the output of the encoded version of the parameters.
+=item B<-text>
+this option prints out the DH parameters in human readable form.
+=item B<-C>
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the B<get_dh>I<numbits>B<()> function.
+=head1 WARNINGS
+The program B<dhparam> combines the functionality of the programs B<dh> and
+B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh>
+programs are retained for now but may have different purposes in future
+versions of OpenSSL.
+=head1 NOTES
+PEM format DH parameters use the header and footer lines:
+OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
+This program manipulates DH parameters not keys.
+=head1 BUGS
+There should be a way to generate and manipulate DH keys.
+=head1 SEE ALSO
+=head1 HISTORY
+The B<dhparam> command was added in OpenSSL 0.9.5.
+The B<-dsaparam> option was added in OpenSSL 0.9.6.
diff --git a/crypto/openssl/doc/apps/dsa.pod b/crypto/openssl/doc/apps/dsa.pod
new file mode 100644
index 0000000..28e534b
--- /dev/null
+++ b/crypto/openssl/doc/apps/dsa.pod
@@ -0,0 +1,150 @@
+=head1 NAME
+dsa - DSA key processing
+=head1 SYNOPSIS
+B<openssl> B<dsa>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+The B<dsa> command processes DSA keys. They can be converted between various
+forms and their components printed out. B<Note> This command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. The B<DER> option with a private key uses
+an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
+version (currently zero), p, q, g, the public and private key components
+respectively as ASN.1 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+=item B<-passin arg>
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-out filename>
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+=item B<-passout arg>
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-des|-des3|-idea>
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<dsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+=item B<-text>
+prints out the public, private key components and parameters.
+=item B<-noout>
+this option prevents output of the encoded version of the key.
+=item B<-modulus>
+this option prints out the value of the public key component of the key.
+=item B<-pubin>
+by default a private key is read from the input file: with this option a
+public key is read instead.
+=item B<-pubout>
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+=head1 NOTES
+The PEM private key format uses the header and footer lines:
+The PEM public key format uses the header and footer lines:
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+=head1 EXAMPLES
+To remove the pass phrase on a DSA private key:
+ openssl dsa -in key.pem -out keyout.pem
+To encrypt a private key using triple DES:
+ openssl dsa -in key.pem -des3 -out keyout.pem
+To convert a private key from PEM to DER format:
+ openssl dsa -in key.pem -outform DER -out keyout.der
+To print out the components of a private key to standard output:
+ openssl dsa -in key.pem -text -noout
+To just output the public part of a private key:
+ openssl dsa -in key.pem -pubout -out pubkey.pem
+=head1 SEE ALSO
+L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>,
diff --git a/crypto/openssl/doc/apps/dsaparam.pod b/crypto/openssl/doc/apps/dsaparam.pod
new file mode 100644
index 0000000..8647f34
--- /dev/null
+++ b/crypto/openssl/doc/apps/dsaparam.pod
@@ -0,0 +1,102 @@
+=head1 NAME
+dsaparam - DSA parameter manipulation and generation
+=head1 SYNOPSIS
+B<openssl dsaparam>
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-rand file(s)>]
+This command is used to manipulate or generate DSA parameter files.
+=head1 OPTIONS
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting
+of p, q and g respectively. The PEM form is the default format: it consists
+of the B<DER> format base64 encoded with additional header and footer lines.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read parameters from or standard input if
+this option is not specified. If the B<numbits> parameter is included then
+this option will be ignored.
+=item B<-out filename>
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+=item B<-noout>
+this option inhibits the output of the encoded version of the parameters.
+=item B<-text>
+this option prints out the DSA parameters in human readable form.
+=item B<-C>
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the B<get_dsaXXX()> function.
+=item B<-genkey>
+this option will generate a DSA either using the specified or generated
+=item B<-rand file(s)>
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=item B<numbits>
+this option specifies that a parameter set should be generated of size
+B<numbits>. It must be the last option. If this option is included then
+the input file (if any) is ignored.
+=head1 NOTES
+PEM format DSA parameters use the header and footer lines:
+DSA parameter generation is a slow process and as a result the same set of
+DSA parameters is often used to generate several distinct keys.
+=head1 SEE ALSO
+L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
diff --git a/crypto/openssl/doc/apps/enc.pod b/crypto/openssl/doc/apps/enc.pod
new file mode 100644
index 0000000..e436ccc
--- /dev/null
+++ b/crypto/openssl/doc/apps/enc.pod
@@ -0,0 +1,257 @@
+=head1 NAME
+enc - symmetric cipher routines
+=head1 SYNOPSIS
+B<openssl enc -ciphername>
+[B<-in filename>]
+[B<-out filename>]
+[B<-pass arg>]
+[B<-k password>]
+[B<-kfile filename>]
+[B<-K key>]
+[B<-iv IV>]
+[B<-bufsize number>]
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided. Base64 encoding or decoding can also be performed
+either by itself or in addition to the encryption or decryption.
+=head1 OPTIONS
+=over 4
+=item B<-in filename>
+the input filename, standard input by default.
+=item B<-out filename>
+the output filename, standard output by default.
+=item B<-pass arg>
+the password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-salt>
+use a salt in the key derivation routines. This option should B<ALWAYS>
+be used unless compatibility with previous versions of OpenSSL or SSLeay
+is required. This option is only present on OpenSSL versions 0.9.5 or
+=item B<-nosalt>
+don't use a salt in the key derivation routines. This is the default for
+compatibility with previous versions of OpenSSL and SSLeay.
+=item B<-e>
+encrypt the input data: this is the default.
+=item B<-d>
+decrypt the input data.
+=item B<-a>
+base64 process the data. This means that if encryption is taking place
+the data is base64 encoded after encryption. If decryption is set then
+the input data is base64 decoded before being decrypted.
+=item B<-A>
+if the B<-a> option is set then base64 process the data on one line.
+=item B<-k password>
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the B<-pass> argument.
+=item B<-kfile filename>
+read the password to derive the key from the first line of B<filename>.
+This is for computability with previous versions of OpenSSL. Superseded by
+the B<-pass> argument.
+=item B<-S salt>
+the actual salt to use: this must be represented as a string comprised only
+of hex digits.
+=item B<-K key>
+the actual key to use: this must be represented as a string comprised only
+of hex digits.
+=item B<-iv IV>
+the actual IV to use: this must be represented as a string comprised only
+of hex digits.
+=item B<-p>
+print out the key and IV used.
+=item B<-P>
+print out the key and IV used then immediately exit: don't do any encryption
+or decryption.
+=item B<-bufsize number>
+set the buffer size for I/O
+=item B<-debug>
+debug the BIOs used for I/O.
+=head1 NOTES
+The program can be called either as B<openssl ciphername> or
+B<openssl enc -ciphername>.
+A password will be prompted for to derive the key and IV if necessary.
+The B<-salt> option should B<ALWAYS> be used if the key is being derived
+from a password unless you want compatibility with previous versions of
+OpenSSL and SSLeay.
+Without the B<-salt> option it is possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data. The reason
+for this is that without the salt the same password always generates the same
+encryption key. When the salt is being used the first eight bytes of the
+encrypted data are reserved for the salt: it is generated at random when
+encrypting a file and read from the encrypted file when it is decrypted.
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly. A beginner is advised to just use
+a strong block cipher in CBC mode such as bf or des3.
+All the block ciphers use PKCS#5 padding also known as standard block
+padding: this allows a rudimentary integrity or password check to be
+performed. However since the chance of random data passing the test is
+better than 1 in 256 it isn't a very good test.
+All RC2 ciphers have the same key and effective key length.
+Blowfish and RC5 algorithms use a 128 bit key.
+ base64 Base 64
+ bf-cbc Blowfish in CBC mode
+ bf Alias for bf-cbc
+ bf-cfb Blowfish in CFB mode
+ bf-ecb Blowfish in ECB mode
+ bf-ofb Blowfish in OFB mode
+ cast-cbc CAST in CBC mode
+ cast Alias for cast-cbc
+ cast5-cbc CAST5 in CBC mode
+ cast5-cfb CAST5 in CFB mode
+ cast5-ecb CAST5 in ECB mode
+ cast5-ofb CAST5 in OFB mode
+ des-cbc DES in CBC mode
+ des Alias for des-cbc
+ des-cfb DES in CBC mode
+ des-ofb DES in OFB mode
+ des-ecb DES in ECB mode
+ des-ede-cbc Two key triple DES EDE in CBC mode
+ des-ede Alias for des-ede
+ des-ede-cfb Two key triple DES EDE in CFB mode
+ des-ede-ofb Two key triple DES EDE in OFB mode
+ des-ede3-cbc Three key triple DES EDE in CBC mode
+ des-ede3 Alias for des-ede3-cbc
+ des3 Alias for des-ede3-cbc
+ des-ede3-cfb Three key triple DES EDE CFB mode
+ des-ede3-ofb Three key triple DES EDE in OFB mode
+ desx DESX algorithm.
+ idea-cbc IDEA algorithm in CBC mode
+ idea same as idea-cbc
+ idea-cfb IDEA in CFB mode
+ idea-ecb IDEA in ECB mode
+ idea-ofb IDEA in OFB mode
+ rc2-cbc 128 bit RC2 in CBC mode
+ rc2 Alias for rc2-cbc
+ rc2-cfb 128 bit RC2 in CBC mode
+ rc2-ecb 128 bit RC2 in CBC mode
+ rc2-ofb 128 bit RC2 in CBC mode
+ rc2-64-cbc 64 bit RC2 in CBC mode
+ rc2-40-cbc 40 bit RC2 in CBC mode
+ rc4 128 bit RC4
+ rc4-64 64 bit RC4
+ rc4-40 40 bit RC4
+ rc5-cbc RC5 cipher in CBC mode
+ rc5 Alias for rc5-cbc
+ rc5-cfb RC5 cipher in CBC mode
+ rc5-ecb RC5 cipher in CBC mode
+ rc5-ofb RC5 cipher in CBC mode
+=head1 EXAMPLES
+Just base64 encode a binary file:
+ openssl base64 -in file.bin -out file.b64
+Decode the same file
+ openssl base64 -d -in file.b64 -out file.bin
+Encrypt a file using triple DES in CBC mode using a prompted password:
+ openssl des3 -salt -in file.txt -out file.des3
+Decrypt a file using a supplied password:
+ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+Encrypt a file then base64 encode it (so it can be sent via mail for example)
+using Blowfish in CBC mode:
+ openssl bf -a -salt -in file.txt -out
+Base64 decode a file then decrypt it:
+ openssl bf -d -salt -a -in -out file.txt
+Decrypt some data using a supplied 40 bit RC4 key:
+ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+=head1 BUGS
+The B<-A> option when used with large files doesn't work properly.
+There should be an option to allow an iteration count to be included.
+Like the EVP library the B<enc> program only supports a fixed number of
+algorithms with certain parameters. So if, for example, you want to use RC2
+with a 76 bit key or RC4 with an 84 bit key you can't use this program.
diff --git a/crypto/openssl/doc/apps/gendsa.pod b/crypto/openssl/doc/apps/gendsa.pod
new file mode 100644
index 0000000..3314ace
--- /dev/null
+++ b/crypto/openssl/doc/apps/gendsa.pod
@@ -0,0 +1,58 @@
+=head1 NAME
+gendsa - generate a DSA private key from a set of parameters
+=head1 SYNOPSIS
+B<openssl> B<gendsa>
+[B<-out filename>]
+[B<-rand file(s)>]
+The B<gendsa> command generates a DSA private key from a DSA parameter file
+(which will be typically generated by the B<openssl dsaparam> command).
+=head1 OPTIONS
+=over 4
+=item B<-des|-des3|-idea>
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified no encryption is used.
+=item B<-rand file(s)>
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=item B<paramfile>
+This option specifies the DSA parameter file to use. The parameters in this
+file determine the size of the private key. DSA parameters can be generated
+and examined using the B<openssl dsaparam> command.
+=head1 NOTES
+DSA key generation is little more than random number generation so it is
+much quicker that RSA key generation for example.
+=head1 SEE ALSO
+L<dsaparam(1)|dsaparam(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
diff --git a/crypto/openssl/doc/apps/genrsa.pod b/crypto/openssl/doc/apps/genrsa.pod
new file mode 100644
index 0000000..70d35fe
--- /dev/null
+++ b/crypto/openssl/doc/apps/genrsa.pod
@@ -0,0 +1,88 @@
+=head1 NAME
+genrsa - generate an RSA private key
+=head1 SYNOPSIS
+B<openssl> B<genrsa>
+[B<-out filename>]
+[B<-passout arg>]
+[B<-rand file(s)>]
+The B<genrsa> command generates an RSA private key.
+=head1 OPTIONS
+=over 4
+=item B<-out filename>
+the output filename. If this argument is not specified then standard output is
+=item B<-passout arg>
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-des|-des3|-idea>
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. If none of these options is
+specified no encryption is used. If encryption is used a pass phrase is prompted
+for if it is not supplied via the B<-passout> argument.
+=item B<-F4|-3>
+the public exponent to use, either 65537 or 3. The default is 65537.
+=item B<-rand file(s)>
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=item B<numbits>
+the size of the private key to generate in bits. This must be the last option
+specified. The default is 512.
+=head1 NOTES
+RSA private key generation essentially involves the generation of two prime
+numbers. When generating a private key various symbols will be output to
+indicate the progress of the generation. A B<.> represents each number which
+has passed an initial sieve test, B<+> means a number has passed a single
+round of the Miller-Rabin primality test. A newline means that the number has
+passed all the prime tests (the actual number depends on the key size).
+Because key generation is a random process the time taken to generate a key
+may vary somewhat.
+=head1 BUGS
+A quirk of the prime generation algorithm is that it cannot generate small
+primes. Therefore the number of bits should not be less that 64. For typical
+private keys this will not matter because for security reasons they will
+be much larger (typically 1024 bits).
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/nseq.pod b/crypto/openssl/doc/apps/nseq.pod
new file mode 100644
index 0000000..989c310
--- /dev/null
+++ b/crypto/openssl/doc/apps/nseq.pod
@@ -0,0 +1,70 @@
+=head1 NAME
+nseq - create or examine a netscape certificate sequence
+=head1 SYNOPSIS
+B<openssl> B<nseq>
+[B<-in filename>]
+[B<-out filename>]
+The B<nseq> command takes a file containing a Netscape certificate
+sequence and prints out the certificates contained in it or takes a
+file of certificates and converts it into a Netscape certificate
+=over 4
+=item B<-in filename>
+This specifies the input filename to read or standard input if this
+option is not specified.
+=item B<-out filename>
+specifies the output filename or standard output by default.
+=item B<-toseq>
+normally a Netscape certificate sequence will be input and the output
+is the certificates contained in it. With the B<-toseq> option the
+situation is reversed: a Netscape certificate sequence is created from
+a file of certificates.
+=head1 EXAMPLES
+Output the certificates in a Netscape certificate sequence
+ openssl nseq -in nseq.pem -out certs.pem
+Create a Netscape certificate sequence
+ openssl nseq -in certs.pem -toseq -out nseq.pem
+=head1 NOTES
+The B<PEM> encoded form uses the same headers and footers as a certificate:
+A Netscape certificate sequence is a Netscape specific form that can be sent
+to browsers as an alternative to the standard PKCS#7 format when several
+certificates are sent to the browser: for example during certificate enrollment.
+It is used by Netscape certificate server for example.
+=head1 BUGS
+This program needs a few more options: like allowing DER or PEM input and
+output files and allowing multiple certificate files to be used.
diff --git a/crypto/openssl/doc/apps/openssl.pod b/crypto/openssl/doc/apps/openssl.pod
new file mode 100644
index 0000000..2fc61b6
--- /dev/null
+++ b/crypto/openssl/doc/apps/openssl.pod
@@ -0,0 +1,325 @@
+=head1 NAME
+openssl - OpenSSL command line tool
+=head1 SYNOPSIS
+[ I<command_opts> ]
+[ I<command_args> ]
+B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> ]
+B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+cryptography standards required by them.
+The B<openssl> program is a command line tool for using the various
+cryptography functions of OpenSSL's B<crypto> library from the shell.
+It can be used for
+ o Creation of RSA, DH and DSA key parameters
+ o Creation of X.509 certificates, CSRs and CRLs
+ o Calculation of Message Digests
+ o Encryption and Decryption with Ciphers
+ o SSL/TLS Client and Server Tests
+ o Handling of S/MIME signed or encrypted mail
+The B<openssl> program provides a rich variety of commands (I<command> in the
+SYNOPSIS above), each of which often has a wealth of options and arguments
+(I<command_opts> and I<command_args> in the SYNOPSIS).
+The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>,
+and B<list-cipher-commands> output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present B<openssl> utility.
+The pseudo-command B<no->I<XXX> tests whether a command of the
+specified name is available. If no command named I<XXX> exists, it
+returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
+and prints I<XXX>. In both cases, the output goes to B<stdout> and
+nothing is printed to B<stderr>. Additional command line arguments
+are always ignored. Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
+not able to detect pseudo-commands such as B<quit>,
+B<list->I<...>B<-commands>, or B<no->I<XXX> itself.)
+=over 10
+=item L<B<asn1parse>|asn1parse(1)>
+Parse an ASN.1 sequence.
+=item L<B<ca>|ca(1)>
+Certificate Authority (CA) Management.
+=item L<B<ciphers>|ciphers(1)>
+Cipher Suite Description Determination.
+=item L<B<crl>|crl(1)>
+Certificate Revocation List (CRL) Management.
+=item L<B<crl2pkcs7>|crl2pkcs7(1)>
+CRL to PKCS#7 Conversion.
+=item L<B<dgst>|dgst(1)>
+Message Digest Calculation.
+=item L<B<dh>|dh(1)>
+Diffie-Hellman Data Management.
+=item L<B<dsa>|dsa(1)>
+DSA Data Management.
+=item L<B<dsaparam>|dsaparam(1)>
+DSA Parameter Generation.
+=item L<B<enc>|enc(1)>
+Encoding with Ciphers.
+=item L<B<errstr>|errstr(1)>
+Error Number to Error String Conversion.
+=item L<B<gendh>|gendh(1)>
+Generation of Diffie-Hellman Parameters.
+=item L<B<gendsa>|gendsa(1)>
+Generation of DSA Parameters.
+=item L<B<genrsa>|genrsa(1)>
+Generation of RSA Parameters.
+=item L<B<passwd>|passwd(1)>
+Generation of hashed passwords.
+=item L<B<pkcs7>|pkcs7(1)>
+PKCS#7 Data Management.
+=item L<B<rand>|rand(1)>
+Generate pseudo-random bytes.
+=item L<B<req>|req(1)>
+X.509 Certificate Signing Request (CSR) Management.
+=item L<B<rsa>|rsa(1)>
+RSA Data Management.
+=item L<B<s_client>|s_client(1)>
+This implements a generic SSL/TLS client which can establish a transparent
+connection to a remote server speaking SSL/TLS. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL B<ssl> library.
+=item L<B<s_server>|s_server(1)>
+This implements a generic SSL/TLS server which accepts connections from remote
+clients speaking SSL/TLS. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL B<ssl> library. It provides both an own command
+line oriented protocol for testing SSL functions and a simple HTTP response
+facility to emulate an SSL/TLS-aware webserver.
+=item L<B<s_time>|s_time(1)>
+SSL Connection Timer.
+=item L<B<sess_id>|sess_id(1)>
+SSL Session Data Management.
+=item L<B<smime>|smime(1)>
+S/MIME mail processing.
+=item L<B<speed>|speed(1)>
+Algorithm Speed Measurement.
+=item L<B<verify>|verify(1)>
+X.509 Certificate Verification.
+=item L<B<version>|version(1)>
+OpenSSL Version Information.
+=item L<B<x509>|x509(1)>
+X.509 Certificate Data Management.
+=over 10
+=item B<md2>
+MD2 Digest
+=item B<md5>
+MD5 Digest
+=item B<mdc2>
+MDC2 Digest
+=item B<rmd160>
+RMD-160 Digest
+=item B<sha>
+SHA Digest
+=item B<sha1>
+SHA-1 Digest
+=over 10
+=item B<base64>
+Base64 Encoding
+=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+Blowfish Cipher
+=item B<cast cast-cbc>
+CAST Cipher
+=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+CAST5 Cipher
+=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+DES Cipher
+=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+Triple-DES Cipher
+=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+IDEA Cipher
+=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+RC2 Cipher
+=item B<rc4>
+RC4 Cipher
+=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+RC5 Cipher
+Several commands accept password arguments, typically using B<-passin>
+and B<-passout> for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+=over 10
+=item B<pass:password>
+the actual password is B<password>. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+=item B<env:var>
+obtain the password from the environment variable B<var>. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+=item B<file:pathname>
+the first line of B<pathname> is the password. If the same B<pathname>
+argument is supplied to B<-passin> and B<-passout> arguments then the first
+line will be used for the input password and the next line for the output
+password. B<pathname> need not refer to a regular file: it could for example
+refer to a device or named pipe.
+=item B<fd:number>
+read the password from the file descriptor B<number>. This can be used to
+send the data via a pipe for example.
+=item B<stdin>
+read the password from standard input.
+=head1 SEE ALSO
+L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
+L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
+L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
+L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, L<s_client(1)|s_client(1)>,
+L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
+L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
+=head1 HISTORY
+The openssl(1) document appeared in OpenSSL 0.9.2.
+The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3;
+the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a.
+For notes on the availability of other commands, see their individual
+manual pages.
diff --git a/crypto/openssl/doc/apps/passwd.pod b/crypto/openssl/doc/apps/passwd.pod
new file mode 100644
index 0000000..cee6a2f
--- /dev/null
+++ b/crypto/openssl/doc/apps/passwd.pod
@@ -0,0 +1,69 @@
+=head1 NAME
+passwd - compute password hashes
+=head1 SYNOPSIS
+B<openssl passwd>
+[B<-salt> I<string>]
+[B<-in> I<file>]
+The B<passwd> command computes the hash of a password typed at
+run-time or the hash of each password in a list. The password list is
+taken from the named file for option B<-in file>, from stdin for
+option B<-stdin>, and from the command line otherwise.
+The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm
+are available.
+=head1 OPTIONS
+=over 4
+=item B<-crypt>
+Use the B<crypt> algorithm (default).
+=item B<-apr1>
+Use the B<apr1> algorithm.
+=item B<-salt> I<string>
+Use the specified salt.
+=item B<-in> I<file>
+Read passwords from I<file>.
+=item B<-stdin>
+Read passwords from B<stdin>.
+=item B<-quiet>
+Don't output warnings when passwords given at the command line are truncated.
+=item B<-table>
+In the output list, prepend the cleartext password and a TAB character
+to each password hash.
+=head1 EXAMPLES
+B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
diff --git a/crypto/openssl/doc/apps/pkcs12.pod b/crypto/openssl/doc/apps/pkcs12.pod
new file mode 100644
index 0000000..241f9c4
--- /dev/null
+++ b/crypto/openssl/doc/apps/pkcs12.pod
@@ -0,0 +1,310 @@
+=head1 NAME
+pkcs12 - PKCS#12 file utility
+=head1 SYNOPSIS
+B<openssl> B<pkcs12>
+[B<-inkey filename>]
+[B<-certfile filename>]
+[B<-name name>]
+[B<-caname name>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-password arg>]
+[B<-passin arg>]
+[B<-passout arg>]
+[B<-rand file(s)>]
+The B<pkcs12> command allows PKCS#12 files (sometimes referred to as
+PFX files) to be created and parsed. PKCS#12 files are used by several
+programs including Netscape, MSIE and MS Outlook.
+There are a lot of options the meaning of some depends of whether a PKCS#12 file
+is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12
+file can be created by using the B<-export> option (see below).
+=over 4
+=item B<-in filename>
+This specifies filename of the PKCS#12 file to be parsed. Standard input is used
+by default.
+=item B<-out filename>
+The filename to write certificates and private keys to, standard output by default.
+They are all written in PEM format.
+=item B<-pass arg>, B<-passin arg>
+the PKCS#12 file (i.e. input file) password source. For more information about the
+format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+=item B<-passout arg>
+pass phrase source to encrypt any outputed private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+=item B<-noout>
+this option inhibits output of the keys and certificates to the output file version
+of the PKCS#12 file.
+=item B<-clcerts>
+only output client certificates (not CA certificates).
+=item B<-cacerts>
+only output CA certificates (not client certificates).
+=item B<-nocerts>
+no certificates at all will be output.
+=item B<-nokeys>
+no private keys will be output.
+=item B<-info>
+output additional information about the PKCS#12 file structure, algorithms used and
+iteration counts.
+=item B<-des>
+use DES to encrypt private keys before outputting.
+=item B<-des3>
+use triple DES to encrypt private keys before outputting, this is the default.
+=item B<-idea>
+use IDEA to encrypt private keys before outputting.
+=item B<-nodes>
+don't encrypt the private keys at all.
+=item B<-nomacver>
+don't attempt to verify the integrity MAC before reading the file.
+=item B<-twopass>
+prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+=over 4
+=item B<-export>
+This option specifies that a PKCS#12 file will be created rather than
+=item B<-out filename>
+This specifies filename to write the PKCS#12 file to. Standard output is used
+by default.
+=item B<-in filename>
+The filename to read certificates and private keys from, standard input by default.
+They must all be in PEM format. The order doesn't matter but one private key and
+its corresponding certificate should be present. If additional certificates are
+present they will also be included in the PKCS#12 file.
+=item B<-inkey filename>
+file to read private key from. If not present then a private key must be present
+in the input file.
+=item B<-name friendlyname>
+This specifies the "friendly name" for the certificate and private key. This name
+is typically displayed in list boxes by software importing the file.
+=item B<-certfile filename>
+A filename to read additional certificates from.
+=item B<-caname friendlyname>
+This specifies the "friendly name" for other certificates. This option may be
+used multiple times to specify names for all certificates in the order they
+appear. Netscape ignores friendly names on other certificates whereas MSIE
+displays them.
+=item B<-pass arg>, B<-passout arg>
+the PKCS#12 file (i.e. output file) password source. For more information about
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+=item B<-passin password>
+pass phrase source to decrypt any input private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+=item B<-chain>
+if this option is present then an attempt is made to include the entire
+certificate chain of the user certificate. The standard CA store is used
+for this search. If the search fails it is considered a fatal error.
+=item B<-descert>
+encrypt the certificate using triple DES, this may render the PKCS#12
+file unreadable by some "export grade" software. By default the private
+key is encrypted using triple DES and the certificate using 40 bit RC2.
+=item B<-keypbe alg>, B<-certpbe alg>
+these options allow the algorithm used to encrypt the private key and
+certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms
+can be selected it is advisable only to use PKCS#12 algorithms. See the list
+in the B<NOTES> section for more information.
+=item B<-keyex|-keysig>
+specifies that the private key is to be used for key exchange or just signing.
+This option is only interpreted by MSIE and similar MS software. Normally
+"export grade" software will only allow 512 bit RSA keys to be used for
+encryption purposes but arbitrary length keys for signing. The B<-keysig>
+option marks the key for signing only. Signing only keys can be used for
+S/MIME signing, authenticode (ActiveX control signing) and SSL client
+authentication, however due to a bug only MSIE 5.0 and later support
+the use of signing only keys for SSL client authentication.
+=item B<-nomaciter>, B<-noiter>
+these options affect the iteration counts on the MAC and key algorithms.
+Unless you wish to produce files compatible with MSIE 4.0 you should leave
+these options alone.
+To discourage attacks by using large dictionaries of common passwords the
+algorithm that derives keys from passwords can have an iteration count applied
+to it: this causes a certain part of the algorithm to be repeated and slows it
+down. The MAC is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default both MAC and encryption iteration counts are set to 2048, using
+these options the MAC and encryption iteration counts can be set to 1, since
+this reduces the file security you should not use these options unless you
+really have to. Most software supports both MAC and key iteration counts.
+MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter>
+=item B<-maciter>
+This option is included for compatibility with previous versions, it used
+to be needed to use MAC iterations counts but they are now used by default.
+=item B<-rand file(s)>
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=head1 NOTES
+Although there are a large number of options most of them are very rarely
+used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
+for PKCS#12 file creation B<-export> and B<-name> are also used.
+If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the B<-clcerts> option will solve this problem by only
+outputing the certificate corresponding to the private key. If the CA
+certificates are required then they can be output to a separate file using
+the B<-nokeys -cacerts> options to just output CA certificates.
+The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
+algorithms for private keys and certificates to be specified. Normally
+the defaults are fine but occasionally software can't handle triple DES
+encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can
+be used to reduce the private key encryption to 40 bit RC2. A complete
+description of all algorithms is contained in the B<pkcs8> manual page.
+=head1 EXAMPLES
+Parse a PKCS#12 file and output it to a file:
+ openssl pkcs12 -in file.p12 -out file.pem
+Output only client certificates to a file:
+ openssl pkcs12 -in file.p12 -clcerts -out file.pem
+Don't encrypt the private key:
+ openssl pkcs12 -in file.p12 -out file.pem -nodes
+Print some info about a PKCS#12 file:
+ openssl pkcs12 -in file.p12 -info -noout
+Create a PKCS#12 file:
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
+Include some extra certificates:
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+ -certfile othercerts.pem
+=head1 BUGS
+Some would argue that the PKCS#12 standard is one big bug :-)
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/pkcs7.pod b/crypto/openssl/doc/apps/pkcs7.pod
new file mode 100644
index 0000000..4e9bd6e
--- /dev/null
+++ b/crypto/openssl/doc/apps/pkcs7.pod
@@ -0,0 +1,97 @@
+=head1 NAME
+pkcs7 - PKCS#7 utility
+=head1 SYNOPSIS
+B<openssl> B<pkcs7>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+The B<pkcs7> command processes PKCS#7 files in DER or PEM format.
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. B<DER> format is DER encoded PKCS#7
+v1.5 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read from or standard input if this
+option is not specified.
+=item B<-out filename>
+specifies the output filename to write to or standard output by
+=item B<-print_certs>
+prints out any certificates or CRLs contained in the file. They are
+preceded by their subject and issuer names in one line format.
+=item B<-text>
+prints out certificates details in full rather than just subject and
+issuer names.
+=item B<-noout>
+don't output the encoded version of the PKCS#7 structure (or certificates
+is B<-print_certs> is set).
+=head1 EXAMPLES
+Convert a PKCS#7 file from PEM to DER:
+ openssl pkcs7 -in file.pem -outform DER -out file.der
+Output all certificates in a file:
+ openssl pkcs7 -in file.pem -print_certs -out certs.pem
+=head1 NOTES
+The PEM PKCS#7 format uses the header and footer lines:
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+For compatability with some CAs it will also accept:
+There is no option to print out all the fields of a PKCS#7 file.
+This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
+cannot currently parse, for example, the new CMS as described in RFC2630.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/pkcs8.pod b/crypto/openssl/doc/apps/pkcs8.pod
new file mode 100644
index 0000000..a56b2dd
--- /dev/null
+++ b/crypto/openssl/doc/apps/pkcs8.pod
@@ -0,0 +1,235 @@
+=head1 NAME
+pkcs8 - PKCS#8 format private key conversion tool
+=head1 SYNOPSIS
+B<openssl> B<pkcs8>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-v2 alg>]
+[B<-v1 alg>]
+The B<pkcs8> command processes private keys in PKCS#8 format. It can handle
+both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
+format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+=over 4
+=item B<-topk8>
+Normally a PKCS#8 private key is expected on input and a traditional format
+private key will be written. With the B<-topk8> option the situation is
+reversed: it reads a traditional format private key and writes a PKCS#8
+format key.
+=item B<-inform DER|PEM>
+This specifies the input format. If a PKCS#8 format key is expected on input
+then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
+expected. Otherwise the B<DER> or B<PEM> format of the traditional format
+private key is used.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+=item B<-passin arg>
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-out filename>
+This specifies the output filename to write a key to or standard output by
+default. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+=item B<-passout arg>
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-nocrypt>
+PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
+structures using an appropriate password based encryption algorithm. With
+this option an unencrypted PrivateKeyInfo structure is expected or output.
+This option does not encrypt private keys at all and should only be used
+when absolutely necessary. Certain software such as some versions of Java
+code signing software used unencrypted private keys.
+=item B<-nooct>
+This option generates RSA private keys in a broken format that some software
+uses. Specifically the private key should be enclosed in a OCTET STRING
+but some software just includes the structure itself without the
+surrounding OCTET STRING.
+=item B<-embed>
+This option generates DSA keys in a broken format. The DSA parameters are
+embedded inside the PrivateKey structure. In this form the OCTET STRING
+contains an ASN1 SEQUENCE consisting of two structures: a SEQUENCE containing
+the parameters and an ASN1 INTEGER containing the private key.
+=item B<-nsdb>
+This option generates DSA keys in a broken format compatible with Netscape
+private key databases. The PrivateKey contains a SEQUENCE consisting of
+the public and private keys respectively.
+=item B<-v2 alg>
+This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
+private keys are encrypted with the password based encryption algorithm
+called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
+was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
+the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
+encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
+not many implementations support PKCS#5 v2.0 yet. If you are just using
+private keys with OpenSSL then this doesn't matter.
+The B<alg> argument is the encryption algorithm to use, valid values include
+B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
+=item B<-v1 alg>
+This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+list of possible algorithms is included below.
+=head1 NOTES
+The encrypted form of a PEM encode PKCS#8 files uses the following
+headers and footers:
+The unencrypted form uses:
+ -----END PRIVATE KEY-----
+Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
+counts are more secure that those encrypted using the traditional
+SSLeay compatible formats. So if additional security is considered
+important the keys should be converted.
+The default encryption is only 56 bits because this is the encryption
+that most current implementations of PKCS#8 will support.
+Some software may use PKCS#12 password based encryption algorithms
+with PKCS#8 format private keys: these are handled automatically
+but there is no option to produce them.
+It is possible to write out DER encoded encrypted private keys in
+PKCS#8 format because the encryption details are included at an ASN1
+level whereas the traditional format includes them at a PEM level.
+=head1 PKCS#5 v1.5 and PKCS#12 algorithms.
+Various algorithms can be used with the B<-v1> command line option,
+including PKCS#5 v1.5 and PKCS#12. These are described in more detail
+=over 4
+These algorithms were included in the original PKCS#5 v1.5 specification.
+They only offer 56 bits of protection since they both use DES.
+=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
+These algorithms are not mentioned in the original PKCS#5 v1.5 specification
+but they use the same key derivation algorithm and are supported by some
+software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
+56 bit DES.
+=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
+These algorithms use the PKCS#12 password based encryption algorithm and
+allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
+=head1 EXAMPLES
+Convert a private from traditional to PKCS#5 v2.0 format using triple
+ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+Read a DER unencrypted PKCS#8 format private key:
+ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+Convert a private key from any PKCS#8 format to traditional format:
+ openssl pkcs8 -in pk8.pem -out key.pem
+Test vectors from this PKCS#5 v2.0 implementation were posted to the
+pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
+counts, several people confirmed that they could decrypt the private
+keys produced and Therefore it can be assumed that the PKCS#5 v2.0
+implementation is reasonably accurate at least as far as these
+algorithms are concerned.
+The format of PKCS#8 DSA (and other) private keys is not well documented:
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
+PKCS#8 private key format complies with this standard.
+=head1 BUGS
+There should be an option that prints out the encryption algorithm
+in use and other details such as the iteration count.
+PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
+key format for OpenSSL: for compatibility several of the utilities use
+the old format at present.
+=head1 SEE ALSO
+L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>,
diff --git a/crypto/openssl/doc/apps/rand.pod b/crypto/openssl/doc/apps/rand.pod
new file mode 100644
index 0000000..f81eab0
--- /dev/null
+++ b/crypto/openssl/doc/apps/rand.pod
@@ -0,0 +1,50 @@
+=head1 NAME
+rand - generate pseudo-random bytes
+=head1 SYNOPSIS
+B<openssl rand>
+[B<-out> I<file>]
+[B<-rand> I<file(s)>]
+The B<rand> command outputs I<num> pseudo-random bytes after seeding
+the random number generater once. As in other B<openssl> command
+line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
+in addition to the files given in the B<-rand> option. A new
+I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
+seeding was obtained from these sources.
+=head1 OPTIONS
+=over 4
+=item B<-out> I<file>
+Write to I<file> instead of standard output.
+=item B<-rand> I<file(s)>
+Use specified file or files or EGD socket (see L<RAND_egd(3)|RAND_egd(3)>)
+for seeding the random number generator.
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=item B<-base64>
+Perform base64 encoding on the output.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod
new file mode 100644
index 0000000..fde6ff2
--- /dev/null
+++ b/crypto/openssl/doc/apps/req.pod
@@ -0,0 +1,528 @@
+=head1 NAME
+req - PKCS#10 certificate and certificate generating utility.
+=head1 SYNOPSIS
+B<openssl> B<req>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-newkey rsa:bits>]
+[B<-newkey dsa:file>]
+[B<-key filename>]
+[B<-keyform PEM|DER>]
+[B<-keyout filename>]
+[B<-config filename>]
+[B<-days n>]
+[B<-extensions section>]
+[B<-reqexts section>]
+The B<req> command primarily creates and processes certificate requests
+in PKCS#10 format. It can additionally create self signed certificates
+for use as root CAs for example.
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#10. The B<PEM> form is the default format: it
+consists of the B<DER> format base64 encoded with additional header and
+footer lines.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read a request from or standard input
+if this option is not specified. A request is only read if the creation
+options (B<-new> and B<-newkey>) are not specified.
+=item B<-passin arg>
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-out filename>
+This specifies the output filename to write to or standard output by
+=item B<-passout arg>
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-text>
+prints out the certificate request in text form.
+=item B<-noout>
+this option prevents output of the encoded version of the request.
+=item B<-modulus>
+this option prints out the value of the modulus of the public key
+contained in the request.
+=item B<-verify>
+verifies the signature on the request.
+=item B<-new>
+this option generates a new certificate request. It will prompt
+the user for the relevant field values. The actual fields
+prompted for and their maximum and minimum sizes are specified
+in the configuration file and any requested extensions.
+If the B<-key> option is not used it will generate a new RSA private
+key using information specified in the configuration file.
+=item B<-newkey arg>
+this option creates a new certificate request and a new private
+key. The argument takes one of two forms. B<rsa:nbits>, where
+B<nbits> is the number of bits, generates an RSA key B<nbits>
+in size. B<dsa:filename> generates a DSA key using the parameters
+in the file B<filename>.
+=item B<-key filename>
+This specifies the file to read the private key from. It also
+accepts PKCS#8 format private keys for PEM format files.
+=item B<-keyform PEM|DER>
+the format of the private key file specified in the B<-key>
+argument. PEM is the default.
+=item B<-keyout filename>
+this gives the filename to write the newly created private key to.
+If this option is not specified then the filename present in the
+configuration file is used.
+=item B<-nodes>
+if this option is specified then if a private key is created it
+will not be encrypted.
+=item B<-[md5|sha1|md2|mdc2]>
+this specifies the message digest to sign the request with. This
+overrides the digest algorithm specified in the configuration file.
+This option is ignored for DSA requests: they always use SHA1.
+=item B<-config filename>
+this allows an alternative configuration file to be specified,
+this overrides the compile time filename or any specified in
+the B<OPENSSL_CONF> environment variable.
+=item B<-x509>
+this option outputs a self signed certificate instead of a certificate
+request. This is typically used to generate a test certificate or
+a self signed root CA. The extensions added to the certificate
+(if any) are specified in the configuration file.
+=item B<-days n>
+when the B<-x509> option is being used this specifies the number of
+days to certify the certificate for. The default is 30 days.
+=item B<-extensions section>
+=item B<-reqexts section>
+these options specify alternative sections to include certificate
+extensions (if the B<-x509> option is present) or certificate
+request extensions. This allows several different sections to
+be used in the same configuration file to specify requests for
+a variety of purposes.
+=item B<-asn1-kludge>
+by default the B<req> command outputs certificate requests containing
+no attributes in the correct PKCS#10 format. However certain CAs will only
+accept requests containing no attributes in an invalid form: this
+option produces this invalid format.
+More precisely the B<Attributes> in a PKCS#10 certificate request
+are defined as a B<SET OF Attribute>. They are B<not OPTIONAL> so
+if no attributes are present then they should be encoded as an
+empty B<SET OF>. The invalid form does not include the empty
+B<SET OF> whereas the correct form does.
+It should be noted that very few CAs still require the use of this option.
+=item B<-newhdr>
+Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+request. Some software (Netscape certificate server) and some CAs need this.
+The configuration options are specified in the B<req> section of
+the configuration file. As with all configuration files if no
+value is specified in the specific section (i.e. B<req>) then
+the initial unnamed or B<default> section is searched too.
+The options available are described in detail below.
+=over 4
+=item B<input_password output_password>
+The passwords for the input private key file (if present) and
+the output private key file (if one will be created). The
+command line options B<passin> and B<passout> override the
+configuration file values.
+=item B<default_bits>
+This specifies the default key size in bits. If not specified then
+512 is used. It is used if the B<-new> option is used. It can be
+overridden by using the B<-newkey> option.
+=item B<default_keyfile>
+This is the default filename to write a private key to. If not
+specified the key is written to standard output. This can be
+overridden by the B<-keyout> option.
+=item B<oid_file>
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+=item B<oid_section>
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+=item B<RANDFILE>
+This specifies a filename in which random number seed information is
+placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+It is used for private key generation.
+=item B<encrypt_key>
+If this is set to B<no> then if a private key is generated it is
+B<not> encrypted. This is equivalent to the B<-nodes> command line
+option. For compatibility B<encrypt_rsa_key> is an equivalent option.
+=item B<default_md>
+This option specifies the digest algorithm to use. Possible values
+include B<md5 sha1 mdc2>. If not present then MD5 is used. This
+option can be overridden on the command line.
+=item B<string_mask>
+This option masks out the use of certain string types in certain
+fields. Most users will not need to change this option.
+It can be set to several values B<default> which is also the default
+option uses PrintableStrings, T61Strings and BMPStrings if the
+B<pkix> value is used then only PrintableStrings and BMPStrings will
+be used. This follows the PKIX recommendation in RFC2459. If the
+B<utf8only> option is used then only UTF8Strings will be used: this
+is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
+option just uses PrintableStrings and T61Strings: certain software has
+problems with BMPStrings and UTF8Strings: in particular Netscape.
+=item B<req_extensions>
+this specifies the configuration file section containing a list of
+extensions to add to the certificate request. It can be overridden
+by the B<-reqexts> command line switch.
+=item B<x509_extensions>
+this specifies the configuration file section containing a list of
+extensions to add to certificate generated when the B<-x509> switch
+is used. It can be overridden by the B<-extensions> command line switch.
+=item B<prompt>
+if set to the value B<no> this disables prompting of certificate fields
+and just takes values from the config file directly. It also changes the
+expected format of the B<distinguished_name> and B<attributes> sections.
+=item B<attributes>
+this specifies the section containing any request attributes: its format
+is the same as B<distinguished_name>. Typically these may contain the
+challengePassword or unstructuredName types. They are currently ignored
+by OpenSSL's request signing utilities but some CAs might want them.
+=item B<distinguished_name>
+This specifies the section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request. The format
+is described in the next section.
+There are two separate formats for the distinguished name and attribute
+sections. If the B<prompt> option is set to B<no> then these sections
+just consist of field names and values: for example,
+ CN=My Name
+ OU=My Organization
+This allows external programs (e.g. GUI based) to generate a template file
+with all the field names and values and just pass it to B<req>. An example
+of this kind of configuration file is contained in the B<EXAMPLES> section.
+Alternatively if the B<prompt> option is absent or not set to B<no> then the
+file contains field prompting information. It consists of lines of the form:
+ fieldName="prompt"
+ fieldName_default="default field value"
+ fieldName_min= 2
+ fieldName_max= 4
+"fieldName" is the field name being used, for example commonName (or CN).
+The "prompt" string is used to ask the user to enter the relevant
+details. If the user enters nothing then the default value is used if no
+default value is present then the field is omitted. A field can
+still be omitted if a default value is present if the user just
+enters the '.' character.
+The number of characters entered must be between the fieldName_min and
+fieldName_max limits: there may be additional restrictions based
+on the field being used (for example countryName can only ever be
+two characters long and must fit in a PrintableString).
+Some fields (such as organizationName) can be used more than once
+in a DN. This presents a problem because configuration files will
+not recognize the same name occurring twice. To avoid this problem
+if the fieldName contains some characters followed by a full stop
+they will be ignored. So for example a second organizationName can
+be input by calling it "1.organizationName".
+The actual permitted field names are any object identifier short or
+long names. These are compiled into OpenSSL and include the usual
+values such as commonName, countryName, localityName, organizationName,
+organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+is include as well as name, surname, givenName initials and dnQualifier.
+Additional object identifiers can be defined with the B<oid_file> or
+B<oid_section> options in the configuration file. Any additional fields
+will be treated as though they were a DirectoryString.
+=head1 EXAMPLES
+Examine and verify certificate request:
+ openssl req -in req.pem -text -verify -noout
+Create a private key and then generate a certificate request from it:
+ openssl genrsa -out key.pem 1024
+ openssl req -new -key key.pem -out req.pem
+The same but just using req:
+ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+Generate a self signed root certificate:
+ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+Example of a file pointed to by the B<oid_file> option:
+ shortName A longer Name
+ otherName Other longer Name
+Example of a section pointed to by B<oid_section> making use of variable
+ testoid1=
+ testoid2=${testoid1}.6
+Sample configuration file prompting for field values:
+ [ req ]
+ default_bits = 1024
+ default_keyfile = privkey.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+ x509_extensions = v3_ca
+ dirstring_type = nobmp
+ [ req_distinguished_name ]
+ countryName = Country Name (2 letter code)
+ countryName_default = AU
+ countryName_min = 2
+ countryName_max = 2
+ localityName = Locality Name (eg, city)
+ organizationalUnitName = Organizational Unit Name (eg, section)
+ commonName = Common Name (eg, YOUR name)
+ commonName_max = 64
+ emailAddress = Email Address
+ emailAddress_max = 40
+ [ req_attributes ]
+ challengePassword = A challenge password
+ challengePassword_min = 4
+ challengePassword_max = 20
+ [ v3_ca ]
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always,issuer:always
+ basicConstraints = CA:true
+Sample configuration containing all field values:
+ [ req ]
+ default_bits = 1024
+ default_keyfile = keyfile.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+ prompt = no
+ output_password = mypass
+ [ req_distinguished_name ]
+ C = GB
+ ST = Test State or Province
+ L = Test Locality
+ O = Organization Name
+ OU = Organizational Unit Name
+ CN = Common Name
+ emailAddress = test@email.address
+ [ req_attributes ]
+ challengePassword = A challenge password
+=head1 NOTES
+The header and footer lines in the B<PEM> format are normally:
+some software (some versions of Netscape certificate server) instead needs:
+which is produced with the B<-newhdr> option but is otherwise compatible.
+Either form is accepted transparently on input.
+The certificate requests generated by B<Xenroll> with MSIE have extensions
+added. It includes the B<keyUsage> extension which determines the type of
+key (signature only or general purpose) and any additional OIDs entered
+by the script in an extendedKeyUsage extension.
+The following messages are frequently asked about:
+ Using configuration from /some/path/openssl.cnf
+ Unable to load config info
+This is followed some time later by...
+ unable to find 'distinguished_name' in config
+ problems making Certificate Request
+The first error message is the clue: it can't find the configuration
+file! Certain operations (like examining a certificate request) don't
+need a configuration file so its use isn't enforced. Generation of
+certificates or requests however does need a configuration file. This
+could be regarded as a bug.
+Another puzzling message is this:
+ Attributes:
+ a0:00
+this is displayed when no attributes are present and the request includes
+the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
+0x00). If you just see:
+ Attributes:
+then the B<SET OF> is missing and the encoding is technically invalid (but
+it is tolerated). See the description of the command line option B<-asn1-kludge>
+for more information.
+The variable B<OPENSSL_CONF> if defined allows an alternative configuration
+file location to be specified, it will be overridden by the B<-config> command
+line switch if it is present. For compatibility reasons the B<SSLEAY_CONF>
+environment variable serves the same purpose but its use is discouraged.
+=head1 BUGS
+OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
+treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
+This can cause problems if you need characters that aren't available in
+PrintableStrings and you don't want to or can't use BMPStrings.
+As a consequence of the T61String handling the only correct way to represent
+accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
+currently chokes on these. If you have to use accented characters with Netscape
+and MSIE then you currently need to use the invalid T61String form.
+The current prompting is not very friendly. It doesn't allow you to confirm what
+you've just entered. Other things like extensions in certificate requests are
+statically defined in the configuration file. Some of these: like an email
+address in subjectAltName should be input by the user.
+=head1 SEE ALSO
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>
diff --git a/crypto/openssl/doc/apps/rsa.pod b/crypto/openssl/doc/apps/rsa.pod
new file mode 100644
index 0000000..62ad62e
--- /dev/null
+++ b/crypto/openssl/doc/apps/rsa.pod
@@ -0,0 +1,156 @@
+=head1 NAME
+rsa - RSA key processing tool
+=head1 SYNOPSIS
+B<openssl> B<rsa>
+[B<-inform PEM|NET|DER>]
+[B<-outform PEM|NET|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+The B<rsa> command processes RSA keys. They can be converted between various
+forms and their components printed out. B<Note> this command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+=over 4
+=item B<-inform DER|NET|PEM>
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. On input PKCS#8 format private
+keys are also accepted. The B<NET> form is a format compatible with older Netscape
+servers and MS IIS, this uses unsalted RC4 for its encryption. It is not very
+secure and so should only be used when necessary.
+=item B<-outform DER|NET|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+=item B<-passin arg>
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-out filename>
+This specifies the output filename to write a key to or standard output if this
+option is not specified. If any encryption options are set then a pass phrase
+will be prompted for. The output filename should B<not> be the same as the input
+=item B<-passout password>
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-des|-des3|-idea>
+These options encrypt the private key with the DES, triple DES, or the
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<rsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+=item B<-text>
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+=item B<-noout>
+this option prevents output of the encoded version of the key.
+=item B<-modulus>
+this option prints out the value of the modulus of the key.
+=item B<-check>
+this option checks the consistency of an RSA private key.
+=item B<-pubin>
+by default a private key is read from the input file: with this
+option a public key is read instead.
+=item B<-pubout>
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
+=head1 NOTES
+The PEM private key format uses the header and footer lines:
+The PEM public key format uses the header and footer lines:
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+=head1 EXAMPLES
+To remove the pass phrase on an RSA private key:
+ openssl rsa -in key.pem -out keyout.pem
+To encrypt a private key using triple DES:
+ openssl rsa -in key.pem -des3 -out keyout.pem
+To convert a private key from PEM to DER format:
+ openssl rsa -in key.pem -outform DER -out keyout.der
+To print out the components of a private key to standard output:
+ openssl rsa -in key.pem -text -noout
+To just output the public part of a private key:
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+=head1 SEE ALSO
+L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
new file mode 100644
index 0000000..2f80375
--- /dev/null
+++ b/crypto/openssl/doc/apps/s_client.pod
@@ -0,0 +1,221 @@
+=head1 NAME
+s_client - SSL/TLS client program
+=head1 SYNOPSIS
+B<openssl> B<s_client>
+[B<-connect> host:port>]
+[B<-verify depth>]
+[B<-cert filename>]
+[B<-key filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-cipher cipherlist>]
+The B<s_client> command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
+SSL servers.
+=head1 OPTIONS
+=over 4
+=item B<-connect host:port>
+This specifies the host and optional port to connect to. If not specified
+then an attempt is made to connect to the local host on port 4433.
+=item B<-cert certname>
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate.
+=item B<-key keyfile>
+The private key to use. If not specified then the certificate file will
+be used.
+=item B<-verify depth>
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+=item B<-CApath directory>
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+=item B<-CAfile file>
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+=item B<-reconnect>
+reconnects to the same server 5 times using the same session ID, this can
+be used as a test that session caching is working.
+=item B<-pause>
+pauses 1 second between each read and write call.
+=item B<-showcerts>
+display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+=item B<-prexit>
+print session information when the program exits. This will always attempt
+to print out information even if the connection fails. Normally information
+will only be printed out once if the connection succeeds. This option is useful
+because the cipher in use may be renegotiated or the connection may fail
+because a client certificate is required or is requested only after an
+attempt is made to access a certain URL. Note: the output produced by this
+option is not always accurate because a connection might never have been
+=item B<-state>
+prints out the SSL session states.
+=item B<-debug>
+print extensive debugging information including a hex dump of all traffic.
+=item B<-nbio_test>
+tests non-blocking I/O
+=item B<-nbio>
+turns on non-blocking I/O
+=item B<-crlf>
+this option translated a line feed from the terminal into CR+LF as required
+by some servers.
+=item B<-ign_eof>
+inhibit shutting down the connection when end of file is reached in the
+=item B<-quiet>
+inhibit printing of session and certificate information. This implicitely
+turns on B<-ign_eof> as well.
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if TLS is turned off with the B<-no_tls> option others will only
+support SSL v2 and may need the B<-ssl2> option.
+=item B<-bugs>
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+=item B<-cipher cipherlist>
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client. See the B<ciphers>
+command for more information.
+If a connection is established with an SSL server then any data received
+from the server is displayed and any key presses will be sent to the
+server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
+have been given), the session will be renegociated if the line begins with an
+B<R>, and if the line begins with a B<Q> or if end of file is reached, the
+connection will be closed down.
+=head1 NOTES
+B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
+server the command:
+ openssl s_client -connect servername:443
+would typically be used (https uses port 443). If the connection succeeds
+then an HTTP command can be given such as "GET /" to retrieve a web page.
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
+B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using B<s_client> the CA list can be viewed
+and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> command and send an HTTP request
+for an appropriate page.
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+If there are problems verifying a server certificate then the
+B<-showcerts> option can be used to show the whole chain.
+=head1 BUGS
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_client is rather
+hard to read and not a model of how things should be done. A typical
+SSL client program would be much simpler.
+The B<-verify> option should really exit if the server verification
+The B<-prexit> option is a bit of a hack. We should really report
+information whenever a session is renegotiated.
+=head1 SEE ALSO
+L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod
new file mode 100644
index 0000000..0f29c36
--- /dev/null
+++ b/crypto/openssl/doc/apps/s_server.pod
@@ -0,0 +1,265 @@
+=head1 NAME
+s_server - SSL/TLS server program
+=head1 SYNOPSIS
+B<openssl> B<s_client>
+[B<-accept port>]
+[B<-context id>]
+[B<-verify depth>]
+[B<-Verify depth>]
+[B<-cert filename>]
+[B<-key keyfile>]
+[B<-dcert filename>]
+[B<-dkey keyfile>]
+[B<-dhparam filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-cipher cipherlist>]
+The B<s_server> command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+=head1 OPTIONS
+=over 4
+=item B<-accept port>
+the TCP port to listen on for connections. If not specified 4433 is used.
+=item B<-context id>
+sets the SSL context id. It can be given any string value. If this option
+is not present a default value will be used.
+=item B<-cert certname>
+The certificate to use, most servers cipher suites require the use of a
+certificate and some require a certificate with a certain public key type:
+for example the DSS cipher suites require a certificate containing a DSS
+(DSA) key. If not specified then the filename "server.pem" will be used.
+=item B<-key keyfile>
+The private key to use. If not specified then the certificate file will
+be used.
+=item B<-dcert filename>, B<-dkey keyname>
+specify an additional certificate and private key, these behave in the
+same manner as the B<-cert> and B<-key> options except there is no default
+if they are not specified (no additional certificate and key is used). As
+noted above some cipher suites require a certificate containing a key of
+a certain type. Some cipher suites need a certificate carrying an RSA key
+and some a DSS (DSA) key. By using RSA and DSS certificates and keys
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+=item B<-nocert>
+if this option is set then no certificate is used. This restricts the
+cipher suites available to the anonymous ones (currently just anonymous
+=item B<-dhparam filename>
+the DH parameter file to use. The ephemeral DH cipher suites generate keys
+using a set of DH parameters. If not specified then an attempt is made to
+load the parameters from the server certificate file. If this fails then
+a static set of parameters hard coded into the s_server program will be used.
+=item B<-nodhe>
+if this option is set then no DH parameters will be loaded effectively
+disabling the ephemeral DH cipher suites.
+=item B<-no_tmp_rsa>
+certain export cipher suites sometimes use a temporary RSA key, this option
+disables temporary RSA key generation.
+=item B<-verify depth>, B<-Verify depth>
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the B<-verify> option a certificate is requested but the
+client does not have to send one, with the B<-Verify> option the client
+must supply a certificate or an error occurs.
+=item B<-CApath directory>
+The directory to use for client certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the server certificate chain.
+=item B<-CAfile file>
+A file containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain. The list
+is also used in the list of acceptable client CAs passed to the client when
+a certificate is requested.
+=item B<-state>
+prints out the SSL session states.
+=item B<-debug>
+print extensive debugging information including a hex dump of all traffic.
+=item B<-nbio_test>
+tests non blocking I/O
+=item B<-nbio>
+turns on non blocking I/O
+=item B<-crlf>
+this option translated a line feed from the terminal into CR+LF.
+=item B<-quiet>
+inhibit printing of session and certificate information.
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+=item B<-bugs>
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+=item B<-hack>
+this option enables a further workaround for some some early Netscape
+SSL code (?).
+=item B<-cipher cipherlist>
+this allows the cipher list used by the server to be modified. When
+the client sends a list of supported ciphers the first client cipher
+also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist irrelevant. See
+the B<ciphers> command for more information.
+=item B<-www>
+sends a status message back to the client when it connects. This includes
+lots of information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+=item B<-WWW>
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded.
+If a connection request is established with an SSL client and neither the
+B<-www> nor the B<-WWW> option has been used then normally any data received
+from the client is displayed and any key presses will be sent to the client.
+Certain single letter commands are also recognized which perform special
+operations: these are listed below.
+=over 4
+=item B<q>
+end the current SSL connection but still accept new connections.
+=item B<Q>
+end the current SSL connection and exit.
+=item B<r>
+renegotiate the SSL session.
+=item B<R>
+renegotiate the SSL session and request a client certificate.
+=item B<P>
+send some plain text down the underlying TCP connection: this should
+cause the client to disconnect due to a protocol violation.
+=item B<S>
+print out some session cache status information.
+=head1 NOTES
+B<s_server> can be used to debug SSL clients. To accept connections from
+a web browser the command:
+ openssl s_server -accept 443 -www
+can be used for example.
+Most web browsers (in particular Netscape and MSIE) only support RSA cipher
+suites, so they cannot connect to servers which don't use a certificate
+carrying an RSA key or a version of OpenSSL with RSA disabled.
+Although specifying an empty list of CAs when requesting a client certificate
+is strictly speaking a protocol violation, some SSL clients interpret this to
+mean any CA is acceptable. This is useful for debugging purposes.
+The session parameters can printed out using the B<sess_id> program.
+=head1 BUGS
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_server is rather
+hard to read and not a model of how things should be done. A typical
+SSL server program would be much simpler.
+The output of common ciphers is wrong: it just gives the list of ciphers that
+OpenSSL recognizes and the client supports.
+There should be a way for the B<s_server> program to print out details of any
+unknown cipher suites a client says it supports.
+=head1 SEE ALSO
+L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
diff --git a/crypto/openssl/doc/apps/sess_id.pod b/crypto/openssl/doc/apps/sess_id.pod
new file mode 100644
index 0000000..9988d2c
--- /dev/null
+++ b/crypto/openssl/doc/apps/sess_id.pod
@@ -0,0 +1,151 @@
+=head1 NAME
+sess_id - SSL/TLS session handling utility
+=head1 SYNOPSIS
+B<openssl> B<sess_id>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-context ID>]
+The B<sess_id> process the encoded version of the SSL session structure
+and optionally prints out SSL session details (for example the SSL session
+master key) in human readable format. Since this is a diagnostic tool that
+needs some knowledge of the SSL protocol to use properly, most users will
+not need to use it.
+=over 4
+=item B<-inform DER|PEM>
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+format containing session details. The precise format can vary from one version
+to the next. The B<PEM> form is the default format: it consists of the B<DER>
+format base64 encoded with additional header and footer lines.
+=item B<-outform DER|PEM>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read session information from or standard
+input by default.
+=item B<-out filename>
+This specifies the output filename to write session information to or standard
+output if this option is not specified.
+=item B<-text>
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+=item B<-cert>
+if a certificate is present in the session it will be output using this option,
+if the B<-text> option is also present then it will be printed out in text form.
+=item B<-noout>
+this option prevents output of the encoded version of the session.
+=item B<-context ID>
+this option can set the session id so the output session information uses the
+supplied ID. The ID can be any string of characters. This option wont normally
+be used.
+=head1 OUTPUT
+Typical output:
+ SSL-Session:
+ Protocol : TLSv1
+ Cipher : 0016
+ Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+ Session-ID-ctx: 01000000
+ Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+ Key-Arg : None
+ Start Time: 948459261
+ Timeout : 300 (sec)
+ Verify return code 0 (ok)
+Theses are described below in more detail.
+=over 4
+=item B<Protocol>
+this is the protocol in use TLSv1, SSLv3 or SSLv2.
+=item B<Cipher>
+the cipher used this is the actual raw SSL or TLS cipher code, see the SSL
+or TLS specifications for more information.
+=item B<Session-ID>
+the SSL session ID in hex format.
+=item B<Session-ID-ctx>
+the session ID context in hex format.
+=item B<Master-Key>
+this is the SSL session master key.
+=item B<Key-Arg>
+the key argument, this is only used in SSL v2.
+=item B<Start Time>
+this is the session start time represented as an integer in standard Unix format.
+=item B<Timeout>
+the timeout in seconds.
+=item B<Verify return code>
+this is the return code when an SSL client certificate is verified.
+=head1 NOTES
+The PEM encoded session format uses the header and footer lines:
+Since the SSL session output contains the master key it is possible to read the contents
+of an encrypted session using this information. Therefore appropriate security precautions
+should be taken if the information is being output by a "real" application. This is
+however strongly discouraged and should only be used for debugging purposes.
+=head1 BUGS
+The cipher and start time should be printed out in human readable form.
+=head1 SEE ALSO
+L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)>
diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod
new file mode 100644
index 0000000..631ecdc
--- /dev/null
+++ b/crypto/openssl/doc/apps/smime.pod
@@ -0,0 +1,325 @@
+=head1 NAME
+smime - S/MIME utility
+=head1 SYNOPSIS
+B<openssl> B<smime>
+[B<-in file>]
+[B<-certfile file>]
+[B<-signer file>]
+[B<-recip file>]
+[B<-in file>]
+[B<-inkey file>]
+[B<-out file>]
+[B<-to addr>]
+[B<-from ad>]
+[B<-subject s>]
+[B<-rand file(s)>]
+The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
+verify S/MIME messages.
+There are five operation options that set the type of operation to be performed.
+The meaning of the other options varies according to the operation type.
+=over 4
+=item B<-encrypt>
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format.
+=item B<-decrypt>
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+=item B<-sign>
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+=item B<-verify>
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+=item B<-pk7out>
+takes an input message and writes out a PEM encoded PKCS#7 structure.
+=item B<-in filename>
+the input message to be encrypted or signed or the MIME message to
+be decrypted or verified.
+=item B<-out filename>
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+=item B<-text>
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME
+type text/plain then an error occurs.
+=item B<-CAfile file>
+a file containing trusted CA certificates, only used with B<-verify>.
+=item B<-CApath dir>
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
+the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
+or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
+used. Only used with B<-encrypt>.
+=item B<-nointern>
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+=item B<-noverify>
+do not verify the signers certificate of a signed message.
+=item B<-nochain>
+do not do chain verification of signers certificates: that is don't
+use the certificates in the signed message as untrusted CAs.
+=item B<-nosigs>
+don't try to verify the signatures on the message.
+=item B<-nocerts>
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+=item B<-noattr>
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+=item B<-binary>
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+=item B<-nodetach>
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME. Without this option cleartext signing with
+the MIME type multipart/signed is used.
+=item B<-certfile file>
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+=item B<-signer file>
+the signers certificate when signing a message. If a message is
+being verified then the signers certificates will be written to this
+file if the verification was successful.
+=item B<-recip file>
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+=item B<-inkey file>
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file.
+=item B<-rand file(s)>
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+all others.
+=item B<cert.pem...>
+one or more certificates of message recipients: used when encrypting
+a message.
+=item B<-to, -from, -subject>
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+=head1 NOTES
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+The supplied message to be signed or encrypted must include the
+necessary MIME headers: or many S/MIME clients wont display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
+encrypted data is used for other purposes.
+=head1 EXIT CODES
+=over 4
+=item 0
+the operation was completely successfully.
+=item 1
+an error occurred parsing the command options.
+=item 2
+one of the input files could not be read.
+=item 3
+an error occurred creating the PKCS#7 file or when reading the MIME
+=item 4
+an error occurred decrypting or verifying the message.
+=item 5
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+=head1 EXAMPLES
+Create a cleartext signed message:
+ openssl smime -sign -in message.txt -text -out mail.msg \
+ -signer mycert.pem
+Create and opaque signed message
+ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+ -signer mycert.pem
+Create a signed message, include some additional certificates and
+read the private key from another file:
+ openssl smime -sign -in in.txt -text -out mail.msg \
+ -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+Send a signed message under Unix directly to sendmail, including headers:
+ openssl smime -sign -in in.txt -text -signer mycert.pem \
+ -from -to someone@somewhere \
+ -subject "Signed message" | sendmail someone@somewhere
+Verify a message and extract the signer's certificate if successful:
+ openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+Send encrypted mail using triple DES:
+ openssl smime -encrypt -in in.txt -from \
+ -to someone@somewhere -subject "Encrypted message" \
+ -des3 user.pem -out mail.msg
+Sign and encrypt mail:
+ openssl smime -sign -in ml.txt -signer my.pem -text \
+ | openssl -encrypt -out mail.msg \
+ -from -to someone@somewhere \
+ -subject "Signed and Encrypted message" -des3 user.pem
+Note: the encryption command does not include the B<-text> option because the message
+being encrypted already has MIME headers.
+Decrypt mail:
+ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+=head1 BUGS
+The MIME parser isn't very clever: it seems to handle most messages that I've thrown
+at it but it may choke on others.
+The code currently will only write out the signer's certificate to a file: if the
+signer has a separate encryption certificate this must be manually extracted. There
+should be some heuristic that determines the correct encryption certificate.
+Ideally a database should be maintained of a certificates for each email address.
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+No revocation checking is done on the signer's certificate.
+The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
+structures may cause parsing errors.
diff --git a/crypto/openssl/doc/apps/speed.pod b/crypto/openssl/doc/apps/speed.pod
new file mode 100644
index 0000000..fecd9a9
--- /dev/null
+++ b/crypto/openssl/doc/apps/speed.pod
@@ -0,0 +1,45 @@
+=head1 NAME
+speed - test library performance
+=head1 SYNOPSIS
+B<openssl speed>
+This command is used to test the performance of cryptographic algorithms.
+=head1 OPTIONS
+If an option is given, B<speed> test that algorithm, otherwise all of
+the above are tested.
diff --git a/crypto/openssl/doc/apps/spkac.pod b/crypto/openssl/doc/apps/spkac.pod
new file mode 100644
index 0000000..bb84dfb
--- /dev/null
+++ b/crypto/openssl/doc/apps/spkac.pod
@@ -0,0 +1,127 @@
+=head1 NAME
+spkac - SPKAC printing and generating utility
+=head1 SYNOPSIS
+B<openssl> B<spkac>
+[B<-in filename>]
+[B<-out filename>]
+[B<-key keyfile>]
+[B<-passin arg>]
+[B<-challenge string>]
+[B<-spkac spkacname>]
+[B<-spksect section>]
+The B<spkac> command processes Netscape signed public key and challenge
+(SPKAC) files. It can print out their contents, verify the signature and
+produce its own SPKACs from a supplied private key.
+=over 4
+=item B<-in filename>
+This specifies the input filename to read from or standard input if this
+option is not specified. Ignored if the B<-key> option is used.
+=item B<-out filename>
+specifies the output filename to write to or standard output by
+=item B<-key keyfile>
+create an SPKAC file using the private key in B<keyfile>. The
+B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
+=item B<-passin password>
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-challenge string>
+specifies the challenge string if an SPKAC is being created.
+=item B<-spkac spkacname>
+allows an alternative name form the variable containing the
+SPKAC. The default is "SPKAC". This option affects both
+generated and input SPKAC files.
+=item B<-spksect section>
+allows an alternative name form the section containing the
+SPKAC. The default is the default section.
+=item B<-noout>
+don't output the text version of the SPKAC (not used if an
+SPKAC is being created).
+=item B<-pubkey>
+output the public key of an SPKAC (not used if an SPKAC is
+being created).
+=item B<-verify>
+verifies the digital signature on the supplied SPKAC.
+=head1 EXAMPLES
+Print out the contents of an SPKAC:
+ openssl spkac -in spkac.cnf
+Verify the signature of an SPKAC:
+ openssl spkac -in spkac.cnf -noout -verify
+Create an SPKAC using the challenge string "hello":
+ openssl spkac -key key.pem -challenge hello -out spkac.cnf
+Example of an SPKAC, (long lines split up for clarity):
+ PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\
+ 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\
+ 4=
+=head1 NOTES
+A created SPKAC with suitable DN components appended can be fed into
+the B<ca> utility.
+SPKACs are typically generated by Netscape when a form is submitted
+containing the B<KEYGEN> tag as part of the certificate enrollment
+The challenge string permits a primitive form of proof of possession
+of private key. By checking the SPKAC signature and a random challenge
+string some guarantee is given that the user knows the private key
+corresponding to the public key being certified. This is important in
+some applications. Without this it is possible for a previous SPKAC
+to be used in a "replay attack".
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod
new file mode 100644
index 0000000..4a6572d
--- /dev/null
+++ b/crypto/openssl/doc/apps/verify.pod
@@ -0,0 +1,273 @@
+=head1 NAME
+pkcs7 - PKCS#7 utility
+=head1 SYNOPSIS
+B<openssl> B<verify>
+[B<-CApath directory>]
+[B<-CAfile file>]
+[B<-purpose purpose>]
+[B<-untrusted file>]
+The B<verify> command verifies certificate chains.
+=over 4
+=item B<-CApath directory>
+A directory of trusted certificates. The certificates should have names
+of the form: hash.0 or have symbolic links to them of this
+form ("hash" is the hashed certificate subject name: see the B<-hash> option
+of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
+create symbolic links to a directory of certificates.
+=item B<-CAfile file>
+A file of trusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+=item B<-untrusted file>
+A file of untrusted certificates. The file should contain multiple certificates
+=item B<-purpose purpose>
+the intended use for the certificate. Without this option no chain verification
+will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
+B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
+section for more information.
+=item B<-help>
+prints out a usage message.
+=item B<-verbose>
+print extra information about the operations being performed.
+=item B<->
+marks the last option. All arguments following this are assumed to be
+certificate files. This is useful if the first certificate filename begins
+with a B<->.
+=item B<certificates>
+one or more certificates to verify. If no certificate filenames are included
+then an attempt is made to read a certificate from standard input. They should
+all be in PEM format.
+The B<verify> program uses the same functions as the internal SSL and S/MIME
+verification, therefore this description applies to these verify operations
+There is one crucial difference between the verify operations performed
+by the B<verify> program: wherever possible an attempt is made to continue
+after an error whereas normally the verify operation would halt on the
+first error. This allows all the problems with a certificate chain to be
+The verify operation consists of a number of separate steps.
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA. It is an error if the whole chain cannot be built
+up. The chain is built up by looking up a certificate whose subject name
+matches the issuer name of the current certificate. If a certificate is found
+whose subject and issuer names are identical it is assumed to be the root CA.
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates. The root CA
+is always looked up in the trusted certificate list: if the certificate to
+verify is a root certificate then an exact match must be found in the trusted
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose. If the B<-purpose> option is not included
+then no checks are done. The supplied or "leaf" certificate must have extensions
+compatible with the supplied purpose and all other certificates must also be valid
+CA certificates. The precise extensions required are described in more detail in
+the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
+The third operation is to check the trust settings on the root CA. The root
+CA should be trusted for the supplied purpose. For compatibility with previous
+versions of SSLeay and OpenSSL a certificate with no trust settings is considered
+to be valid for all purposes.
+The final operation is to check the validity of the certificate chain. The validity
+period is checked against the current system time and the notBefore and notAfter
+dates in the certificate. The certificate signatures are also checked at this
+If all operations complete successfully then certificate is considered valid. If
+any operation fails then the certificate is not valid.
+When a verify operation fails the output messages can be somewhat cryptic. The
+general form of the error message is:
+ server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
+The first line contains the name of the certificate being verified followed by
+the subject name of the certificate. The second line contains the error number
+and the depth. The depth is number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified itself
+then 1 for the CA that signed the certificate and so on. Finally a text version
+of the error number is presented.
+An exhaustive list of the error codes and messages is shown below, this also
+includes the name of the error code as defined in the header file x509_vfy.h
+Some of the error codes are defined but never returned: these are described
+as "unused".
+=over 4
+=item B<0 X509_V_OK: ok>
+the operation was successful.
+=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+the CRL of a certificate could not be found. Unused.
+=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+the certificate signature could not be decrypted. This means that the actual signature value
+could not be determined rather than it not matching the expected value, this is only
+meaningful for RSA keys.
+=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+the CRL signature could not be decrypted: this means that the actual signature value
+could not be determined rather than it not matching the expected value. Unused.
+=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+the signature of the certificate is invalid.
+=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+the signature of the certificate is invalid. Unused.
+=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+the certificate is not yet valid: the notBefore date is after the current time.
+=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+the CRL is not yet valid. Unused.
+=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired>
+the certificate has expired: that is the notAfter date is before the current time.
+=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+the CRL has expired. Unused.
+=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+the certificate notBefore field contains an invalid time.
+=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+the certificate notAfter field contains an invalid time.
+=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+the CRL lastUpdate field contains an invalid time. Unused.
+=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+the CRL nextUpdate field contains an invalid time. Unused.
+=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
+an error occurred trying to allocate memory. This should never happen.
+=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+the passed certificate is self signed and the same certificate cannot be found in the list of
+trusted certificates.
+=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+the certificate chain could be built up using the untrusted certificates but the root could not
+be found locally.
+=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+the issuer certificate of a locally looked up certificate could not be found. This normally means
+the list of trusted certificates is not complete.
+=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+no signatures could be verified because the chain contains only one certificate and it is not
+self signed.
+=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+the certificate chain length is greater than the supplied maximum depth. Unused.
+=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
+the certificate has been revoked. Unused.
+=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
+a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+with the supplied purpose.
+=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+the basicConstraints pathlength parameter has been exceeded.
+=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+the supplied certificate cannot be used for the specified purpose.
+=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+the root CA is not marked as trusted for the specified purpose.
+=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
+the root CA is marked to reject the specified purpose.
+=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+an application specific error. Unused.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/apps/version.pod b/crypto/openssl/doc/apps/version.pod
new file mode 100644
index 0000000..5d261a6
--- /dev/null
+++ b/crypto/openssl/doc/apps/version.pod
@@ -0,0 +1,56 @@
+=head1 NAME
+version - print OpenSSL version information
+=head1 SYNOPSIS
+B<openssl version>
+This command is used to print out version information about OpenSSL.
+=head1 OPTIONS
+=over 4
+=item B<-a>
+all information, this is the same as setting all the other flags.
+=item B<-v>
+the current OpenSSL version.
+=item B<-b>
+the date the current version of OpenSSL was built.
+=item B<-o>
+option information: various options set when the library was built.
+=item B<-c>
+compilation flags.
+=item B<-p>
+platform setting.
+=head1 NOTES
+The output of B<openssl version -a> would typically be used when sending
+in a bug report.
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
new file mode 100644
index 0000000..e4ae546
--- /dev/null
+++ b/crypto/openssl/doc/apps/x509.pod
@@ -0,0 +1,544 @@
+=head1 NAME
+x509 - Certificate display and signing utility
+=head1 SYNOPSIS
+B<openssl> B<x509>
+[B<-inform DER|PEM|NET>]
+[B<-outform DER|PEM|NET>]
+[B<-keyform DER|PEM>]
+[B<-CAform DER|PEM>]
+[B<-CAkeyform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-addtrust arg>]
+[B<-addreject arg>]
+[B<-setalias arg>]
+[B<-days arg>]
+[B<-signkey filename>]
+[B<-CA filename>]
+[B<-CAkey filename>]
+[B<-CAserial filename>]
+[B<-extfile filename>]
+[B<-extensions section>]
+The B<x509> command is a multi purpose certificate utility. It can be
+used to display certificate information, convert certificates to
+various forms, sign certificate requests like a "mini CA" or edit
+certificate trust settings.
+Since there are a large number of options they will split up into
+various sections.
+=over 4
+=item B<-inform DER|PEM|NET>
+This specifies the input format normally the command will expect an X509
+certificate but this can change if other options such as B<-req> are
+present. The DER format is the DER encoding of the certificate and PEM
+is the base64 encoding of the DER encoding with header and footer lines
+added. The NET option is an obscure Netscape server format that is now
+=item B<-outform DER|PEM|NET>
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+=item B<-in filename>
+This specifies the input filename to read a certificate from or standard input
+if this option is not specified.
+=item B<-out filename>
+This specifies the output filename to write to or standard output by
+=item B<-md2|-md5|-sha1|-mdc2>
+the digest to use. This affects any signing or display option that uses a message
+digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
+specified then MD5 is used. If the key being used to sign with is a DSA key then
+this option has no effect: SHA1 is always used with DSA keys.
+Note: the B<-alias> and B<-purpose> options are also display options
+but are described in the B<TRUST OPTIONS> section.
+=over 4
+=item B<-text>
+prints out the certificate in text form. Full details are output including the
+public key, signature algorithms, issuer and subject names, serial number
+any extensions present and any trust settings.
+=item B<-noout>
+this option prevents output of the encoded version of the request.
+=item B<-modulus>
+this option prints out the value of the modulus of the public key
+contained in the certificate.
+=item B<-serial>
+outputs the certificate serial number.
+=item B<-hash>
+outputs the "hash" of the certificate subject name. This is used in OpenSSL to
+form an index to allow certificates in a directory to be looked up by subject
+=item B<-subject>
+outputs the subject name.
+=item B<-issuer>
+outputs the issuer name.
+=item B<-startdate>
+prints out the start date of the certificate, that is the notBefore date.
+=item B<-enddate>
+prints out the expiry date of the certificate, that is the notAfter date.
+=item B<-dates>
+prints out the start and expiry dates of a certificate.
+=item B<-fingerprint>
+prints out the digest of the DER encoded version of the whole certificate.
+=item B<-C>
+this outputs the certificate in the form of a C source file.
+Please note these options are currently experimental and may well change.
+A B<trusted certificate> is an ordinary certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an "alias".
+Normally when a certificate is being verified at least one certificate
+must be "trusted". By default a trusted certificate must be stored
+locally and must be a root CA: any certificate chain ending in this CA
+is then usable for any purpose.
+Trust settings currently are only used with a root CA. They allow a finer
+control over the purposes the root CA can be used for. For example a CA
+may be trusted for SSL client but not SSL server use.
+See the description of the B<verify> utility for more information on the
+meaning of trust settings.
+Future versions of OpenSSL will recognize trust settings on any
+certificate: not just root CAs.
+=over 4
+=item B<-trustout>
+this causes B<x509> to output a B<trusted> certificate. An ordinary
+or trusted certificate can be input but by default an ordinary
+certificate is output and any trust settings are discarded. With the
+B<-trustout> option a trusted certificate is output. A trusted
+certificate is automatically output if any trust settings are modified.
+=item B<-setalias arg>
+sets the alias of the certificate. This will allow the certificate
+to be referred to using a nickname for example "Steve's Certificate".
+=item B<-alias>
+outputs the certificate alias, if any.
+=item B<-clrtrust>
+clears all the permitted or trusted uses of the certificate.
+=item B<-clrreject>
+clears all the prohibited or rejected uses of the certificate.
+=item B<-addtrust arg>
+adds a trusted certificate use. Any object name can be used here
+but currently only B<clientAuth> (SSL client use), B<serverAuth>
+(SSL server use) and B<emailProtection> (S/MIME email) are used.
+Other OpenSSL applications may define additional uses.
+=item B<-addreject arg>
+adds a prohibited use. It accepts the same values as the B<-addtrust>
+=item B<-purpose>
+this option performs tests on the certificate extensions and outputs
+the results. For a more complete description see the B<CERTIFICATE
+EXTENSIONS> section.
+The B<x509> utility can be used to sign certificates and requests: it
+can thus behave like a "mini CA".
+=over 4
+=item B<-signkey filename>
+this option causes the input file to be self signed using the supplied
+private key.
+If the input file is a certificate it sets the issuer name to the
+subject name (i.e. makes it self signed) changes the public key to the
+supplied value and changes the start and end dates. The start date is
+set to the current time and the end date is set to a value determined
+by the B<-days> option. Any certificate extensions are retained unless
+the B<-clrext> option is supplied.
+If the input is a certificate request then a self signed certificate
+is created using the supplied private key using the subject name in
+the request.
+=item B<-clrext>
+delete any extensions from a certificate. This option is used when a
+certificate is being created from another certificate (for example with
+the B<-signkey> or the B<-CA> options). Normally all extensions are
+=item B<-keyform PEM|DER>
+specifies the format (DER or PEM) of the private key file used in the
+B<-signkey> option.
+=item B<-days arg>
+specifies the number of days to make a certificate valid for. The default
+is 30 days.
+=item B<-x509toreq>
+converts a certificate into a certificate request. The B<-signkey> option
+is used to pass the required private key.
+=item B<-req>
+by default a certificate is expected on input. With this option a
+certificate request is expected instead.
+=item B<-CA filename>
+specifies the CA certificate to be used for signing. When this option is
+present B<x509> behaves like a "mini CA". The input file is signed by this
+CA using this option: that is its issuer name is set to the subject name
+of the CA and it is digitally signed using the CAs private key.
+This option is normally combined with the B<-req> option. Without the
+B<-req> option the input is a certificate which must be self signed.
+=item B<-CAkey filename>
+sets the CA private key to sign a certificate with. If this option is
+not specified then it is assumed that the CA private key is present in
+the CA certificate file.
+=item B<-CAserial filename>
+sets the CA serial number file to use.
+When the B<-CA> option is used to sign a certificate it uses a serial
+number specified in a file. This file consist of one line containing
+an even number of hex digits with the serial number to use. After each
+use the serial number is incremented and written out to the file again.
+The default filename consists of the CA certificate file base name with
+".srl" appended. For example if the CA certificate file is called
+"mycacert.pem" it expects to find a serial number file called "".
+=item B<-CAcreateserial filename>
+with this option the CA serial number file is created if it does not exist:
+it will contain the serial number "02" and the certificate being signed will
+have the 1 as its serial number. Normally if the B<-CA> option is specified
+and the serial number file does not exist it is an error.
+=item B<-extfile filename>
+file containing certificate extensions to use. If not specified then
+no extensions are added to the certificate.
+=item B<-extensions section>
+the section to add certificate extensions from. If this option is not
+specified then the extensions should either be contained in the unnamed
+(default) section or the default section should contain a variable called
+"extensions" which contains the section to use.
+=head1 EXAMPLES
+Note: in these examples the '\' means the example should be all on one
+Display the contents of a certificate:
+ openssl x509 -in cert.pem -noout -text
+Display the certificate serial number:
+ openssl x509 -in cert.pem -noout -serial
+Display the certificate MD5 fingerprint:
+ openssl x509 -in cert.pem -noout -fingerprint
+Display the certificate SHA1 fingerprint:
+ openssl x509 -sha1 -in cert.pem -noout -fingerprint
+Convert a certificate from PEM to DER format:
+ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+Convert a certificate to a certificate request:
+ openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+Convert a certificate request into a self signed certificate using
+extensions for a CA:
+ openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
+ -signkey key.pem -out cacert.pem
+Sign a certificate request using the CA certificate above and add user
+certificate extensions:
+ openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
+ -CA cacert.pem -CAkey key.pem -CAcreateserial
+Set a certificate to be trusted for SSL client use and change set its alias to
+"Steve's Class 1 CA"
+ openssl x509 -in cert.pem -addtrust sslclient \
+ -alias "Steve's Class 1 CA" -out trust.pem
+=head1 NOTES
+The PEM format uses the header and footer lines:
+it will also handle files containing:
+ -----END X509 CERTIFICATE----
+Trusted certificates have the lines
+The B<-fingerprint> option takes the digest of the DER encoded certificate.
+This is commonly called a "fingerprint". Because of the nature of message
+digests the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
+The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
+The B<-purpose> option checks the certificate extensions and determines
+what the certificate can be used for. The actual checks done are rather
+complex and include various hacks and workarounds to handle broken
+certificates and software.
+The same code is used when verifying untrusted certificates in chains
+so this section is useful if a chain is rejected by the verify code.
+The basicConstraints extension CA flag is used to determine whether the
+certificate can be used as a CA. If the CA flag is true then it is a CA,
+if the CA flag is false then it is not a CA. B<All> CAs should have the
+CA flag set to true.
+If the basicConstraints extension is absent then the certificate is
+considered to be a "possible CA" other extensions are checked according
+to the intended use of the certificate. A warning is given in this case
+because the certificate should really not be regarded as a CA: however
+it is allowed to be a CA to work around some broken software.
+If the certificate is a V1 certificate (and thus has no extensions) and
+it is self signed it is also assumed to be a CA but a warning is again
+given: this is to work around the problem of Verisign roots which are V1
+self signed certificates.
+If the keyUsage extension is present then additional restraints are
+made on the uses of the certificate. A CA certificate B<must> have the
+keyCertSign bit set if the keyUsage extension is present.
+The extended key usage extension places additional restrictions on the
+certificate uses. If this extension is present (whether critical or not)
+the key can only be used for the purposes specified.
+A complete description of each test is given below. The comments about
+basicConstraints and keyUsage and V1 certificates above apply to B<all>
+CA certificates.
+=over 4
+=item B<SSL Client>
+The extended key usage extension must be absent or include the "web client
+authentication" OID. keyUsage must be absent or it must have the
+digitalSignature bit set. Netscape certificate type must be absent or it must
+have the SSL client bit set.
+=item B<SSL Client CA>
+The extended key usage extension must be absent or include the "web client
+authentication" OID. Netscape certificate type must be absent or it must have
+the SSL CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+=item B<SSL Server>
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs. keyUsage must be absent or it
+must have the digitalSignature, the keyEncipherment set or both bits set.
+Netscape certificate type must be absent or have the SSL server bit set.
+=item B<SSL Server CA>
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs. Netscape certificate type must
+be absent or the SSL CA bit must be set: this is used as a work around if the
+basicConstraints extension is absent.
+=item B<Netscape SSL Server>
+For Netscape SSL clients to connect to an SSL server it must have the
+keyEncipherment bit set if the keyUsage extension is present. This isn't
+always valid because some cipher suites use the key for digital signing.
+Otherwise it is the same as a normal SSL server.
+=item B<Common S/MIME Client Tests>
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or should have the
+S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
+then the SSL client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+=item B<S/MIME Signing>
+In addition to the common S/MIME client tests the digitalSignature bit must
+be set if the keyUsage extension is present.
+=item B<S/MIME Encryption>
+In addition to the common S/MIME tests the keyEncipherment bit must be set
+if the keyUsage extension is present.
+=item B<S/MIME CA>
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or must have the
+S/MIME CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+=item B<CRL Signing>
+The keyUsage extension must be absent or it must have the CRL signing bit
+=item B<CRL Signing CA>
+The normal CA tests apply. Except in this case the basicConstraints extension
+must be present.
+=head1 BUGS
+The way DNs are printed is in a "historical SSLeay" format which doesn't
+follow any published standard. It should follow some standard like RFC2253
+or RFC1779 with options to make the stuff more readable.
+Extensions in certificates are not transferred to certificate requests and
+vice versa.
+It is possible to produce invalid certificates or requests by specifying the
+wrong private key or using inconsistent options in some cases: these should
+be checked.
+There should be options to explicitly set such things as start and end
+dates rather than an offset from the current time.
+The code to implement the verify behaviour described in the B<TRUST SETTINGS>
+is currently being developed. It thus describes the intended behavior rather
+than the current behaviour. It is hoped that it will represent reality in
+OpenSSL 0.9.5 and later.
+=head1 SEE ALSO
+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>
diff --git a/crypto/openssl/doc/c-indentation.el b/crypto/openssl/doc/c-indentation.el
index 9a4a0be..9111450 100644
--- a/crypto/openssl/doc/c-indentation.el
+++ b/crypto/openssl/doc/c-indentation.el
@@ -26,11 +26,20 @@
(c-offsets-alist . ((defun-open . +)
(defun-block-intro . 0)
+ (class-open . +)
+ (class-close . +)
(block-open . 0)
+ (block-close . 0)
(substatement-open . +)
+ (statement . 0)
(statement-block-intro . 0)
(statement-case-open . +)
(statement-case-intro . +)
(case-label . -)
(label . -)
- (arglist-cont-nonempty . +)))))
+ (arglist-cont-nonempty . +)
+ (topmost-intro . -)
+ (brace-list-close . +)
+ (brace-list-intro . +)
+ ))))
diff --git a/crypto/openssl/doc/crypto/BN_CTX_new.pod b/crypto/openssl/doc/crypto/BN_CTX_new.pod
new file mode 100644
index 0000000..c94d8c6
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_CTX_new.pod
@@ -0,0 +1,53 @@
+=head1 NAME
+BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BN_CTX *BN_CTX_new(void);
+ void BN_CTX_init(BN_CTX *c);
+ void BN_CTX_free(BN_CTX *c);
+A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
+library functions. Since dynamic memory allocation to create B<BIGNUM>s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the B<BN_CTX> structure is used.
+BN_CTX_new() allocates and initializes a B<BN_CTX>
+structure. BN_CTX_init() initializes an existing uninitialized
+BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
+created by BN_CTX_new(), also the structure itself.
+If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>,
+L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX>
+may be freed by BN_CTX_free().
+BN_CTX_new() returns a pointer to the B<BN_CTX>. If the allocation fails,
+it returns B<NULL> and sets an error code that can be obtained by
+BN_CTX_init() and BN_CTX_free() have no return values.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+=head1 HISTORY
+BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay
+and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b.
diff --git a/crypto/openssl/doc/crypto/BN_CTX_start.pod b/crypto/openssl/doc/crypto/BN_CTX_start.pod
new file mode 100644
index 0000000..c30552b
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_CTX_start.pod
@@ -0,0 +1,51 @@
+=head1 NAME
+BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ void BN_CTX_start(BN_CTX *ctx);
+ BIGNUM *BN_CTX_get(BN_CTX *ctx);
+ void BN_CTX_end(BN_CTX *ctx);
+These functions are used to obtain temporary B<BIGNUM> variables from
+a B<BN_CTX> in order to save the overhead of repeatedly creating and
+freeing B<BIGNUM>s in functions that are called from inside a loop.
+A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
+called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get()
+calls must be made before calling any other functions that use the
+B<ctx> as an argument.
+Finally, BN_CTX_end() must be called before returning from the function.
+When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
+BN_CTX_get() become invalid.
+BN_CTX_start() and BN_CTX_end() return no values.
+BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error.
+Once BN_CTX_get() has failed, the subsequent calls will return B<NULL>
+as well, so it is sufficient to check the return value of the last
+BN_CTX_get() call. In case of an error, an error code is set, which
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+=head1 HISTORY
+BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/BN_add.pod b/crypto/openssl/doc/crypto/BN_add.pod
new file mode 100644
index 0000000..0541d45
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_add.pod
@@ -0,0 +1,99 @@
+=head1 NAME
+BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
+BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+ BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+BN_add() adds B<a> and B<b> and places the result in B<r> (C<r=a+b>).
+B<r> may be the same B<BIGNUM> as B<a> or B<b>.
+BN_sub() subtracts B<b> from B<a> and places the result in B<r> (C<r=a-b>).
+BN_mul() multiplies B<a> and B<b> and places the result in B<r> (C<r=a*b>).
+B<r> may be the same B<BIGNUM> as B<a> or B<b>.
+For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>.
+BN_div() divides B<a> by B<d> and places the result in B<dv> and the
+remainder in B<rem> (C<dv=a/d, rem=a%d>). Either of B<dv> and B<rem> may
+be NULL, in which case the respective value is not returned.
+For division by powers of 2, use BN_rshift(3).
+BN_sqr() takes the square of B<a> and places the result in B<r>
+(C<r=a^2>). B<r> and B<a> may be the same B<BIGNUM>.
+This function is faster than BN_mul(r,a,a).
+BN_mod() find the remainder of B<a> divided by B<m> and places it in
+B<rem> (C<rem=a%m>).
+BN_mod_mul() multiplies B<a> by B<b> and finds the remainder when
+divided by B<m> (C<r=(a*b)%m>). B<r> may be the same B<BIGNUM> as B<a>
+or B<b>. For a more efficient algorithm, see
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>; for repeated
+computations using the same modulus, see L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
+BN_exp() raises B<a> to the B<p>-th power and places the result in B<r>
+(C<r=a^p>). This function is faster than repeated applications of
+BN_mod_exp() computes B<a> to the B<p>-th power modulo B<m> (C<r=a^p %
+m>). This function uses less time and space than BN_exp().
+BN_gcd() computes the greatest common divisor of B<a> and B<b> and
+places the result in B<r>. B<r> may be the same B<BIGNUM> as B<a> or
+For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>.
+Unless noted otherwise, the result B<BIGNUM> must be different from
+the arguments.
+For all functions, 1 is returned for success, 0 on error. The return
+value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+=head1 HISTORY
+BN_add(), BN_sub(), BN_div(), BN_sqr(), BN_mod(), BN_mod_mul(),
+BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and
+OpenSSL. The B<ctx> argument to BN_mul() was added in SSLeay
+0.9.1b. BN_exp() appeared in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/BN_add_word.pod b/crypto/openssl/doc/crypto/BN_add_word.pod
new file mode 100644
index 0000000..66bedfb
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_add_word.pod
@@ -0,0 +1,57 @@
+=head1 NAME
+BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic
+functions on BIGNUMs with integers
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers. They are much more efficient than the normal BIGNUM
+arithmetic operations.
+BN_add_word() adds B<w> to B<a> (C<a+=w>).
+BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
+BN_mul_word() multiplies B<a> and B<w> (C<a*=b>).
+BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
+BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%m>).
+For BN_div_word() and BN_mod_word(), B<w> must not be 0.
+BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0
+on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+BN_mod_word() and BN_div_word() return B<a>%B<w>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+=head1 HISTORY
+BN_add_word() and BN_mod_word() are available in all versions of
+SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and
+BN_sub_word() and BN_mul_word() in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/BN_bn2bin.pod b/crypto/openssl/doc/crypto/BN_bn2bin.pod
new file mode 100644
index 0000000..05f9e62
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_bn2bin.pod
@@ -0,0 +1,95 @@
+=head1 NAME
+BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+BN_bn2bin() converts the absolute value of B<a> into big-endian form
+and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of
+BN_bin2bn() converts the positive integer in big-endian form of length
+B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is
+NULL, a new B<BIGNUM> is created.
+BN_bn2hex() and BN_bn2dec() return printable strings containing the
+hexadecimal and decimal encoding of B<a> respectively. For negative
+numbers, the string is prefaced with a leading '-'. The string must be
+Free()d later.
+BN_hex2bn() converts the string B<str> containing a hexadecimal number
+to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
+B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
+length in hexadecimal digits. If the string starts with '-', the
+number is negative. BN_dec2bn() is the same using the decimal system.
+BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
+with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
+BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+that consists of the number's length in bytes represented as a 3-byte
+big-endian number, and the number itself in big-endian format, where
+the most significant bit signals a negative number (the representation
+of numbers with the MSB set is prefixed with null byte).
+BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to>
+must be large enough to hold the result. The size can be determined by
+calling BN_bn2mpi(B<a>, NULL).
+BN_mpi2bn() converts the B<len> bytes long representation at B<s> to
+a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM>
+if B<ret> is NULL.
+BN_bn2bin() returns the length of the big-endian number placed at B<to>.
+BN_bin2bn() returns the B<BIGNUM>, NULL on error.
+BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
+on error. BN_hex2bn() and BN_dec2bn() return the number's length in
+hexadecimal or decimal digits, and 0 on error.
+BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
+BN_bn2mpi() returns the length of the representation. BN_mpi2bn()
+returns the B<BIGNUM>, and NULL on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+=head1 HISTORY
+BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available
+in all versions of SSLeay and OpenSSL.
+BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and
+BN_mpi2bn() were added in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/BN_cmp.pod b/crypto/openssl/doc/crypto/BN_cmp.pod
new file mode 100644
index 0000000..23e9ed0
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_cmp.pod
@@ -0,0 +1,48 @@
+=head1 NAME
+BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
+absolute values.
+BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
+or B<w> respectively. BN_is_odd() tests if a is odd.
+BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
+BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
+B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
+of B<a> and B<b>.
+BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
+the condition is true, 0 otherwise.
+=head1 SEE ALSO
+=head1 HISTORY
+BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are
+available in all versions of SSLeay and OpenSSL.
+BN_is_odd() was added in SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/BN_copy.pod b/crypto/openssl/doc/crypto/BN_copy.pod
new file mode 100644
index 0000000..8ad25e7
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_copy.pod
@@ -0,0 +1,34 @@
+=head1 NAME
+BN_copy, BN_dup - copy BIGNUMs
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+ BIGNUM *BN_dup(const BIGNUM *from);
+BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM>
+containing the value B<from>.
+BN_copy() returns B<to> on success, NULL on error. BN_dup() returns
+the new B<BIGNUM>, and NULL on error. The error codes can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>
+=head1 HISTORY
+BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod
new file mode 100644
index 0000000..638f651
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_generate_prime.pod
@@ -0,0 +1,102 @@
+=head1 NAME
+BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+ BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
+ void *), BN_CTX *ctx, void *cb_arg);
+ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+ int do_trial_division);
+BN_generate_prime() generates a pseudo-random prime number of B<num>
+If B<ret> is not B<NULL>, it will be used to store the number.
+If B<callback> is not B<NULL>, it is called as follows:
+=over 4
+=item *
+B<callback(0, i, cb_arg)> is called after generating the i-th
+potential prime number.
+=item *
+While the number is being tested for primality, B<callback(1, j,
+cb_arg)> is called as described below.
+=item *
+When a prime has been found, B<callback(2, i, cb_arg)> is called.
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add>
+== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given
+If B<safe> is true, it will be a safe prime (i.e. a prime p so
+that (p-1)/2 is also prime).
+The PRNG must be seeded prior to calling BN_generate_prime().
+The prime number generation has a negligible error probability.
+BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is
+prime. The following tests are performed until one of them shows that
+B<a> is composite; if B<a> passes all these tests, it is considered
+BN_is_prime_fasttest(), when called with B<do_trial_division == 1>,
+first attempts trial division by a number of small primes;
+if no divisors are found by this test and B<callback> is not B<NULL>,
+B<callback(1, -1, cb_arg)> is called.
+If B<do_trial_division == 0>, this test is skipped.
+Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+probabilistic primality test with B<checks> iterations. If
+B<checks == BN_prime_check>, a number of iterations is used that
+yields a false positive rate of at most 2^-80 for random input.
+If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+after the j-th iteration (j = 0, 1, ...). B<ctx> is a
+pre-allocated B<BN_CTX> (to save the overhead of allocating and
+freeing the structure in a loop), or B<NULL>.
+BN_generate_prime() returns the prime number on success, B<NULL> otherwise.
+BN_is_prime() returns 0 if the number is composite, 1 if it is
+prime with an error probability of less than 0.25^B<checks>, and
+-1 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+=head1 HISTORY
+The B<cb_arg> arguments to BN_generate_prime() and to BN_is_prime()
+were added in SSLeay 0.9.0. The B<ret> argument to BN_generate_prime()
+was added in SSLeay 0.9.1.
+BN_is_prime_fasttest() was added in OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/BN_mod_inverse.pod b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
new file mode 100644
index 0000000..49e62da
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
@@ -0,0 +1,36 @@
+=head1 NAME
+BN_mod_inverse - compute inverse modulo n
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx);
+BN_mod_inverse() computes the inverse of B<a> modulo B<n>
+places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
+a new B<BIGNUM> is created.
+B<ctx> is a previously allocated B<BN_CTX> used for temporary
+variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
+BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and
+NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+=head1 HISTORY
+BN_mod_inverse() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
new file mode 100644
index 0000000..0f0c137
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
@@ -0,0 +1,95 @@
+=head1 NAME
+BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+These functions implement Montgomery multiplication. They are used
+automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input,
+but they may be useful when several operations are to be performed
+using the same modulus.
+BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
+BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
+BN_MONT_CTX_set() sets up the B<mont> structure from the modulus B<m>
+by precomputing its inverse and a value R.
+BN_MONT_CTX_copy() copies the B<N_MONT_CTX> B<from> to B<to>.
+BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
+it was created by BN_MONT_CTX_new(), also the structure itself.
+BN_mod_mul_montgomery() computes Mont(B<a>,B<b>):=B<a>*B<b>*R^-1 and places
+the result in B<r>.
+BN_from_montgomery() performs the Montgomery reduction B<r> = B<a>*R^-1.
+BN_to_montgomery() computes Mont(B<a>,R^2).
+For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables.
+The B<BN_MONT_CTX> structure is defined as follows:
+ typedef struct bn_mont_ctx_st
+ {
+ int ri; /* number of bits in R */
+ BIGNUM RR; /* R^2 (used to convert to Montgomery form) */
+ BIGNUM N; /* The modulus */
+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
+ * (Ni is only stored for bignum algorithm) */
+ BN_ULONG n0; /* least significant word of Ni */
+ int flags;
+BN_to_montgomery() is a macro.
+BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
+on error.
+BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+=head1 HISTORY
+BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(),
+BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery()
+are available in all versions of SSLeay and OpenSSL.
+BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b.
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
new file mode 100644
index 0000000..32432ce
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -0,0 +1,81 @@
+=head1 NAME
+BN_mod_mul_reciprocal, BN_RECP_CTX_new, BN_RECP_CTX_init,
+BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+ BN_CTX *ctx);
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+BN_mod_mul_reciprocal() can be used to perform an efficient
+L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed
+repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m>
+using B<recp>=1/B<m>, which is set as described below. B<ctx> is a
+previously allocated B<BN_CTX> used for temporary variables.
+BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
+BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
+BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
+was created by BN_RECP_CTX_new(), also the structure itself.
+BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing
+1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an
+integer. The result and the number of bits it was shifted left will
+later be stored in B<recp>.
+BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient
+in B<dv> and the remainder in B<rem>.
+The B<BN_RECP_CTX> structure is defined as follows:
+ typedef struct bn_recp_ctx_st
+ {
+ BIGNUM N; /* the divisor */
+ BIGNUM Nr; /* the reciprocal */
+ int num_bits;
+ int shift;
+ int flags;
+It cannot be shared between threads.
+BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
+on error.
+BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+=head1 HISTORY
+B<BN_RECP_CTX> was added in SSLeay 0.9.0. Before that, the function
+BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal()
+arguments were different.
diff --git a/crypto/openssl/doc/crypto/BN_new.pod b/crypto/openssl/doc/crypto/BN_new.pod
new file mode 100644
index 0000000..c1394ff
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_new.pod
@@ -0,0 +1,53 @@
+=head1 NAME
+BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BIGNUM *BN_new(void);
+ void BN_init(BIGNUM *);
+ void BN_clear(BIGNUM *a);
+ void BN_free(BIGNUM *a);
+ void BN_clear_free(BIGNUM *a);
+BN_new() allocated and initializes a B<BIGNUM> structure. BN_init()
+initializes an existing uninitialized B<BIGNUM>.
+BN_clear() is used to destroy sensitive data such as keys when they
+are no longer needed. It erases the memory used by B<a> and sets it
+to the value 0.
+BN_free() frees the components of the B<BIGNUM>, and if it was created
+by BN_new(), also the structure itself. BN_clear_free() additionally
+overwrites the data before the memory is returned to the system.
+BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
+it returns B<NULL> and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)>.
+BN_init(), BN_clear(), BN_free() and BN_clear_free() have no return
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>
+=head1 HISTORY
+BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in
+all versions on SSLeay and OpenSSL. BN_init() was added in SSLeay
diff --git a/crypto/openssl/doc/crypto/BN_num_bytes.pod b/crypto/openssl/doc/crypto/BN_num_bytes.pod
new file mode 100644
index 0000000..61589fb
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_num_bytes.pod
@@ -0,0 +1,37 @@
+=head1 NAME
+BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_num_bytes(const BIGNUM *a);
+ int BN_num_bits(const BIGNUM *a);
+ int BN_num_bits_word(BN_ULONG w);
+These functions return the size of a B<BIGNUM> in bytes or bits,
+and the size of an unsigned integer in bits.
+BN_num_bytes() is a macro.
+The size.
+=head1 SEE ALSO
+=head1 HISTORY
+BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in
+all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod
new file mode 100644
index 0000000..33363c9
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_rand.pod
@@ -0,0 +1,45 @@
+=head1 NAME
+BN_rand, BN_pseudo_rand - generate pseudo-random number
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+BN_rand() generates a cryptographically strong pseudo-random number of
+B<bits> bits in length and stores it in B<rnd>. If B<top> is true, the
+two most significant bits of the number will be set to 1, so that the
+product of two such random numbers will always have 2*B<bits> length.
+If B<bottom> is true, the number will be odd.
+BN_pseudo_rand() does the same, but pseudo-random numbers generated by
+this function are not necessarily unpredictable. They can be used for
+non-cryptographic purposes and for certain purposes in cryptographic
+protocols, but usually not for key generation etc.
+The PRNG must be seeded prior to calling BN_rand().
+BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+=head1 HISTORY
+BN_rand() is available in all versions of SSLeay and OpenSSL.
+BN_pseudo_rand() was added in OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/BN_set_bit.pod b/crypto/openssl/doc/crypto/BN_set_bit.pod
new file mode 100644
index 0000000..b7c47b9
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_set_bit.pod
@@ -0,0 +1,66 @@
+=head1 NAME
+BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+ int BN_is_bit_set(const BIGNUM *a, int n);
+ int BN_mask_bits(BIGNUM *a, int n);
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The
+number is expanded if necessary.
+BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An
+error occurs if B<a> is shorter than B<n> bits.
+BN_is_bit_set() tests if bit B<n> in B<a> is set.
+BN_mask_bits() truncates B<a> to an B<n> bit number
+(C<a&=~((~0)E<gt>E<gt>n)>). An error occurs if B<a> already is
+shorter than B<n> bits.
+BN_lshift() shifts B<a> left by B<n> bits and places the result in
+B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
+the result in B<r> (C<r=2*a>).
+BN_rshift() shifts B<a> right by B<n> bits and places the result in
+B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
+the result in B<r> (C<r=a/2>).
+For the shift functions, B<r> and B<a> may be the same variable.
+BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.
+All other functions return 1 for success, 0 on error. The error codes
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>
+=head1 HISTORY
+BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(),
+BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available
+in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/BN_zero.pod b/crypto/openssl/doc/crypto/BN_zero.pod
new file mode 100644
index 0000000..165fd9a
--- /dev/null
+++ b/crypto/openssl/doc/crypto/BN_zero.pod
@@ -0,0 +1,55 @@
+=head1 NAME
+BN_zero, BN_one, BN_set_word, BN_get_word - BIGNUM assignment operations
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+ BIGNUM *BN_value_one(void);
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
+B<w> respectively. BN_zero() and BN_one() are macros.
+BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
+is useful for use in comparisons and assignment.
+BN_get_word() returns B<a>, if it can be represented as an unsigned
+BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
+be represented as an unsigned long.
+BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
+BN_value_one() returns the constant.
+=head1 BUGS
+Someone might change the constant.
+If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
+unsigned long but this value is also returned on error.
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+=head1 HISTORY
+BN_zero(), BN_one() and BN_set_word() are available in all versions of
+SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
+SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod b/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod
new file mode 100644
index 0000000..1bd5bed
--- /dev/null
+++ b/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod
@@ -0,0 +1,51 @@
+=head1 NAME
+CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data functions
+=head1 SYNOPSIS
+ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+ void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+These functions should only be used by applications to manipulate
+B<CRYPTO_EX_DATA> structures passed to the B<new_func()>, B<free_func()> and
+B<dup_func()> callbacks: as passed to B<RSA_get_ex_new_index()> for example.
+B<CRYPTO_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+B<CRYPTO_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<CRYPTO_set_ex_data()> call.
+B<CRYPTO_set_ex_data()> returns 1 on success or 0 on failure.
+B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+=head1 HISTORY
+CRYPTO_set_ex_data() and CRYPTO_get_ex_data() have been available since SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/DH_generate_key.pod b/crypto/openssl/doc/crypto/DH_generate_key.pod
new file mode 100644
index 0000000..920995b
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DH_generate_key.pod
@@ -0,0 +1,50 @@
+=head1 NAME
+DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ int DH_generate_key(DH *dh);
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+DH_generate_key() performs the first step of a Diffie-Hellman key
+exchange by generating private and public DH values. By calling
+DH_compute_key(), these are combined with the other party's public
+value to compute the shared key.
+DH_generate_key() expects B<dh> to contain the shared parameters
+B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+DH_compute_key() computes the shared secret from the private DH value
+in B<dh> and the other party's public value in B<pub_key> and stores
+it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+DH_generate_key() returns 1 on success, 0 otherwise.
+DH_compute_key() returns the size of the shared secret on success, -1
+on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+=head1 HISTORY
+DH_generate_key() and DH_compute_key() are available in all versions
+of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/DH_generate_parameters.pod b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
new file mode 100644
index 0000000..a7d0c75
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
@@ -0,0 +1,72 @@
+=head1 NAME
+DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int, int, void *), void *cb_arg);
+ int DH_check(DH *dh, int *codes);
+DH_generate_parameters() generates Diffie-Hellman parameters that can
+be shared among a group of users, and returns them in a newly
+allocated B<DH> structure. The pseudo-random number generator must be
+seeded prior to calling DH_generate_parameters().
+B<prime_len> is the length in bits of the safe prime to be generated.
+B<generator> is a small number E<gt> 1, typically 2 or 5.
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
+number is generated, and when a prime has been found, B<callback(3,
+0, cb_arg)> is called.
+DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
+a safe prime, and that B<g> is a suitable generator. In the case of an
+error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
+DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
+DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
+checked, i.e. it does not equal 2 or 5.
+DH_generate_parameters() returns a pointer to the DH structure, or
+NULL if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+DH_check() returns 1 if the check could be performed, 0 otherwise.
+=head1 NOTES
+DH_generate_parameters() may run for several hours before finding a
+suitable prime.
+The parameters generated by DH_generate_parameters() are not to be
+used in signature schemes.
+=head1 BUGS
+If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
+a usable generator.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+=head1 HISTORY
+DH_check() is available in all versions of SSLeay and OpenSSL.
+The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
+In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
diff --git a/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod b/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
new file mode 100644
index 0000000..82e2548
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=head1 NAME
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ int DH_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+ int DH_set_ex_data(DH *d, int idx, void *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+These functions handle application specific data in DH
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+=head1 SEE ALSO
+L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
+=head1 HISTORY
+DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+available since OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/DH_new.pod b/crypto/openssl/doc/crypto/DH_new.pod
new file mode 100644
index 0000000..64624b9
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DH_new.pod
@@ -0,0 +1,40 @@
+=head1 NAME
+DH_new, DH_free - allocate and free DH objects
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH* DH_new(void);
+ void DH_free(DH *dh);
+DH_new() allocates and initializes a B<DH> structure.
+DH_free() frees the B<DH> structure and its components. The values are
+erased before the memory is returned to the system.
+If the allocation fails, DH_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+DH_free() returns no value.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+=head1 HISTORY
+DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/DH_set_method.pod b/crypto/openssl/doc/crypto/DH_set_method.pod
new file mode 100644
index 0000000..a8f75bd
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DH_set_method.pod
@@ -0,0 +1,99 @@
+=head1 NAME
+DH_set_default_method, DH_get_default_method, DH_set_method,
+DH_new_method, DH_OpenSSL - select DH method
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ void DH_set_default_method(DH_METHOD *meth);
+ DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ DH *DH_new_method(DH_METHOD *meth);
+ DH_METHOD *DH_OpenSSL(void);
+A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used.
+Initially, the default is to use the OpenSSL internal implementation.
+DH_OpenSSL() returns a pointer to that method.
+DH_set_default_method() makes B<meth> the default method for all B<DH>
+structures created later.
+DH_get_default_method() returns a pointer to the current default
+DH_set_method() selects B<meth> for all operations using the structure B<dh>.
+DH_get_method() returns a pointer to the method currently selected
+for B<dh>.
+DH_new_method() allocates and initializes a B<DH> structure so that
+B<method> will be used for the DH operations. If B<method> is B<NULL>,
+the default method is used.
+ typedef struct dh_meth_st
+ {
+ /* name of the implementation */
+ const char *name;
+ /* generate private and public DH values for key agreement */
+ int (*generate_key)(DH *dh);
+ /* compute shared secret */
+ int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ /* compute r = a ^ p mod m (May be NULL for some implementations) */
+ int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+ /* called at DH_new */
+ int (*init)(DH *dh);
+ /* called at DH_free */
+ int (*finish)(DH *dh);
+ int flags;
+ char *app_data; /* ?? */
+DH_OpenSSL(), DH_get_default_method() and DH_get_method() return
+pointers to the respective B<DH_METHOD>s.
+DH_set_default_method() returns no value.
+DH_set_method() returns a pointer to the B<DH_METHOD> previously
+associated with B<dh>.
+DH_new_method() returns B<NULL> and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
+=head1 HISTORY
+DH_set_default_method(), DH_get_default_method(), DH_set_method(),
+DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
diff --git a/crypto/openssl/doc/crypto/DH_size.pod b/crypto/openssl/doc/crypto/DH_size.pod
new file mode 100644
index 0000000..97f26fd
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DH_size.pod
@@ -0,0 +1,33 @@
+=head1 NAME
+DH_size - get Diffie-Hellman prime size
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ int DH_size(DH *dh);
+This function returns the Diffie-Hellman size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by DH_compute_key().
+B<dh-E<gt>p> must not be B<NULL>.
+The size in bytes.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
+=head1 HISTORY
+DH_size() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/DSA_SIG_new.pod b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
new file mode 100644
index 0000000..6716555
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
@@ -0,0 +1,39 @@
+=head1 NAME
+DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA_SIG *DSA_SIG_new(void);
+ void DSA_SIG_free(DSA_SIG *a);
+DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
+DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
+values are erased before the memory is returned to the system.
+If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
+error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+DSA_SIG_free() returns no value.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+=head1 HISTORY
+DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
diff --git a/crypto/openssl/doc/crypto/DSA_do_sign.pod b/crypto/openssl/doc/crypto/DSA_do_sign.pod
new file mode 100644
index 0000000..a24fd57
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_do_sign.pod
@@ -0,0 +1,47 @@
+=head1 NAME
+DSA_do_sign, DSA_do_verify - raw DSA signature operations
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+DSA_do_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and returns it in a
+newly allocated B<DSA_SIG> structure.
+L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
+of the signing operation in case signature generation is
+DSA_do_verify() verifies that the signature B<sig> matches a given
+message digest B<dgst> of size B<len>. B<dsa> is the signer's public
+DSA_do_sign() returns the signature, NULL on error. DSA_do_verify()
+returns 1 for a valid signature, 0 for an incorrect signature and -1
+on error. The error codes can be obtained by
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+=head1 HISTORY
+DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
diff --git a/crypto/openssl/doc/crypto/DSA_dup_DH.pod b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
new file mode 100644
index 0000000..29cb107
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
@@ -0,0 +1,36 @@
+=head1 NAME
+DSA_dup_DH - create a DH structure out of DSA structure
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DH * DSA_dup_DH(DSA *r);
+DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
+is lost during that conversion, but the resulting DH parameters
+contain its length.
+DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTE
+Be careful to avoid small subgroup attacks when using this.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+=head1 HISTORY
+DSA_dup_DH() was added in OpenSSL 0.9.4.
diff --git a/crypto/openssl/doc/crypto/DSA_generate_key.pod b/crypto/openssl/doc/crypto/DSA_generate_key.pod
new file mode 100644
index 0000000..52890db
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_generate_key.pod
@@ -0,0 +1,33 @@
+=head1 NAME
+DSA_generate_key - generate DSA key pair
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int DSA_generate_key(DSA *a);
+DSA_generate_key() expects B<a> to contain DSA parameters. It generates
+a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
+The PRNG must be seeded prior to calling DSA_generate_key().
+DSA_generate_key() returns 1 on success, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+=head1 HISTORY
+DSA_generate_key() is available since SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
new file mode 100644
index 0000000..43f60b0
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
@@ -0,0 +1,105 @@
+=head1 NAME
+DSA_generate_parameters - generate DSA parameters
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+ int seed_len, int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *), void *cb_arg);
+DSA_generate_parameters() generates primes p and q and a generator g
+for use in the DSA.
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
+DSA_generate_parameters() places the iteration count in
+*B<counter_ret> and a counter used for finding a generator in
+*B<h_ret>, unless these are B<NULL>.
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as follows:
+=over 4
+=item *
+When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
+(m is 0 for the first candidate).
+=item *
+When a candidate for q has passed a test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+=item *
+When a prime q has been found, B<callback(2, 0, cb_arg)> and
+B<callback(3, 0, cb_arg)> are called.
+=item *
+Before a candidate for p (other than the first) is generated and tested,
+B<callback(0, counter, cb_arg)> is called.
+=item *
+When a candidate for p has passed the test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+=item *
+When p has been found, B<callback(2, 1, cb_arg)> is called.
+=item *
+When the generator has been found, B<callback(3, 1, cb_arg)> is called.
+DSA_generate_parameters() returns a pointer to the DSA structure, or
+B<NULL> if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+Seed lengths E<gt> 20 are not supported.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+=head1 HISTORY
+DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
+argument was added in SSLeay 0.9.0.
+In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to B<callback> did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
+is called as in BN_is_prime(3), i.e. once for each witness.
diff --git a/crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod b/crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod
new file mode 100644
index 0000000..4612e70
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=head1 NAME
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
+=head1 SYNOPSIS
+ #include <openssl/DSA.h>
+ int DSA_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+ int DSA_set_ex_data(DSA *d, int idx, void *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+These functions handle application specific data in DSA
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+=head1 SEE ALSO
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
+=head1 HISTORY
+DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
+available since OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/DSA_new.pod b/crypto/openssl/doc/crypto/DSA_new.pod
new file mode 100644
index 0000000..7dde544
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_new.pod
@@ -0,0 +1,41 @@
+=head1 NAME
+DSA_new, DSA_free - allocate and free DSA objects
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA* DSA_new(void);
+ void DSA_free(DSA *dsa);
+DSA_new() allocates and initializes a B<DSA> structure.
+DSA_free() frees the B<DSA> structure and its components. The values are
+erased before the memory is returned to the system.
+If the allocation fails, DSA_new() returns B<NULL> and sets an error
+code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+DSA_free() returns no value.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+=head1 HISTORY
+DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/DSA_set_method.pod b/crypto/openssl/doc/crypto/DSA_set_method.pod
new file mode 100644
index 0000000..edec464
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_set_method.pod
@@ -0,0 +1,112 @@
+=head1 NAME
+DSA_set_default_method, DSA_get_default_method, DSA_set_method,
+DSA_new_method, DSA_OpenSSL - select RSA method
+=head1 SYNOPSIS
+ #include <openssl/DSA.h>
+ void DSA_set_default_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_OpenSSL(void);
+A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used.
+Initially, the default is to use the OpenSSL internal implementation.
+DSA_OpenSSL() returns a pointer to that method.
+DSA_set_default_method() makes B<meth> the default method for all B<DSA>
+structures created later.
+DSA_get_default_method() returns a pointer to the current default
+DSA_set_method() selects B<meth> for all operations using the structure B<DSA>.
+DSA_get_method() returns a pointer to the method currently selected
+for B<DSA>.
+DSA_new_method() allocates and initializes a B<DSA> structure so that
+B<method> will be used for the DSA operations. If B<method> is B<NULL>,
+the default method is used.
+ {
+ /* name of the implementation */
+ const char *name;
+ /* sign */
+ DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+ /* pre-compute k^-1 and r */
+ int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+ /* verify */
+ int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+ /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
+ implementations) */
+ int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ /* compute r = a ^ p mod m (May be NULL for some implementations) */
+ int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ /* called at DSA_new */
+ int (*init)(DSA *DSA);
+ /* called at DSA_free */
+ int (*finish)(DSA *DSA);
+ int flags;
+ char *app_data; /* ?? */
+DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return
+pointers to the respective B<DSA_METHOD>s.
+DSA_set_default_method() returns no value.
+DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
+associated with B<dsa>.
+DSA_new_method() returns B<NULL> and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
+fails. Otherwise it returns a pointer to the newly allocated
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
+=head1 HISTORY
+DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
+DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
diff --git a/crypto/openssl/doc/crypto/DSA_sign.pod b/crypto/openssl/doc/crypto/DSA_sign.pod
new file mode 100644
index 0000000..f6e60a8
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_sign.pod
@@ -0,0 +1,66 @@
+=head1 NAME
+DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int DSA_sign(int type, const unsigned char *dgst, int len,
+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+ BIGNUM **rp);
+ int DSA_verify(int type, const unsigned char *dgst, int len,
+ unsigned char *sigbuf, int siglen, DSA *dsa);
+DSA_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
+encoding at B<sigret>. The length of the signature is places in
+*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
+DSA_sign_setup() may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+B<dsa> to contain DSA parameters. It places the precomputed values
+in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
+the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
+be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
+B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<dgst> of size B<len>.
+B<dsa> is the signer's public key.
+The B<type> parameter is ignored.
+The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
+is called.
+DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
+DSA_verify() returns 1 for a valid signature, 0 for an incorrect
+signature and -1 on error. The error codes can be obtained by
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+=head1 HISTORY
+DSA_sign() and DSA_verify() are available in all versions of SSLeay.
+DSA_sign_setup() was added in SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/DSA_size.pod b/crypto/openssl/doc/crypto/DSA_size.pod
new file mode 100644
index 0000000..23b6320
--- /dev/null
+++ b/crypto/openssl/doc/crypto/DSA_size.pod
@@ -0,0 +1,33 @@
+=head1 NAME
+DSA_size - get DSA signature size
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int DSA_size(DSA *dsa);
+This function returns the size of an ASN.1 encoded DSA signature in
+bytes. It can be used to determine how much memory must be allocated
+for a DSA signature.
+B<dsa-E<gt>q> must not be B<NULL>.
+The size in bytes.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
+=head1 HISTORY
+DSA_size() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/ERR_GET_LIB.pod b/crypto/openssl/doc/crypto/ERR_GET_LIB.pod
new file mode 100644
index 0000000..2a129da
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_GET_LIB.pod
@@ -0,0 +1,51 @@
+=head1 NAME
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
+reason code
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ int ERR_GET_LIB(unsigned long e);
+ int ERR_GET_FUNC(unsigned long e);
+ int ERR_GET_REASON(unsigned long e);
+The error code returned by ERR_get_error() consists of a library
+number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
+and ERR_GET_REASON() can be used to extract these.
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library. Note that different
+libraries may use the same value to signal different functions and
+B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
+The library number, function code and reason code respectively.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
+all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/ERR_clear_error.pod b/crypto/openssl/doc/crypto/ERR_clear_error.pod
new file mode 100644
index 0000000..566e1f4
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_clear_error.pod
@@ -0,0 +1,29 @@
+=head1 NAME
+ERR_clear_error - clear the error queue
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_clear_error(void);
+ERR_clear_error() empties the current thread's error queue.
+ERR_clear_error() has no return value.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/ERR_error_string.pod b/crypto/openssl/doc/crypto/ERR_error_string.pod
new file mode 100644
index 0000000..0d24175
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_error_string.pod
@@ -0,0 +1,65 @@
+=head1 NAME
+ERR_error_string - obtain human-readable error message
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ char *ERR_error_string(unsigned long e, char *buf);
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+ERR_error_string() generates a human-readable string representing the
+error code B<e>, and places it at B<buf>. B<buf> must be at least 120
+bytes long. If B<buf> is B<NULL>, the error string is placed in a
+static buffer.
+The string will have the following format:
+ error:[error code]:[library name]:[function name]:[reason string]
+I<error code> is an 8 digit hexadecimal number, I<library name>,
+I<function name> and I<reason string> are ASCII text.
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the library name, function
+name and reason string respectively.
+The OpenSSL error strings should be loaded by calling
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
+applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
+all error codes currently in the queue.
+ERR_error_string() returns a pointer to a static buffer containing the
+string if B<buf == NULL>, B<buf> otherwise.
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the strings, and B<NULL> if
+none is registered for the error code.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+=head1 HISTORY
+ERR_error_string() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/ERR_get_error.pod b/crypto/openssl/doc/crypto/ERR_get_error.pod
new file mode 100644
index 0000000..75ece00
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_get_error.pod
@@ -0,0 +1,62 @@
+=head1 NAME
+ERR_get_error, ERR_peek_error - obtain error code
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+ERR_get_error() returns the last error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+ERR_peek_error() returns the last error code from the thread's
+error queue without modifying it.
+See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
+location and reason of the error, and
+L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
+ERR_get_error_line() and ERR_peek_error_line() are the same as the
+above, but they additionally store the file name and line number where
+the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
+ERR_get_error_line_data() and ERR_peek_error_line_data() store
+additional data and flags associated with the error code in *B<data>
+and *B<flags>, unless these are B<NULL>. *B<data> contains a string
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(),
+*B<flags>&B<ERR_TXT_MALLOCED> is true.
+The error code, or 0 if there is no error in the queue.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+=head1 HISTORY
+ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
+ERR_peek_error_line() are available in all versions of SSLeay and
+OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
+were added in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod b/crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod
new file mode 100644
index 0000000..9bdec75
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod
@@ -0,0 +1,46 @@
+=head1 NAME
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
+load and free error strings
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+ #include <openssl/ssl.h>
+ void SSL_load_error_strings(void);
+ERR_load_crypto_strings() registers the error strings for all
+B<libcrypto> functions. SSL_load_error_strings() does the same,
+but also registers the B<libssl> error strings.
+One of these functions should be called before generating
+textual error messages. However, this is not required when memory
+usage is an issue.
+ERR_free_strings() frees all previously loaded error strings.
+ERR_load_crypto_strings(), SSL_load_error_strings() and
+ERR_free_strings() return no values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
+=head1 HISTORY
+ERR_load_error_strings(), SSL_load_error_strings() and
+ERR_free_strings() are available in all versions of SSLeay and
diff --git a/crypto/openssl/doc/crypto/ERR_load_strings.pod b/crypto/openssl/doc/crypto/ERR_load_strings.pod
new file mode 100644
index 0000000..5acdd0e
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_load_strings.pod
@@ -0,0 +1,54 @@
+=head1 NAME
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
+arbitrary error strings
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+ int ERR_get_next_error_library(void);
+ unsigned long ERR_PACK(int lib, int func, int reason);
+ERR_load_strings() registers error strings for library number B<lib>.
+B<str> is an array of error string data:
+ typedef struct ERR_string_data_st
+ {
+ unsigned long error;
+ char *string;
+The error code is generated from the library number and a function and
+reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
+ERR_PACK() is a macro.
+The last entry in the array is {0,0}.
+ERR_get_next_error_library() can be used to assign library numbers
+to user libraries at runtime.
+ERR_load_strings() returns no value. ERR_PACK() return the error code.
+ERR_get_next_error_library() returns a new library number.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+=head1 HISTORY
+ERR_load_error_strings() and ERR_PACK() are available in all versions
+of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
+SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/ERR_print_errors.pod b/crypto/openssl/doc/crypto/ERR_print_errors.pod
new file mode 100644
index 0000000..b100a5f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_print_errors.pod
@@ -0,0 +1,51 @@
+=head1 NAME
+ERR_print_errors, ERR_print_errors_fp - print error messages
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+ERR_print_errors() is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to B<bp>, thus
+emptying the error queue.
+ERR_print_errors_fp() is the same, except that the output goes to a
+The error strings will have the following format:
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+I<error code> is an 8 digit hexadecimal number. I<library name>,
+I<function name> and I<reason string> are ASCII text, as is I<optional
+text message> if one was set for the respective error code.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+ERR_print_errors() and ERR_print_errors_fp() return no values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+=head1 HISTORY
+ERR_print_errors() and ERR_print_errors_fp()
+are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/ERR_put_error.pod b/crypto/openssl/doc/crypto/ERR_put_error.pod
new file mode 100644
index 0000000..acd241f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_put_error.pod
@@ -0,0 +1,44 @@
+=head1 NAME
+ERR_put_error, ERR_add_error_data - record an error
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+ int line);
+ void ERR_add_error_data(int num, ...);
+ERR_put_error() adds an error code to the thread's error queue. It
+signals that the error of reason code B<reason> occurred in function
+B<func> of library B<lib>, in line number B<line> of B<file>.
+This function is usually called by a macro.
+ERR_add_error_data() associates the concatenation of its B<num> string
+arguments with the error code added last.
+L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+ERR_put_error() and ERR_add_error_data() return
+no values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+=head1 HISTORY
+ERR_put_error() is available in all versions of SSLeay and OpenSSL.
+ERR_add_error_data() was added in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/ERR_remove_state.pod b/crypto/openssl/doc/crypto/ERR_remove_state.pod
new file mode 100644
index 0000000..ebcdc0f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ERR_remove_state.pod
@@ -0,0 +1,34 @@
+=head1 NAME
+ERR_remove_state - free a thread's error queue
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_remove_state(unsigned long pid);
+ERR_remove_state() frees the error queue associated with thread B<pid>.
+If B<pid> == 0, the current thread will have its error queue removed.
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in oder to
+avoid memory leaks.
+ERR_remove_state() returns no value.
+=head1 SEE ALSO
+=head1 HISTORY
+ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/EVP_DigestInit.pod b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
new file mode 100644
index 0000000..345b1dd
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
@@ -0,0 +1,197 @@
+=head1 NAME
+EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
+ #define EVP_MD_type(e) ((e)->type)
+ #define EVP_MD_pkey_type(e) ((e)->pkey_type)
+ #define EVP_MD_size(e) ((e)->md_size)
+ #define EVP_MD_block_size(e) ((e)->block_size)
+ #define EVP_MD_CTX_md(e) (e)->digest)
+ #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
+ #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
+ #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
+ EVP_MD *EVP_md_null(void);
+ EVP_MD *EVP_md2(void);
+ EVP_MD *EVP_md5(void);
+ EVP_MD *EVP_sha(void);
+ EVP_MD *EVP_sha1(void);
+ EVP_MD *EVP_dss(void);
+ EVP_MD *EVP_dss1(void);
+ EVP_MD *EVP_mdc2(void);
+ EVP_MD *EVP_ripemd160(void);
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+ #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+The EVP digest routines are a high level interface to message digests.
+EVP_DigestInit() initialises a digest context B<ctx> to use a digest
+B<type>: this will typically be supplied by a function such as
+EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This funtion can be called several times on the
+same B<ctx> to hash additional data.
+EVP_DigestFinal() retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit() can be called to initialiase a new
+digest operation.
+EVP_MD_CTX_copy() can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes.
+EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
+EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
+with this digest. For example EVP_sha1() is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
+algorithms respectively. The associated signature algorithm is RSA in each case.
+EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
+algorithms but using DSS (DSA) for the signature algorithm.
+EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+an ASN1_OBJECT structure respectively. The digest table must be initialised
+using, for example, OpenSSL_add_all_digests() for these functions to work.
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
+EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
+size in bytes.
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+corresponding EVP_MD structures.
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return either an B<EVP_MD> structure or NULL if an error occurs.
+=head1 NOTES
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+SHA1 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+=head1 EXAMPLE
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+ #include <stdio.h>
+ #include <openssl/evp.h>
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+ OpenSSL_add_all_digests();
+ if(!argv[1]) {
+ printf("Usage: mdtest digestname\n");
+ exit(1);
+ }
+ md = EVP_get_digestbyname(argv[1]);
+ if(!md) {
+ printf("Unknown message digest %s\n", argv[1]);
+ exit(1);
+ }
+ EVP_DigestInit(&mdctx, md);
+ EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal(&mdctx, md_value, &md_len);
+ printf("Digest is: ");
+ for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+ printf("\n");
+ }
+=head1 BUGS
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+The link between digests and signing algorithms results in a situation where
+EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
+even though they are identical digests.
+The size of an B<EVP_MD_CTX> structure is determined at compile time: this results
+in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+=head1 HISTORY
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
+available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
new file mode 100644
index 0000000..77ed4cc
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
@@ -0,0 +1,224 @@
+=head1 NAME
+EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char *key, unsigned char *iv);
+ void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl);
+ void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char *key, unsigned char *iv);
+ void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+ int *outl);
+ void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char *key, unsigned char *iv, int enc);
+ void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+ int *outl);
+ void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+ #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+ #define EVP_CIPHER_nid(e) ((e)->nid)
+ #define EVP_CIPHER_block_size(e) ((e)->block_size)
+ #define EVP_CIPHER_key_length(e) ((e)->key_len)
+ #define EVP_CIPHER_iv_length(e) ((e)->iv_len)
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+ #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher)
+ #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid)
+ #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)
+ #define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len)
+ #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len)
+ #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+The EVP cipher routines are a high level interface to certain
+symmetric ciphers.
+EVP_EncryptInit() initialises a cipher context B<ctx> for encryption
+with cipher B<type>. B<type> is normally supplied by a function such
+as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the
+IV to use (if necessary), the actual number of bytes used for the
+key and IV depends on the cipher. It is possible to set all parameters
+to NULL except B<type> in an initial call and supply the remaining
+parameters in subsequent calls. This is normally done when the
+EVP_CIPHER_asn1_to_param() function is called to set the cipher
+parameters from an ASN1 AlgorithmIdentifier and the key from a
+different source.
+EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
+writes the encrypted version to B<out>. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
+room. The actual number of bytes written is placed in B<outl>.
+EVP_EncryptFinal() encrypts the "final" data, that is any data that
+remains in a partial block. It uses L<standard block padding|/NOTES> (aka PKCS
+padding). The encrypted final data is written to B<out> which should
+have sufficient space for one cipher block. The number of bytes written
+is placed in B<outl>. After this function is called the encryption operation
+is finished and no further calls to EVP_EncryptUpdate() should be made.
+EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
+corresponding decryption operations. EVP_DecryptFinal() will return an
+error code if the final block is not correctly formatted. The parameters
+and restrictions are identical to the encryption operations except that
+the decrypted data buffer B<out> passed to EVP_DecryptUpdate() should
+have sufficient room for (B<inl> + cipher_block_size) bytes unless the
+cipher block size is 1 in which case B<inl> bytes is sufficient.
+EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions
+that can be used for decryption or encryption. The operation performed
+depends on the value of the B<enc> parameter. It should be set to 1 for
+encryption and 0 for decryption.
+EVP_CIPHER_CTX_cleanup() clears all information from a cipher context.
+It should be called after all operations using a cipher are complete
+so sensitive information does not remain in memory.
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an EVP_CIPHER structure when passed a cipher name, a NID or an
+ASN1_OBJECT structure.
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
+passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID
+value is an internal value which may not have a corresponding OBJECT
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
+for all ciphers.
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
+It will return zero if the cipher does not use an IV. The constant
+B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
+length for all ciphers.
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
+cipher or context. This "type" is the actual NID of the cipher OBJECT
+IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
+128 bit RC2 have the same NID. If the cipher does not have an object
+identifier or does not have ASN1 support this function will return
+EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+an B<EVP_CIPHER_CTX> structure.
+EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
+on the passed cipher. This will typically include any parameters and an
+IV. The cipher IV (if any) must be set when this call is made. This call
+should be made before the cipher is actually "used" (before any
+EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
+may fail if the cipher does not have any ASN1 support.
+EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
+AlgorithmIdentifier "parameter". The precise effect depends on the cipher
+In the case of RC2, for example, it will set the IV and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example EVP_CipherInit() will be called with the IV and
+key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
+EVP_CipherInit() again with all parameters except the key set to NULL. It is
+possible for this function to fail if the cipher does not have any ASN1 support
+or the parameters cannot be set (for example the RC2 effective key length
+does not have an B<EVP_CIPHER> structure).
+EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return
+EVP_DecryptInit() and EVP_DecryptUpdate() do not return values.
+EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
+EVP_CipherInit() and EVP_CipherUpdate() do not return values.
+EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if
+the operation is encryption then it always returns 1.
+EVP_CIPHER_CTX_cleanup() does not return a value.
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an B<EVP_CIPHER> structure or NULL on error.
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length or zero if the cipher does not use an IV.
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
+OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for
+success or zero for failure.
+=head1 NOTES
+Where possible the B<EVP> interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible.
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size B<n> will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+When decrypting the final block is checked to see if it has the correct form.
+Although the decryption operation can produce an error, it is not a strong
+test that the input data or key is correct. A random block has better than
+1 in 256 chance of being of the correct format and problems with the
+input data earlier on will not produce a final decrypt error.
+=head1 BUGS
+The current B<EVP> cipher interface is not as flexible as it should be. Only
+certain "spot" encryption algorithms can be used for ciphers which have various
+parameters associated with them (RC2, RC5 for example) this is inadequate.
+Several of the functions do not return error codes because the software versions
+can never fail. This is not true of hardware versions.
+=head1 SEE ALSO
+=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/EVP_OpenInit.pod b/crypto/openssl/doc/crypto/EVP_OpenInit.pod
new file mode 100644
index 0000000..9707a4b
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_OpenInit.pod
@@ -0,0 +1,51 @@
+=head1 NAME
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+ int ekl,unsigned char *iv,EVP_PKEY *priv);
+ void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl);
+The EVP envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+EVP_OpenInit() initialises a cipher context B<ctx> for decryption
+with cipher B<type>. It decrypts the encrypted symmetric key of length
+B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+The IV is supplied in the B<iv> parameter.
+EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+EVP_OpenInit() returns -1 on error or an non zero integer (actually the
+recovered secret key size) if successful.
+EVP_SealUpdate() does not return a value.
+EVP_SealFinal() returns 0 if the decrypt failed or 1 for success.
+=head1 SEE ALSO
+=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/EVP_SealInit.pod b/crypto/openssl/doc/crypto/EVP_SealInit.pod
new file mode 100644
index 0000000..1579d11
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_SealInit.pod
@@ -0,0 +1,70 @@
+=head1 NAME
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+ int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+ void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, unsigned char *in, int inl);
+ void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl);
+The EVP envelope routines are a high level interface to envelope
+encryption. They generate a random key and then "envelope" it by
+using public key encryption. Data can then be encrypted using this
+EVP_SealInit() initialises a cipher context B<ctx> for encryption
+with cipher B<type> using a random secret key and IV supplied in
+the B<iv> parameter. B<type> is normally supplied by a function such
+as EVP_des_cbc(). The secret key is encrypted using one or more public
+keys, this allows the same encrypted data to be decrypted using any
+of the corresponding private keys. B<ek> is an array of buffers where
+the public key encrypted secret key will be written, each buffer must
+contain enough room for the corresponding encrypted key: that is
+B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+an array of B<npubk> public keys.
+EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+EVP_SealInit() returns -1 on error or B<npubk> if successful.
+EVP_SealUpdate() and EVP_SealFinal() do not return values.
+=head1 NOTES
+Because a random secret key is generated the random number generator
+must be seeded before calling EVP_SealInit().
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+=head1 SEE ALSO
+=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/EVP_SignInit.pod b/crypto/openssl/doc/crypto/EVP_SignInit.pod
new file mode 100644
index 0000000..bbc9203
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_SignInit.pod
@@ -0,0 +1,85 @@
+=head1 NAME
+EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
+ int EVP_PKEY_size(EVP_PKEY *pkey);
+The EVP signature routines are a high level interface to digital
+EVP_SignInit() initialises a signing context B<ctx> to using digest
+B<type>: this will typically be supplied by a function such as
+EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This funtion can be called several times on the
+same B<ctx> to include additional data.
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
+and places the signature in B<sig>. If the B<s> parameter is not NULL
+then the number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written. After calling EVP_SignFinal() no additional calls to
+EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase
+a new signature operation.
+EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
+signature returned by EVP_SignFinal() may be smaller.
+EVP_SignInit() and EVP_SignUpdate() do not return values.
+EVP_SignFinal() returns 1 for success and 0 for failure.
+EVP_PKEY_size() returns the maximum size of a signature in bytes.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in
+When signing with DSA private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for RSA signatures.
+=head1 BUGS
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+=head1 SEE ALSO
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+=head1 HISTORY
+EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
+available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/EVP_VerifyInit.pod b/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
new file mode 100644
index 0000000..3b5e07f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
@@ -0,0 +1,71 @@
+=head1 NAME
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+The EVP signature verification routines are a high level interface to digital
+EVP_VerifyInit() initialises a verification context B<ctx> to using digest
+B<type>: this will typically be supplied by a function such as EVP_sha1().
+EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This funtion can be called several times on the
+same B<ctx> to include additional data.
+EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
+and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
+no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
+can be called to initialiase a new verification operation.
+EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.
+EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
+other error occurred.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in
+=head1 BUGS
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+=head1 SEE ALSO
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+=head1 HISTORY
+EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
+available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
new file mode 100644
index 0000000..b0b1058
--- /dev/null
+++ b/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -0,0 +1,46 @@
+=head1 NAME
+OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number
+=head1 SYNOPSIS
+ #include <openssl/opensslv.h>
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+ #include <openssl/crypto.h>
+ long SSLeay(void);
+OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+ MMNNFFRBB major minor fix final beta/patch
+for example
+ 0x000904100 == 0.9.4 release
+ 0x000905000 == 0.9.5 dev
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
+SSLeay() returns this number. The return value can be compared to the
+macro to make sure that the correct version of the library has been
+loaded, especially when using DLLs on Windows systems.
+The version number.
+=head1 SEE ALSO
+=head1 HISTORY
+SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
+OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
diff --git a/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod b/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
new file mode 100644
index 0000000..1300fe1
--- /dev/null
+++ b/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -0,0 +1,65 @@
+=head1 NAME
+OpenSSL_add_all_algorithms() - add algorithms to internal table
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+ void EVP_cleanup(void);
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as EVP_get_cipher_byname().
+OpenSSL_add_all_digests() adds all digest algorithms to the table.
+OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
+OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
+password based encryption algorithms.
+EVP_cleanup() removes all ciphers and digests from the table.
+None of the functions return a value.
+=head1 NOTES
+A typical application will will call OpenSSL_add_all_algorithms() initially and
+EVP_cleanup() before exiting.
+An application does not need to add algorithms to use them explicitly, for example
+by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialised several functions will misbehave and complain they
+cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+=head1 BUGS
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
diff --git a/crypto/openssl/doc/crypto/RAND_add.pod b/crypto/openssl/doc/crypto/RAND_add.pod
new file mode 100644
index 0000000..67c66f3
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RAND_add.pod
@@ -0,0 +1,77 @@
+=head1 NAME
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ void RAND_seed(const void *buf, int num);
+ void RAND_add(const void *buf, int num, double entropy);
+ int RAND_status(void);
+ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
+RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
+if the data at B<buf> are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the PRNG output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+B<entropy> argument is (the lower bound of) an estimate of how much
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
+RAND_add() may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the PRNG output.
+OpenSSL makes sure that the PRNG state is unique for each thread. On
+systems that provide C</dev/urandom>, the randomness device is used
+to seed the PRNG transparently. However, on all other systems, the
+application is responsible for seeding the PRNG by calling RAND_add(),
+or L<RAND_load_file(3)|RAND_load_file(3)>.
+RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+RAND_event() collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the PRNG. The program can then
+process the messages as usual.
+The RAND_screen() function is available for the convenience of Windows
+programmers. It adds the current contents of the screen to the PRNG.
+For applications that can catch Windows events, seeding the PRNG by
+calling RAND_event() is a significantly better source of
+randomness. It should be noted that both methods cannot be used on
+servers that run without user interaction.
+RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+with enough data, 0 otherwise.
+The other functions do not return values.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+=head1 HISTORY
+RAND_seed() and RAND_screen() are available in all versions of SSLeay
+and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
+0.9.5, RAND_event() in OpenSSL 0.9.5a.
diff --git a/crypto/openssl/doc/crypto/RAND_bytes.pod b/crypto/openssl/doc/crypto/RAND_bytes.pod
new file mode 100644
index 0000000..b6ebd50
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RAND_bytes.pod
@@ -0,0 +1,46 @@
+=head1 NAME
+RAND_bytes, RAND_pseudo_bytes - generate random data
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ int RAND_bytes(unsigned char *buf, int num);
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return -1 if they are not supported by the current RAND
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+=head1 HISTORY
+RAND_bytes() is available in all versions of SSLeay and OpenSSL. It
+has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
+in OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/RAND_cleanup.pod b/crypto/openssl/doc/crypto/RAND_cleanup.pod
new file mode 100644
index 0000000..3a8f074
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RAND_cleanup.pod
@@ -0,0 +1,29 @@
+=head1 NAME
+RAND_cleanup - erase the PRNG state
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ void RAND_cleanup(void);
+RAND_cleanup() erases the memory used by the PRNG.
+RAND_cleanup() returns no value.
+=head1 SEE ALSO
+=head1 HISTORY
+RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/RAND_egd.pod b/crypto/openssl/doc/crypto/RAND_egd.pod
new file mode 100644
index 0000000..a40bd96
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RAND_egd.pod
@@ -0,0 +1,38 @@
+=head1 NAME
+RAND_egd - query entropy gathering daemon
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ int RAND_egd(const char *path);
+RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
+EGD is available from (C<perl
+Makefile.PL; make; make install> to install). It is run as B<egd>
+I<path>, where I<path> is an absolute path designating a socket. When
+RAND_egd() is called with that path as an argument, it tries to read
+random bytes that EGD has collected. The read is performed in
+non-blocking mode.
+RAND_egd() returns the number of bytes read from the daemon on
+success, and -1 if the connection failed or the daemon did not return
+enough data to fully seed the PRNG.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+=head1 HISTORY
+RAND_egd() is available since OpenSSL 0.9.5.
diff --git a/crypto/openssl/doc/crypto/RAND_load_file.pod b/crypto/openssl/doc/crypto/RAND_load_file.pod
new file mode 100644
index 0000000..8dd700c
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RAND_load_file.pod
@@ -0,0 +1,53 @@
+=head1 NAME
+RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ const char *RAND_file_name(char *buf, int num);
+ int RAND_load_file(const char *filename, long max_bytes);
+ int RAND_write_file(const char *filename);
+RAND_file_name() generates a default path for the random seed
+file. B<buf> points to a buffer of size B<num> in which to store the
+filename. The seed file is $RANDFILE if that environment variable is
+set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
+too small for the path name, an error occurs.
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
+if B<max_bytes> is -1, the complete file is read.
+RAND_write_file() writes a number of random bytes (currently 1024) to
+file B<filename> which can be used to initialize the PRNG by calling
+RAND_load_file() in a later session.
+RAND_load_file() returns the number of bytes read.
+RAND_write_file() returns the number of bytes written, and -1 if the
+bytes written were generated without appropriate seed.
+RAND_file_name() returns a pointer to B<buf> on success, and NULL on
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+=head1 HISTORY
+RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
+all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
new file mode 100644
index 0000000..464eba4
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
@@ -0,0 +1,59 @@
+=head1 NAME
+RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ void RAND_set_rand_method(RAND_METHOD *meth);
+ RAND_METHOD *RAND_get_rand_method(void);
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
+number generation. By modifying the method, alternative
+implementations such as hardware RNGs may be used. Initially, the
+default is to use the OpenSSL internal implementation. RAND_SSLeay()
+returns a pointer to that method.
+RAND_set_rand_method() sets the RAND method to B<meth>.
+RAND_get_rand_method() returns a pointer to the current method.
+ typedef struct rand_meth_st
+ {
+ void (*seed)(const void *buf, int num);
+ int (*bytes)(unsigned char *buf, int num);
+ void (*cleanup)(void);
+ void (*add)(const void *buf, int num, int entropy);
+ int (*pseudorand)(unsigned char *buf, int num);
+ int (*status)(void);
+The components point to the implementation of RAND_seed(),
+RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
+and RAND_status().
+Each component may be NULL if the function is not implemented.
+RAND_set_rand_method() returns no value. RAND_get_rand_method() and
+RAND_SSLeay() return pointers to the respective methods.
+=head1 SEE ALSO
+=head1 HISTORY
+RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
+available in all versions of OpenSSL.
diff --git a/crypto/openssl/doc/crypto/RSA_blinding_on.pod b/crypto/openssl/doc/crypto/RSA_blinding_on.pod
new file mode 100644
index 0000000..fd2c69a
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_blinding_on.pod
@@ -0,0 +1,43 @@
+=head1 NAME
+RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+RSA is vulnerable to timing attacks. In a setup where attackers can
+measure the time of RSA decryption or signature operations, blinding
+must be used to protect the RSA operation from that attack.
+RSA_blinding_on() turns blinding on for key B<rsa> and generates a
+random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+initialized B<BN_CTX>. The random number generator must be seeded
+prior to calling RSA_blinding_on().
+RSA_blinding_off() turns blinding off and frees the memory used for
+the blinding factor.
+RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+RSA_blinding_off() returns no value.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
+=head1 HISTORY
+RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/RSA_check_key.pod b/crypto/openssl/doc/crypto/RSA_check_key.pod
new file mode 100644
index 0000000..79fed75
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_check_key.pod
@@ -0,0 +1,39 @@
+=head1 NAME
+RSA_check_key - validate private RSA keys
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_check_key(RSA *rsa);
+This function validates RSA keys. It checks that B<p> and B<q> are
+in fact prime, and that B<n = p*q>.
+It also checks that B<d*e = 1 mod (p-1*q-1)>,
+and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+The key's public components may not be B<NULL>.
+RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+-1 is returned if an error occurs while checking the key.
+If the key is invalid or an error occurred, the reason code can be
+obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+=head1 HISTORY
+RSA_check() appeared in OpenSSL 0.9.4.
diff --git a/crypto/openssl/doc/crypto/RSA_generate_key.pod b/crypto/openssl/doc/crypto/RSA_generate_key.pod
new file mode 100644
index 0000000..fdaddbc
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_generate_key.pod
@@ -0,0 +1,68 @@
+=head1 NAME
+RSA_generate_key - generate RSA key pair
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ RSA *RSA_generate_key(int num, unsigned long e,
+ void (*callback)(int,int,void *), void *cb_arg);
+RSA_generate_key() generates a key pair and returns it in a newly
+allocated B<RSA> structure. The pseudo-random number generator must
+be seeded prior to calling RSA_generate_key().
+The modulus size will be B<num> bits, and the public exponent will be
+B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+The exponent is an odd number, typically 3 or 65535.
+A callback function may be used to provide feedback about the
+progress of the key generation. If B<callback> is not B<NULL>, it
+will be called as follows:
+=over 4
+=item *
+While a random prime number is generated, it is called as
+described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
+=item *
+When the n-th randomly generated prime is rejected as not
+suitable for the key, B<callback(2, n, cb_arg)> is called.
+=item *
+When a random p has been found with p-1 relatively prime to B<e>,
+it is called as B<callback(3, 0, cb_arg)>.
+The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
+If key generation fails, RSA_generate_key() returns B<NULL>; the
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+B<callback(2, x, cb_arg)> is used with two different meanings.
+RSA_generate_key() goes into an infinite loop for illegal input values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+=head1 HISTORY
+The B<cb_arg> argument was added in SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod b/crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod
new file mode 100644
index 0000000..920dc76
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod
@@ -0,0 +1,122 @@
+=head1 NAME
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+ int RSA_set_ex_data(RSA *r, int idx, void *arg);
+ void *RSA_get_ex_data(RSA *r, int idx);
+ int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+ void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+ int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+ int idx, long argl, void *argp);
+Several OpenSSL structures can have application specific data attached to them.
+This has several potential uses, it can be used to cache data associated with
+a structure (for example the hash of some part of the structure) or some
+additional data (for example a handle to the data in an external library).
+Since the application data can be anything at all it is passed and retrieved
+as a B<void *> type.
+The B<RSA_get_ex_new_index()> function is initially called to "register" some
+new application specific data. It takes three optional function pointers which
+are called when the parent structure (in this case an RSA structure) is
+initially created, when it is copied and when it is freed up. If any or all of
+these function pointer arguments are not used they should be set to NULL. The
+precise manner in which these function pointers are called is described in more
+detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
+parameters which will be passed to the supplied functions but which otherwise
+have no special meaning. It returns an B<index> which should be stored
+(typically in a static variable) and passed used in the B<idx> parameter in
+the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
+will return an index greater than any previously returned, this is important
+because the optional functions are called in order of increasing index value.
+B<RSA_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+B<RSA_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<RSA_set_ex_data()> call.
+B<new_func()> is called when a structure is initially allocated (for example
+with B<RSA_new()>. The parent structure members will not have any meaningful
+values at this point. This function will typically be used to allocate any
+application specific structure.
+B<free_func()> is called when a structure is being freed up. The dynamic parent
+structure members should not be accessed because they will be freed up when
+this function is called.
+B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
+pointer to the parent RSA structure. B<ptr> is a the application specific data
+(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
+B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
+B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
+it. The B<idx> parameter is the index: this will be the same value returned by
+B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
+the B<argl> and B<argp> parameters are the values originally passed to the same
+corresponding parameters when B<RSA_get_ex_new_index()> was called.
+B<dup_func()> is called when a structure is being copied. Pointers to the
+destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
+B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
+the source application data when the function is called, when the function returns
+the value is copied to the destination: the application can thus modify the data
+pointed to by B<from_d> and have different values in the source and destination.
+The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
+and B<free_func()>.
+B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
+index value).
+B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
+B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+B<dup_func()> is currently never called.
+The return value of B<new_func()> is ignored.
+The B<new_func()> function isn't very useful because no meaningful values are
+present in the parent RSA structure when it is called.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+=head1 HISTORY
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
+available since SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/RSA_new.pod b/crypto/openssl/doc/crypto/RSA_new.pod
new file mode 100644
index 0000000..f16490e
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_new.pod
@@ -0,0 +1,38 @@
+=head1 NAME
+RSA_new, RSA_free - allocate and free RSA objects
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+RSA_new() allocates and initializes an B<RSA> structure.
+RSA_free() frees the B<RSA> structure and its components. The key is
+erased before the memory is returned to the system.
+If the allocation fails, RSA_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+RSA_free() returns no value.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)>
+=head1 HISTORY
+RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
new file mode 100644
index 0000000..b8f678f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -0,0 +1,124 @@
+=head1 NAME
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+ unsigned char *f, int fl, unsigned char *p, int pl);
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+ int RSA_padding_add_none(unsigned char *to, int tlen,
+ unsigned char *f, int fl);
+ int RSA_padding_check_none(unsigned char *to, int tlen,
+ unsigned char *f, int fl, int rsa_len);
+The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
+RSA_padding_check_PKCS1_OAEP() may be used in an application combined
+with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
+RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
+B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
+does not meet the size requirements of the encoding method.
+The following encoding methods are implemented:
+=over 4
+=item PKCS1_type_1
+PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
+=item PKCS1_type_2
+PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
+=item PKCS1_OAEP
+PKCS #1 v2.0 EME-OAEP
+=item SSLv23
+PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
+=item none
+simply copy the data
+The random number generator must be seeded prior to calling
+RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
+a valid encoding for a B<rsa_len> byte RSA key in the respective
+encoding method and stores the recovered data of at most B<tlen> bytes
+(for B<RSA_NO_PADDING>: of size B<tlen>)
+at B<to>.
+For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
+of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
+The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
+The RSA_padding_check_xxx() functions return the length of the
+recovered data, -1 on error. Error codes can be obtained by calling
+=head1 SEE ALSO
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+=head1 HISTORY
+RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
+RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
+RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
+RSA_padding_add_none() and RSA_padding_check_none() appeared in
+SSLeay 0.9.0.
+RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
+added in OpenSSL 0.9.2b.
diff --git a/crypto/openssl/doc/crypto/RSA_print.pod b/crypto/openssl/doc/crypto/RSA_print.pod
new file mode 100644
index 0000000..dd968a5
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_print.pod
@@ -0,0 +1,48 @@
+=head1 NAME
+RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print
+cryptographic parameters
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+ #include <openssl/dsa.h>
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
+ #include <openssl/dh.h>
+ int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
+A human-readable hexadecimal output of the components of the RSA
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
+The output lines are indented by B<offset> spaces.
+These functions return 1 on success, 0 on error.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+=head1 HISTORY
+RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
+DH_print_fp() are available in all versions of SSLeay and OpenSSL.
+DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
new file mode 100644
index 0000000..6861a98
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
@@ -0,0 +1,69 @@
+=head1 NAME
+RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+These functions handle RSA signatures at a low level.
+RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
+message digest with an algorithm identifier) using the private key
+B<rsa> and stores the signature in B<to>. B<to> must point to
+B<RSA_size(rsa)> bytes of memory.
+B<padding> denotes one of the following modes:
+=over 4
+PKCS #1 v1.5 padding. This function does not handle the
+B<algorithmIdentifier> specified in PKCS #1. When generating or
+verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
+Raw RSA signature. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with RSA is insecure.
+RSA_public_decrypt() recovers the message digest from the B<flen>
+bytes long signature at B<from> using the signer's public key
+B<rsa>. B<to> must point to a memory section large enough to hold the
+message digest (which is smaller than B<RSA_size(rsa) -
+11>). B<padding> is the padding mode that was used to sign the data.
+RSA_private_encrypt() returns the size of the signature (i.e.,
+RSA_size(rsa)). RSA_public_decrypt() returns the size of the
+recovered message digest.
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+=head1 HISTORY
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
new file mode 100644
index 0000000..910c475
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
@@ -0,0 +1,86 @@
+=head1 NAME
+RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
+session key) using the public key B<rsa> and stores the ciphertext in
+B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
+B<padding> denotes one of the following modes:
+=over 4
+PKCS #1 v1.5 padding. This currently is the most widely used mode.
+EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
+encoding parameter. This mode is recommended for all new applications.
+PKCS #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is SSL3 capable.
+Raw RSA encryption. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with RSA is insecure.
+B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+based padding modes, and less than RSA_size(B<rsa>) - 21 for
+RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded
+prior to calling RSA_public_encrypt().
+RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
+private key B<rsa> and stores the plaintext in B<to>. B<to> must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
+was used to encrypt the data.
+RSA_public_encrypt() returns the size of the encrypted data (i.e.,
+RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
+recovered plaintext.
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+SSL, PKCS #1 v2.0
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+=head1 NOTES
+The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode.
+=head1 HISTORY
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
diff --git a/crypto/openssl/doc/crypto/RSA_set_method.pod b/crypto/openssl/doc/crypto/RSA_set_method.pod
new file mode 100644
index 0000000..14b0b4c
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_set_method.pod
@@ -0,0 +1,154 @@
+=head1 NAME
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref,
+RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ void RSA_set_default_method(RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(RSA *rsa);
+ RSA *RSA_new_method(RSA_METHOD *method);
+An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used.
+Initially, the default is to use the OpenSSL internal implementation,
+unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL>
+options. RSA_PKCS1_SSLeay() returns a pointer to that method.
+RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref
+library. This is the default method in the C<rsaref> configuration;
+the function is not available in other configurations.
+RSA_null_method() returns a pointer to a method that does not support
+the RSA transformation. It is the default if OpenSSL is compiled with
+C<-DRSA_NULL>. These methods may be useful in the USA because of a
+patent on the RSA cryptosystem.
+RSA_set_default_method() makes B<meth> the default method for all B<RSA>
+structures created later.
+RSA_get_default_method() returns a pointer to the current default
+RSA_set_method() selects B<meth> for all operations using the key
+RSA_get_method() returns a pointer to the method currently selected
+for B<rsa>.
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+RSA_new_method() allocates and initializes an B<RSA> structure so that
+B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+the default method is used.
+ typedef struct rsa_meth_st
+ {
+ /* name of the implementation */
+ const char *name;
+ /* encrypt */
+ int (*rsa_pub_enc)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ /* verify arbitrary data */
+ int (*rsa_pub_dec)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ /* sign arbitrary data */
+ int (*rsa_priv_enc)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ /* decrypt */
+ int (*rsa_priv_dec)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
+ implementations) */
+ int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+ /* compute r = a ^ p mod m (May be NULL for some implementations) */
+ int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ /* called at RSA_new */
+ int (*init)(RSA *rsa);
+ /* called at RSA_free */
+ int (*finish)(RSA *rsa);
+ /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
+ * operations, even if p,q,dmp1,dmq1,iqmp
+ * are NULL
+ * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify
+ * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+ */
+ int flags;
+ char *app_data; /* ?? */
+ /* sign. For backward compatibility, this is used only
+ * if (flags & RSA_FLAG_SIGN_VER)
+ */
+ int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ /* verify. For backward compatibility, this is used only
+ * if (flags & RSA_FLAG_SIGN_VER)
+ */
+ int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
+RSA_get_default_method() and RSA_get_method() return pointers to the
+respective B<RSA_METHOD>s.
+RSA_set_default_method() returns no value.
+RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
+associated with B<rsa>.
+RSA_new_method() returns B<NULL> and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
+=head1 HISTORY
+RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
+RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
+well as the rsa_sign and rsa_verify components of RSA_METHOD were
+added in OpenSSL 0.9.4.
diff --git a/crypto/openssl/doc/crypto/RSA_sign.pod b/crypto/openssl/doc/crypto/RSA_sign.pod
new file mode 100644
index 0000000..f0bf6ee
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_sign.pod
@@ -0,0 +1,62 @@
+=head1 NAME
+RSA_sign, RSA_verify - RSA signatures
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+RSA_sign() signs the message digest B<m> of size B<m_len> using the
+private key B<rsa> as specified in PKCS #1 v2.0. It stores the
+signature in B<sigret> and the signature size in B<siglen>. B<sigret>
+must point to RSA_size(B<rsa>) bytes of memory.
+B<type> denotes the message digest algorithm that was used to generate
+B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
+see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
+an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
+and no algorithm identifier) is created.
+RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<m> of size B<m_len>. B<type> denotes
+the message digest algorithm that was used to generate the signature.
+B<rsa> is the signer's public key.
+RSA_sign() returns 1 on success, 0 otherwise. RSA_verify() returns 1
+on successful verification, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+Certain signatures with an improper algorithm identifier are accepted
+for compatibility with SSLeay 0.4.5 :-)
+SSL, PKCS #1 v2.0
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
+=head1 HISTORY
+RSA_sign() and RSA_verify() are available in all versions of SSLeay
+and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
new file mode 100644
index 0000000..df9ceb3
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -0,0 +1,59 @@
+=head1 NAME
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+ RSA *rsa);
+RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
+B<m_len> using the private key B<rsa> represented in DER using PKCS #1
+padding. It stores the signature in B<sigret> and the signature size
+in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
+B<dummy> is ignored.
+The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
+RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
+of size B<siglen> is the DER representation of a given octet string
+B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
+public key.
+RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
+RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+These functions serve no recognizable purpose.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+=head1 HISTORY
+RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
+added in SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/RSA_size.pod b/crypto/openssl/doc/crypto/RSA_size.pod
new file mode 100644
index 0000000..b36b4d5
--- /dev/null
+++ b/crypto/openssl/doc/crypto/RSA_size.pod
@@ -0,0 +1,33 @@
+=head1 NAME
+RSA_size - get RSA modulus size
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_size(RSA *rsa);
+This function returns the RSA modulus size in bytes. It can be used to
+determine how much memory must be allocated for an RSA encrypted
+B<rsa-E<gt>n> must not be B<NULL>.
+The size in bytes.
+=head1 SEE ALSO
+=head1 HISTORY
+RSA_size() is available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/blowfish.pod b/crypto/openssl/doc/crypto/blowfish.pod
new file mode 100644
index 0000000..e0b7774
--- /dev/null
+++ b/crypto/openssl/doc/crypto/blowfish.pod
@@ -0,0 +1,109 @@
+=head1 NAME
+blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
+=head1 SYNOPSIS
+ #include <openssl/blowfish.h>
+ void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+ void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ BF_KEY *key, int enc);
+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, BF_KEY *schedule, unsigned char *ivec, int enc);
+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, BF_KEY *schedule, unsigned char *ivec, int *num,
+ int enc);
+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+ const char *BF_options(void);
+This library implements the Blowfish cipher, which is invented and described
+by Counterpane (see ).
+Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+It uses a variable size key, but typically, 128 bit (16 byte) keys are
+a considered good for strong encryption. Blowfish can be used in the same
+modes as DES (see L<des_modes(7)|des_modes(7)>). Blowfish is currently one
+of the faster block ciphers. It is quite a bit faster than DES, and much
+faster than IDEA or RC2.
+Blowfish consists of a key setup phase and the actual encryption or decryption
+BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
+at B<data>.
+BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
+encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
+B<data>, using the key B<key>. These functions should not be used unless you
+implement 'modes' of Blowfish.
+BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
+It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
+putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
+B<in> and B<out> must be 64 bits in length, no less. If they are larger,
+everything after the first 64 bits is ignored.
+The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
+all operate on variable length data. They all take an initialisation vector
+B<ivec> which needs to be passed along into the next call of the same function
+for the same message. B<ivec> may be initialised with anything, but the
+recipient needs to know what it was initialised with, or it won't be able
+to decrypt. Some programs and protocols simplify this, like SSH, where
+B<ivec> is simply initialised to zero.
+BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while
+BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+number of bytes (the amount does not have to be an exact multiple of 8). The
+purpose of the latter two is to simulate stream ciphers, and therefore, they
+need the parameter B<num>, which is a pointer to an integer where the current
+offset in B<ivec> is stored between calls. This integer must be initialised
+to zero when B<ivec> is initialised.
+BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
+encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
+putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
+decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
+long initialisation vector.
+BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
+It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
+putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
+8 byte long initialisation vector. B<num> must point at an integer which must
+be initially zero.
+BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
+It uses the same parameters as BF_cfb64_encrypt(), which must be initialised
+the same way.
+None of the functions presented here return any value.
+=head1 NOTE
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling the
+blowfish functions directly.
+=head1 SEE ALSO
+=head1 HISTORY
+The Blowfish functions are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/bn.pod b/crypto/openssl/doc/crypto/bn.pod
new file mode 100644
index 0000000..1504a1c
--- /dev/null
+++ b/crypto/openssl/doc/crypto/bn.pod
@@ -0,0 +1,148 @@
+=head1 NAME
+bn - multiprecision integer arithmetics
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BIGNUM *BN_new(void);
+ void BN_free(BIGNUM *a);
+ void BN_init(BIGNUM *);
+ void BN_clear(BIGNUM *a);
+ void BN_clear_free(BIGNUM *a);
+ BN_CTX *BN_CTX_new(void);
+ void BN_CTX_init(BN_CTX *c);
+ void BN_CTX_free(BN_CTX *c);
+ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+ BIGNUM *BN_dup(const BIGNUM *a);
+ int BN_num_bytes(const BIGNUM *a);
+ int BN_num_bits(const BIGNUM *a);
+ int BN_num_bits_word(BN_ULONG w);
+ int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+ BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+ BIGNUM *BN_value_one(void);
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+ BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ int BN_is_prime(const BIGNUM *p, int nchecks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+ int BN_is_bit_set(const BIGNUM *a, int n);
+ int BN_mask_bits(BIGNUM *a, int n);
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx);
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+This library performs arithmetic operations on integers of arbitrary
+size. It was written for use in public key cryptography, such as RSA
+and Diffie-Hellman.
+It uses dynamic memory allocation for storing its data structures.
+That means that there is no limit on the size of the numbers
+manipulated by these functions, but return values must always be
+checked in case a memory allocation error has occurred.
+The basic object in this library is a B<BIGNUM>. It is used to hold a
+single large integer. This type should be considered opaque and fields
+should not be modified or accessed directly.
+The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
+L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
+Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
+describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
+random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
+numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
+of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
+L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
+L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
+L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
diff --git a/crypto/openssl/doc/crypto/bn_internal.pod b/crypto/openssl/doc/crypto/bn_internal.pod
new file mode 100644
index 0000000..5af0c79
--- /dev/null
+++ b/crypto/openssl/doc/crypto/bn_internal.pod
@@ -0,0 +1,225 @@
+=head1 NAME
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+library internal functions
+=head1 SYNOPSIS
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+ BN_ULONG w);
+ void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+ int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+ int num);
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+ int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int tn, int n, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n2, BN_ULONG *tmp);
+ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
+ int n2, BN_ULONG *tmp);
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+ void bn_check_top(BIGNUM *a);
+ void bn_print(BIGNUM *a);
+ void bn_dump(BN_ULONG *d, int n);
+ void bn_set_max(BIGNUM *a);
+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+=head2 The BIGNUM structure
+ typedef struct bignum_st
+ {
+ int top; /* index of last used d (most significant word) */
+ BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */
+ int max; /* size of the d array */
+ int neg; /* sign */
+The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s,
+least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size (B<BITS2>), depending on the 'number of bits' specified in
+B<max> is the size of the B<d> array that has been allocated. B<top>
+is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and B<neg> is 1 if the number is negative. When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution. Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+=head2 Low-level arithmetic operations
+These functions are implemented in C and for several platforms in
+assembly language:
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
+by B<d> and returns the result.
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
+result in B<r>.
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
+result in B<r>.
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+The following functions are implemented in C:
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>. It computes B<a>*B<b> and places the result in B<r>.
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> und B<b>. It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2>
+word arrays B<a> and B<b> and the 2*B<n2> word arrays B<r> and B<t>.
+B<n2> must be a power of 2. It computes B<a>*B<b> and places the
+result in B<r>.
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<tn>, B<n>, B<tmp>) operates
+on the B<n>+B<tn> word arrays B<a> and B<b> and the 4*B<n> word arrays
+B<r> and B<tmp>.
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
+array B<tmp>.
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_lcl.h>.
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+=head2 Size changes
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number. bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number. If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data. They return B<NULL> on error, B<b> otherwise.
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant non-zero word when B<a> has shrunk.
+=head2 Debugging
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>max)>. A violation will cause the program to abort.
+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+(in reverse order, i.e. most significant word first) to stderr.
+bn_set_max() makes B<a> a static number with a B<max> of its current size.
+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+B<BIGNUM> that contains the B<n> low or high words of B<a>.
+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+and bn_set_max() are defined as empty macros.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/crypto/buffer.pod b/crypto/openssl/doc/crypto/buffer.pod
new file mode 100644
index 0000000..7088f51
--- /dev/null
+++ b/crypto/openssl/doc/crypto/buffer.pod
@@ -0,0 +1,73 @@
+=head1 NAME
+BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
+character arrays structure
+=head1 SYNOPSIS
+ #include <openssl/buffer.h>
+ BUF_MEM *BUF_MEM_new(void);
+ void BUF_MEM_free(BUF_MEM *a);
+ int BUF_MEM_grow(BUF_MEM *str, int len);
+ char * BUF_strdup(const char *str);
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+The library uses the BUF_MEM structure defined in buffer.h:
+ typedef struct buf_mem_st
+ {
+ int length; /* current number of bytes */
+ char *data;
+ int max; /* size of buffer */
+ } BUF_MEM;
+B<length> is the current size of the buffer in bytes, B<max> is the amount of
+memory allocated to the buffer. There are three functions which handle these
+and one "miscellaneous" function.
+BUF_MEM_new() allocates a new buffer of zero size.
+BUF_MEM_free() frees up an already existing buffer. The data is zeroed
+before freeing up in case the buffer contains sensitive data.
+BUF_MEM_grow() changes the size of an already existing buffer to
+B<len>. Any data already in the buffer is preserved if it increases in
+BUF_strdup() copies a null terminated string into a block of allocated
+memory and returns a pointer to the allocated block.
+Unlike the standard C library strdup() this function uses Malloc() and so
+should be used in preference to the standard library strdup() because it can
+be used for memory leak checking or replacing the malloc() function.
+The memory allocated from BUF_strdup() should be freed up using the Free()
+BUF_MEM_new() returns the buffer or NULL on error.
+BUF_MEM_free() has no return value.
+BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
+=head1 SEE ALSO
+=head1 HISTORY
+BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
+versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/crypto.pod b/crypto/openssl/doc/crypto/crypto.pod
new file mode 100644
index 0000000..4b9ceac
--- /dev/null
+++ b/crypto/openssl/doc/crypto/crypto.pod
@@ -0,0 +1,67 @@
+=head1 NAME
+crypto - OpenSSL cryptographic library
+=head1 SYNOPSIS
+The OpenSSL B<crypto> library implements a wide range of cryptographic
+algorithms used in various Internet standards. The services provided
+by this library are used by the OpenSSL implementations of SSL, TLS
+and S/MIME, and they have also been used to implement SSH, OpenPGP, and
+other cryptographic standards.
+=head1 OVERVIEW
+B<libcrypto> consists of a number of sub-libraries that implement the
+individual algorithms.
+The functionality includes symmetric encryption, public key
+cryptography and key agreement, certificate handling, cryptographic
+hash functions and a cryptographic pseudo-random number generator.
+=over 4
+L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
+L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)>
+L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rsa(3)|rsa(3)>
+L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
+L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>,
+L<ripemd(3)|ripemd(3)>, L<sha(3)|sha(3)>
+L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>
+L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>,
+L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)>
+L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>,
+L<objects(3)|objects(3)>, L<stack(3)|stack(3)>,
+=head1 SEE ALSO
+L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)>
diff --git a/crypto/openssl/doc/crypto/d2i_DHparams.pod b/crypto/openssl/doc/crypto/d2i_DHparams.pod
new file mode 100644
index 0000000..a6d1743
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_DHparams.pod
@@ -0,0 +1,30 @@
+=head1 NAME
+d2i_DHparams, i2d_DHparams - ...
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+=head1 SEE ALSO
+=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
new file mode 100644
index 0000000..ff4d0d5
--- /dev/null
+++ b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
@@ -0,0 +1,39 @@
+=head1 NAME
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ...
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+ int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+ RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+=head1 SEE ALSO
+=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/des.pod b/crypto/openssl/doc/crypto/des.pod
new file mode 100644
index 0000000..c553210
--- /dev/null
+++ b/crypto/openssl/doc/crypto/des.pod
@@ -0,0 +1,376 @@
+=head1 NAME
+des_random_key, des_set_key, des_key_sched, des_set_key_checked,
+des_set_key_unchecked, des_set_odd_parity, des_is_weak_key,
+des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt,
+des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt,
+des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt,
+des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt,
+des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt,
+des_read_password, des_read_2passwords, des_read_pw_string,
+des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys,
+des_fcrypt, des_crypt, des_enc_read, des_enc_write - DES encryption
+=head1 SYNOPSIS
+ #include <openssl/des.h>
+ void des_random_key(des_cblock *ret);
+ int des_set_key(const_des_cblock *key, des_key_schedule schedule);
+ int des_key_sched(const_des_cblock *key, des_key_schedule schedule);
+ int des_set_key_checked(const_des_cblock *key,
+ des_key_schedule schedule);
+ void des_set_key_unchecked(const_des_cblock *key,
+ des_key_schedule schedule);
+ void des_set_odd_parity(des_cblock *key);
+ int des_is_weak_key(const_des_cblock *key);
+ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
+ des_key_schedule ks, int enc);
+ void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output,
+ des_key_schedule ks1, des_key_schedule ks2, int enc);
+ void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+ des_key_schedule ks1, des_key_schedule ks2,
+ des_key_schedule ks3, int enc);
+ void des_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, des_key_schedule schedule, des_cblock *ivec,
+ int enc);
+ void des_cfb_encrypt(const unsigned char *in, unsigned char *out,
+ int numbits, long length, des_key_schedule schedule,
+ des_cblock *ivec, int enc);
+ void des_ofb_encrypt(const unsigned char *in, unsigned char *out,
+ int numbits, long length, des_key_schedule schedule,
+ des_cblock *ivec);
+ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, des_key_schedule schedule, des_cblock *ivec,
+ int enc);
+ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, des_key_schedule schedule, des_cblock *ivec,
+ int *num, int enc);
+ void des_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, des_key_schedule schedule, des_cblock *ivec,
+ int *num);
+ void des_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, des_key_schedule schedule, des_cblock *ivec,
+ const_des_cblock *inw, const_des_cblock *outw, int enc);
+ void des_ede2_cbc_encrypt(const unsigned char *input,
+ unsigned char *output, long length, des_key_schedule ks1,
+ des_key_schedule ks2, des_cblock *ivec, int enc);
+ void des_ede2_cfb64_encrypt(const unsigned char *in,
+ unsigned char *out, long length, des_key_schedule ks1,
+ des_key_schedule ks2, des_cblock *ivec, int *num, int enc);
+ void des_ede2_ofb64_encrypt(const unsigned char *in,
+ unsigned char *out, long length, des_key_schedule ks1,
+ des_key_schedule ks2, des_cblock *ivec, int *num);
+ void des_ede3_cbc_encrypt(const unsigned char *input,
+ unsigned char *output, long length, des_key_schedule ks1,
+ des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec,
+ int enc);
+ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+ long length, des_key_schedule ks1, des_key_schedule ks2,
+ des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
+ int enc);
+ void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, des_key_schedule ks1, des_key_schedule ks2,
+ des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
+ void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, des_key_schedule ks1,
+ des_key_schedule ks2, des_key_schedule ks3,
+ des_cblock *ivec, int *num);
+ int des_read_password(des_cblock *key, const char *prompt, int verify);
+ int des_read_2passwords(des_cblock *key1, des_cblock *key2,
+ const char *prompt, int verify);
+ int des_read_pw_string(char *buf, int length, const char *prompt,
+ int verify);
+ DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output,
+ long length, des_key_schedule schedule,
+ const_des_cblock *ivec);
+ DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
+ long length, int out_count, des_cblock *seed);
+ void des_string_to_key(const char *str, des_cblock *key);
+ void des_string_to_2keys(const char *str, des_cblock *key1,
+ des_cblock *key2);
+ char *des_fcrypt(const char *buf, const char *salt, char *ret);
+ char *des_crypt(const char *buf, const char *salt);
+ char *crypt(const char *buf, const char *salt);
+ int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
+ des_cblock *iv);
+ int des_enc_write(int fd, const void *buf, int len,
+ des_key_schedule sched, des_cblock *iv);
+This library contains a fast implementation of the DES encryption
+There are two phases to the use of DES encryption. The first is the
+generation of a I<des_key_schedule> from a key, the second is the
+actual encryption. A DES key is of type I<des_cblock>. This type is
+consists of 8 bytes with odd parity. The least significant bit in
+each byte is the parity bit. The key schedule is an expanded form of
+the key; it is used to speed the encryption process.
+des_random_key() generates a random key. The PRNG must be seeded
+prior to using this function (see L<rand(3)|rand(3)>; for backward
+compatibility the function des_random_seed() is available as well).
+If the PRNG could not generate a secure key, 0 is returned. In
+earlier versions of the library, des_random_key() did not generate
+secure keys.
+Before a DES key can be used, it must be converted into the
+architecture dependant I<des_key_schedule> via the
+des_set_key_checked() or des_set_key_unchecked() function.
+des_set_key_checked() will check that the key passed is of odd parity
+and is not a week or semi-weak key. If the parity is wrong, then -1
+is returned. If the key is a weak key, then -2 is returned. If an
+error is returned, the key schedule is not generated.
+des_set_key() (called des_key_sched() in the MIT library) works like
+des_set_key_checked() if the I<des_check_key> flag is non-zero,
+otherwise like des_set_key_unchecked(). These functions are available
+for compatibility; it is recommended to use a function that does not
+depend on a global variable.
+des_set_odd_parity() (called des_fixup_key_parity() in the MIT
+library) sets the parity of the passed I<key> to odd.
+des_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
+is ok. The probability that a randomly generated key is weak is
+1/2^52, so it is not really worth checking for them.
+The following routines mostly operate on an input and output stream of
+des_ecb_encrypt() is the basic DES encryption routine that encrypts or
+decrypts a single 8-byte I<des_cblock> in I<electronic code book>
+(ECB) mode. It always transforms the input data, pointed to by
+I<input>, into the output data, pointed to by the I<output> argument.
+If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
+(cleartext) is encrypted in to the I<output> (ciphertext) using the
+key_schedule specified by the I<schedule> argument, previously set via
+I<des_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
+ciphertext) is decrypted into the I<output> (now cleartext). Input
+and output may overlap. des_ecb_encrypt() does not return a value.
+des_ecb3_encrypt() encrypts/decrypts the I<input> block by using
+three-key Triple-DES encryption in ECB mode. This involves encrypting
+the input with I<ks1>, decrypting with the key schedule I<ks2>, and
+then encrypting with I<ks3>. This routine greatly reduces the chances
+of brute force breaking of DES and has the advantage of if I<ks1>,
+I<ks2> and I<ks3> are the same, it is equivalent to just encryption
+using ECB mode and I<ks1> as the key.
+The macro des_ecb2_encrypt() is provided to perform two-key Triple-DES
+encryption by using I<ks1> for the final encryption.
+des_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
+(CBC) mode of DES. If the I<encrypt> argument is non-zero, the
+routine cipher-block-chain encrypts the cleartext data pointed to by
+the I<input> argument into the ciphertext pointed to by the I<output>
+argument, using the key schedule provided by the I<schedule> argument,
+and initialization vector provided by the I<ivec> argument. If the
+I<length> argument is not an integral multiple of eight bytes, the
+last block is copied to a temporary area and zero filled. The output
+is always an integral multiple of eight bytes.
+des_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and
+I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
+(unlike the iv) and are as such, part of the key. So the key is sort
+of 24 bytes. This is much better than CBC DES.
+des_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
+three keys. This means that each DES operation inside the CBC mode is
+really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+The des_ede2_cbc_encrypt() macro implements two-key Triple-DES by
+reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
+This form of Triple-DES is used by the RSAREF library.
+des_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+chaing mode used by Kerberos v4. Its parameters are the same as
+des_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
+method takes an array of characters as input and outputs and array of
+characters. It does not require any padding to 8 character groups.
+Note: the I<ivec> variable is changed and the new changed value needs to
+be passed to the next call to this function. Since this function runs
+a complete DES ECB encryption per I<numbits>, this function is only
+suggested for use when sending small numbers of characters.
+implements CFB mode of DES with 64bit feedback. Why is this
+useful you ask? Because this routine will allow you to encrypt an
+arbitrary number of bytes, no 8 byte padding. Each call to this
+routine will encrypt the input bytes to output and then update ivec
+and num. num contains 'how far' we are though ivec. If this does
+not make much sense, read more about cfb mode of DES :-).
+des_ede3_cfb64_encrypt() and des_ede2_cfb64_encrypt() is the same as
+des_cfb64_encrypt() except that Triple-DES is used.
+des_ofb_encrypt() encrypts using output feedback mode. This method
+takes an array of characters as input and outputs and array of
+characters. It does not require any padding to 8 character groups.
+Note: the I<ivec> variable is changed and the new changed value needs to
+be passed to the next call to this function. Since this function runs
+a complete DES ECB encryption per numbits, this function is only
+suggested for use when sending small numbers of characters.
+des_ofb64_encrypt() is the same as des_cfb64_encrypt() using Output
+Feed Back mode.
+des_ede3_ofb64_encrypt() and des_ede2_ofb64_encrypt() is the same as
+des_ofb64_encrypt(), using Triple-DES.
+The following functions are included in the DES library for
+compatibility with the MIT Kerberos library. des_read_pw_string()
+is also available under the name EVP_read_pw_string().
+des_read_pw_string() writes the string specified by I<prompt> to
+standarf output, turns echo off and reads in input string from the
+terminal. The string is returned in I<buf>, which must have space for
+at least I<length> bytes. If I<verify> is set, the user is asked for
+the password twice and unless the two copies match, an error is
+returned. A return code of -1 indicates a system error, 1 failure due
+to use interaction, and 0 is success.
+des_read_password() does the same and converts the password to a DES
+key by calling des_string_to_key(); des_read_2password() operates in
+the same way as des_read_password() except that it generates two keys
+by using the des_string_to_2key() function. des_string_to_key() is
+available for backward compatibility with the MIT library. New
+applications should use a cryptographic hash function. The same
+applies for des_string_to_2key().
+des_cbc_cksum() produces an 8 byte checksum based on the input stream
+(via CBC encryption). The last 4 bytes of the checksum are returned
+and the complete 8 bytes are placed in I<output>. This function is
+used by Kerberos v4. Other applications should use
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead.
+des_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
+checksum from the input bytes. The algorithm can be iterated over the
+input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is
+non-NULL, the 8 bytes generated by each pass are written into
+The following are DES-based tranformations:
+des_fcrypt() is a fast version of the unix crypt(3) function. This
+version takes only a small amount of space relative to other fast
+crypt() implementations. This is different to the normal crypt in
+that the third parameter is the buffer that the return value is
+written into. It needs to be at least 14 bytes long. This function
+is thread safe, unlike the normal crypt.
+des_crypt() is a faster replacement for the normal system crypt().
+This function calls des_fcrypt() with a static array passed as the
+third parameter. This emulates the normal non-thread safe semantics
+of crypt(3).
+des_enc_write() writes I<len> bytes to file descriptor I<fd> from
+buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
+using I<sched> for the key and I<iv> as a starting vector. The actual
+data send down I<fd> consists of 4 bytes (in network byte order)
+containing the length of the following encrypted data. The encrypted
+data then follows, padded with random data out to a multiple of 8
+des_enc_read() is used to read I<len> bytes from file descriptor
+I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to
+have come from des_enc_write() and is decrypted using I<sched> for
+the key schedule and I<iv> for the initial vector.
+B<Warning:> The data format used by des_enc_write() and des_enc_read()
+has a cryptographic weakness: When asked to write more than MAXWRITE
+bytes, des_enc_write() will split the data into several chunks that
+are all encrypted using the same IV. So don't use these functions
+unless you are sure you know what you do (in which case you might not
+want to use them anyway). They cannot handle non-blocking sockets.
+des_enc_read() uses an internal state and thus cannot be used on
+multiple files.
+I<des_rw_mode> is used to specify the encryption mode to use with
+des_enc_read() and des_end_write(). If set to I<DES_PCBC_MODE> (the
+default), des_pcbc_encrypt is used. If set to I<DES_CBC_MODE>
+des_cbc_encrypt is used.
+=head1 NOTES
+Single-key DES is insecure due to its short key size. ECB mode is
+not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
+The L<evp(3)|evp(3)> library provides higher-level encryption functions.
+=head1 BUGS
+des_3cbc_encrypt() is flawed and must not be used in applications.
+des_cbc_encrypt() does not modify B<ivec>; use des_ncbc_encrypt()
+des_cfb_encrypt() and des_ofb_encrypt() operates on input of 8 bits.
+What this means is that if you set numbits to 12, and length to 2, the
+first 12 bits will come from the 1st input byte and the low half of
+the second input byte. The second 12 bits will have the low 8 bits
+taken from the 3rd input byte and the top 4 bits taken from the 4th
+input byte. The same holds for output. This function has been
+implemented this way because most people will be using a multiple of 8
+and because once you get into pulling bytes input bytes apart things
+get ugly!
+des_read_pw_string() is the most machine/OS dependent function and
+normally generates the most problems when porting this code.
+ANSI X3.106
+The B<des> library was written to be source code compatible with
+the MIT Kerberos library.
+=head1 SEE ALSO
+crypt(3), L<des_modes(3)|des_modes(3)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
+=head1 HISTORY
+des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
+des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
+des_quad_cksum(), des_random_key(), des_read_password() and
+des_string_to_key() are available in the MIT Kerberos library;
+des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
+are available in newer versions of that library.
+des_set_key_checked() and des_set_key_unchecked() were added in
+OpenSSL 0.9.5.
+des_generate_random_block(), des_init_random_number_generator(),
+des_new_random_key(), des_set_random_generator_seed() and
+des_set_sequence_number() and des_rand_data() are used in newer
+versions of Kerberos but are not implemented here.
+des_random_key() generated cryptographically weak random data in
+SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
+MIT library.
+=head1 AUTHOR
+Eric Young ( Modified for the OpenSSL project
diff --git a/crypto/openssl/doc/crypto/des_modes.pod b/crypto/openssl/doc/crypto/des_modes.pod
new file mode 100644
index 0000000..1aa3ac7
--- /dev/null
+++ b/crypto/openssl/doc/crypto/des_modes.pod
@@ -0,0 +1,253 @@
+=head1 NAME
+Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
+Several crypto algorithms fo OpenSSL can be used in a number of modes. Those
+are used for using block ciphers in a way similar to stream ciphers, among
+other things.
+=head1 OVERVIEW
+=head2 Electronic Codebook Mode (ECB)
+Normally, this is found as the function I<algorithm>_ecb_encrypt().
+=over 2
+=item *
+64 bits are enciphered at a time.
+=item *
+The order of the blocks can be rearranged without detection.
+=item *
+The same plaintext block always produces the same ciphertext block
+(for the same key) making it vulnerable to a 'dictionary attack'.
+=item *
+An error will only affect one ciphertext block.
+=head2 Cipher Block Chaining Mode (CBC)
+Normally, this is found as the function I<algorithm>_cbc_encrypt().
+Be aware that des_cbc_encrypt() is not really DES CBC (it does
+not update the IV); use des_ncbc_encrypt() instead.
+=over 2
+=item *
+a multiple of 64 bits are enciphered at a time.
+=item *
+The CBC mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+=item *
+The chaining operation makes the ciphertext blocks dependent on the
+current and all preceding plaintext blocks and therefore blocks can not
+be rearranged.
+=item *
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+=item *
+An error will affect the current and the following ciphertext blocks.
+=head2 Cipher Feedback Mode (CFB)
+Normally, this is found as the function I<algorithm>_cfb_encrypt().
+=over 2
+=item *
+a number of bits (j) <= 64 are enciphered at a time.
+=item *
+The CFB mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+=item *
+The chaining operation makes the ciphertext variables dependent on the
+current and all preceding variables and therefore j-bit variables are
+chained together and can not be rearranged.
+=item *
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+=item *
+The strength of the CFB mode depends on the size of k (maximal if
+j == k). In my implementation this is always the case.
+=item *
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+=item *
+Only multiples of j bits can be enciphered.
+=item *
+An error will affect the current and the following ciphertext variables.
+=head2 Output Feedback Mode (OFB)
+Normally, this is found as the function I<algorithm>_ofb_encrypt().
+=over 2
+=item *
+a number of bits (j) <= 64 are enciphered at a time.
+=item *
+The OFB mode produces the same ciphertext whenever the same
+plaintext enciphered using the same key and starting variable. More
+over, in the OFB mode the same key stream is produced when the same
+key and start variable are used. Consequently, for security reasons
+a specific start variable should be used only once for a given key.
+=item *
+The absence of chaining makes the OFB more vulnerable to specific attacks.
+=item *
+The use of different start variables values prevents the same
+plaintext enciphering to the same ciphertext, by producing different
+key streams.
+=item *
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+=item *
+Only multiples of j bits can be enciphered.
+=item *
+OFB mode of operation does not extend ciphertext errors in the
+resultant plaintext output. Every bit error in the ciphertext causes
+only one bit to be in error in the deciphered plaintext.
+=item *
+OFB mode is not self-synchronising. If the two operation of
+encipherment and decipherment get out of synchronism, the system needs
+to be re-initialised.
+=item *
+Each re-initialisation should use a value of the start variable
+different from the start variable values used before with the same
+key. The reason for this is that an identical bit stream would be
+produced each time from the same parameters. This would be
+susceptible to a 'known plaintext' attack.
+=head2 Triple ECB Mode
+Normally, this is found as the function I<algorithm>_ecb3_encrypt().
+=over 2
+=item *
+Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+=item *
+As for ECB encryption but increases the key length to 168 bits.
+There are theoretic attacks that can be used that make the effective
+key length 112 bits, but this attack also requires 2^56 blocks of
+memory, not very likely, even for the NSA.
+=item *
+If both keys are the same it is equivalent to encrypting once with
+just one key.
+=item *
+If the first and last key are the same, the key length is 112 bits.
+There are attacks that could reduce the key space to 55 bit's but it
+requires 2^56 blocks of memory.
+=item *
+If all 3 keys are the same, this is effectively the same as normal
+ecb mode.
+=head2 Triple CBC Mode
+Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
+=over 2
+=item *
+Encrypt with key1, decrypt with key2 and then encrypt with key3.
+=item *
+As for CBC encryption but increases the key length to 168 bits with
+the same restrictions as for triple ecb mode.
+=head1 NOTES
+This text was been written in large parts by Eric Young in his original
+documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed
+it to:
+ AS 2805.5.2
+ Australian Standard
+ Electronic funds transfer - Requirements for interfaces,
+ Part 5.2: Modes of operation for an n-bit block cipher algorithm
+ Appendix A
+=head1 SEE ALSO
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>,
diff --git a/crypto/openssl/doc/crypto/dh.pod b/crypto/openssl/doc/crypto/dh.pod
new file mode 100644
index 0000000..0a9b7c0
--- /dev/null
+++ b/crypto/openssl/doc/crypto/dh.pod
@@ -0,0 +1,68 @@
+=head1 NAME
+dh - Diffie-Hellman key agreement
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH * DH_new(void);
+ void DH_free(DH *dh);
+ int DH_size(DH *dh);
+ DH * DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int, int, void *), void *cb_arg);
+ int DH_check(DH *dh, int *codes);
+ int DH_generate_key(DH *dh);
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ void DH_set_default_method(DH_METHOD *meth);
+ DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ DH *DH_new_method(DH_METHOD *meth);
+ DH_METHOD *DH_OpenSSL(void);
+ int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+ int (*dup_func)(), void (*free_func)());
+ int DH_set_ex_data(DH *d, int idx, char *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+ DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+ int DHparams_print_fp(FILE *fp, DH *x);
+ int DHparams_print(BIO *bp, DH *x);
+These functions implement the Diffie-Hellman key agreement protocol.
+The generation of shared DH parameters is described in
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
+to perform a key agreement.
+The B<DH> structure consists of several BIGNUM components.
+ struct
+ {
+ BIGNUM *p; // prime number (shared)
+ BIGNUM *g; // generator of Z_p (shared)
+ BIGNUM *priv_key; // private DH value x
+ BIGNUM *pub_key; // public DH value g^x
+ // ...
+ };
+ DH
+=head1 SEE ALSO
+L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
+L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
diff --git a/crypto/openssl/doc/crypto/dsa.pod b/crypto/openssl/doc/crypto/dsa.pod
new file mode 100644
index 0000000..2c09244
--- /dev/null
+++ b/crypto/openssl/doc/crypto/dsa.pod
@@ -0,0 +1,104 @@
+=head1 NAME
+dsa - Digital Signature Algorithm
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA * DSA_new(void);
+ void DSA_free(DSA *dsa);
+ int DSA_size(DSA *dsa);
+ DSA * DSA_generate_parameters(int bits, unsigned char *seed,
+ int seed_len, int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *), void *cb_arg);
+ DH * DSA_dup_DH(DSA *r);
+ int DSA_generate_key(DSA *dsa);
+ int DSA_sign(int dummy, const unsigned char *dgst, int len,
+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+ BIGNUM **rp);
+ int DSA_verify(int dummy, const unsigned char *dgst, int len,
+ unsigned char *sigbuf, int siglen, DSA *dsa);
+ void DSA_set_default_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_OpenSSL(void);
+ int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+ int (*dup_func)(), void (*free_func)());
+ int DSA_set_ex_data(DSA *d, int idx, char *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+ DSA_SIG *DSA_SIG_new(void);
+ void DSA_SIG_free(DSA_SIG *a);
+ int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+ DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+ DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+ DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+ int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
+ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
+ int i2d_DSAparams(DSA *a,unsigned char **pp);
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int off);
+ int DSA_print_fp(FILE *bp, DSA *x, int off);
+These functions implement the Digital Signature Algorithm (DSA). The
+generation of shared DSA parameters is described in
+L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
+generate a signature key. Signature generation and verification are
+described in L<DSA_sign(3)|DSA_sign(3)>.
+The B<DSA> structure consists of several BIGNUM components.
+ struct
+ {
+ BIGNUM *p; // prime number (public)
+ BIGNUM *q; // 160-bit subprime, q | p-1 (public)
+ BIGNUM *g; // generator of subgroup (public)
+ BIGNUM *priv_key; // private key x
+ BIGNUM *pub_key; // public key y = g^x
+ // ...
+ }
+ DSA;
+In public keys, B<priv_key> is NULL.
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
diff --git a/crypto/openssl/doc/crypto/err.pod b/crypto/openssl/doc/crypto/err.pod
new file mode 100644
index 0000000..b824c92
--- /dev/null
+++ b/crypto/openssl/doc/crypto/err.pod
@@ -0,0 +1,187 @@
+=head1 NAME
+err - error codes
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+ int ERR_GET_LIB(unsigned long e);
+ int ERR_GET_FUNC(unsigned long e);
+ int ERR_GET_REASON(unsigned long e);
+ void ERR_clear_error(void);
+ char *ERR_error_string(unsigned long e, char *buf);
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+ void ERR_remove_state(unsigned long pid);
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+ int line);
+ void ERR_add_error_data(int num, ...);
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+ unsigned long ERR_PACK(int lib, int func, int reason);
+ int ERR_get_next_error_library(void);
+When a call to the OpenSSL library fails, this is usually signalled
+by the return value, and an error code is stored in an error queue
+associated with the current thread. The B<err> library provides
+functions to obtain these error codes and textual error messages.
+The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to
+access error codes.
+Error codes contain information about where the error occurred, and
+what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to
+extract this information. A method to obtain human-readable error
+messages is described in L<ERR_error_string(3)|ERR_error_string(3)>.
+L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the
+error queue.
+Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to
+avoid memory leaks when threads are terminated.
+See L<ERR_put_error(3)> if you want to record error codes in the
+OpenSSL error system from within your application.
+The remainder of this section is of interest only if you want to add
+new error codes to OpenSSL or add error codes from external libraries.
+=head2 Reporting errors
+Each sub-library has a specific macro XXXerr() that is used to report
+errors. Its first argument is a function code B<XXX_F_...>, the second
+argument is a reason code B<XXX_R_...>. Function codes are derived
+from the function names; reason codes consist of textual error
+descriptions. For example, the function ssl23_read() reports a
+"handshake failure" as follows:
+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as "SSL23_READ" in the above example.
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and underscores changed to spaces.
+When you are using new function or reason codes, run B<make errors>.
+The necessary B<#define>s will then automatically be added to the
+sub-library's header file.
+Although a library will normally report errors using its own specific
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
+the ASN1err() macro.
+=head2 Adding new libraries
+When adding a new sub-library to OpenSSL, assign it a library number
+B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
+name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
+C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
+(in B<crypto/err/err_all.c>). Finally, add an entry
+ L XXX xxx.h xxx_err.c
+to B<crypto/err/>, and add B<xxx_err.c> to the Makefile.
+Running B<make errors> will then generate a file B<xxx_err.c>, and
+add all error codes used in the library to B<xxx.h>.
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+ #ifndef HEADER_XXX_H
+ #define HEADER_XXX_H
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+ /* Include files */
+ #include <openssl/bio.h>
+ #include <openssl/x509.h>
+ /* Macros, structures and function prototypes */
+The B<BEGIN ERROR CODES> sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when B<make errors> is run.
+The closing #endif etc will be automatically added by the script.
+The generated C error code file B<xxx_err.c> will load the header
+files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
+header file must load any additional header files containg any
+definitions it uses.
+It is also possible to use OpenSSL's error code scheme in external
+libraries. The library needs to load its own codes and call the OpenSSL
+error code insertion script B<> explicitly to add codes to
+the header file and generate the C error code file. This will normally
+be done if the external library needs to generate new ASN1 structures
+but it can also be used to add more general purpose error code handling.
+TBA more details
+The error queues are stored in a hash table with one B<ERR_STATE>
+entry for each pid. ERR_get_state() returns the current thread's
+B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
+codes. When more error codes are added, the old ones are overwritten,
+on the assumption that the most recent errors are most important.
+Error strings are also stored in hash table. The hash tables can
+be obtained by calling ERR_get_err_state_table(void) and
+ERR_get_string_table(void) respectively.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/crypto/hmac.pod b/crypto/openssl/doc/crypto/hmac.pod
new file mode 100644
index 0000000..45b6108
--- /dev/null
+++ b/crypto/openssl/doc/crypto/hmac.pod
@@ -0,0 +1,75 @@
+=head1 NAME
+HMAC, HMAC_Init, HMAC_Update, HMAC_Final - HMAC message authentication code
+=head1 SYNOPSIS
+ #include <openssl/hmac.h>
+ unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+ int key_len, const unsigned char *d, int n,
+ unsigned char *md, unsigned int *md_len);
+ void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+ const EVP_MD *md);
+ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+ void HMAC_cleanup(HMAC_CTX *ctx);
+HMAC is a MAC (message authentication code), i.e. a keyed hash
+function used for message authentication, which is based on a hash
+HMAC() computes the message authentication code of the B<n> bytes at
+B<d> using the hash function B<evp_md> and the key B<key> which is
+B<key_len> bytes long.
+It places the result in B<md> (which must have space for the output of
+the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
+If B<md> is NULL, the digest is placed in a static array. The size of
+the output is placed in B<md_len>, unless it is B<NULL>.
+B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
+B<key> and B<evp_md> may be B<NULL> if a key and hash function have
+been set in a previous call to HMAC_Init() for that B<HMAC_CTX>.
+HMAC_cleanup() erases the key and other data from the B<HMAC_CTX>.
+The following functions may be used if the message is not completely
+stored in memory:
+HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
+function B<evp_md> and the key B<key> which is B<key_len> bytes long.
+HMAC_Update() can be called repeatedly with chunks of the message to
+be authenticated (B<len> bytes at B<data>).
+HMAC_Final() places the message authentication code in B<md>, which
+must have space for the hash function output.
+HMAC() returns a pointer to the message authentication code.
+HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() do not
+return values.
+RFC 2104
+=head1 SEE ALSO
+L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
+=head1 HISTORY
+HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup()
+are available since SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/lh_stats.pod b/crypto/openssl/doc/crypto/lh_stats.pod
new file mode 100644
index 0000000..3eeaa72
--- /dev/null
+++ b/crypto/openssl/doc/crypto/lh_stats.pod
@@ -0,0 +1,60 @@
+=head1 NAME
+lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
+=head1 SYNOPSIS
+ #include <openssl/lhash.h>
+ void lh_stats(LHASH *table, FILE *out);
+ void lh_node_stats(LHASH *table, FILE *out);
+ void lh_node_usage_stats(LHASH *table, FILE *out);
+ void lh_stats_bio(LHASH *table, BIO *out);
+ void lh_node_stats_bio(LHASH *table, BIO *out);
+ void lh_node_usage_stats_bio(LHASH *table, BIO *out);
+The B<LHASH> structure records statistics about most aspects of
+accessing the hash table. This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+lh_stats() prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+lh_node_stats() prints the number of entries for each 'bucket' in the
+hash table.
+lh_node_usage_stats() prints out a short summary of the state of the
+hash table. It prints the 'load' and the 'actual load'. The load is
+the average number of data items per 'bucket' in the hash table. The
+'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries. So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
+are the same as the above, except that the output goes to a B<BIO>.
+These functions do not return values.
+=head1 SEE ALSO
+L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
+=head1 HISTORY
+These functions are available in all versions of SSLeay and OpenSSL.
+This manpage is derived from the SSLeay documentation.
diff --git a/crypto/openssl/doc/crypto/lhash.pod b/crypto/openssl/doc/crypto/lhash.pod
new file mode 100644
index 0000000..af2c9a7
--- /dev/null
+++ b/crypto/openssl/doc/crypto/lhash.pod
@@ -0,0 +1,155 @@
+=head1 NAME
+lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
+lh_doall_arg, lh_error - dynamic hash table
+=head1 SYNOPSIS
+ #include <openssl/lhash.h>
+ LHASH *lh_new(unsigned long (*hash)(/*void *a*/),
+ int (*compare)(/*void *a,void *b*/));
+ void lh_free(LHASH *table);
+ void *lh_insert(LHASH *table, void *data);
+ void *lh_delete(LHASH *table, void *data);
+ void *lh_retrieve(LHASH *table, void *data);
+ void lh_doall(LHASH *table, void (*func)(/*void *b*/));
+ void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/),
+ void *arg);
+ int lh_error(LHASH *table);
+This library implements dynamic hash tables. The hash table entries
+can be arbitrary structures. Usually they consist of key and value
+lh_new() creates a new B<LHASH> structure. B<hash> takes a pointer to
+the structure and returns an unsigned long hash value of its key
+field. The hash value is normally truncated to a power of 2, so make
+sure that your hash function returns well mixed low order
+bits. B<compare> takes two arguments, and returns 0 if their keys are
+equal, non-zero otherwise.
+lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
+entries will not be freed; consider using lh_doall() to deallocate any
+remaining entries in the hash table.
+lh_insert() inserts the structure pointed to by B<data> into B<table>.
+If there already is an entry with the same key, the old value is
+replaced. Note that lh_insert() stores pointers, the data are not
+lh_delete() deletes an entry from B<table>.
+lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
+a structure with the key field(s) set; the function will return a
+pointer to a fully populated structure.
+lh_doall() will, for every entry in the hash table, call B<func> with
+the data item as parameters.
+This function can be quite useful when used as follows:
+ void cleanup(STUFF *a)
+ { STUFF_free(a); }
+ lh_doall(hash,cleanup);
+ lh_free(hash);
+This can be used to free all the entries. lh_free() then cleans up the
+'buckets' that point to nothing. When doing this, be careful if you
+delete entries from the hash table in B<func>: the table may decrease
+in size, moving item that you are currently on down lower in the hash
+table. This could cause some entries to be skipped. The best
+solution to this problem is to set hash-E<gt>down_load=0 before you
+start. This will stop the hash table ever being decreased in size.
+lh_doall_arg() is the same as lh_doall() except that B<func> will
+be called with B<arg> as the second argument.
+lh_error() can be used to determine if an error occurred in the last
+operation. lh_error() is a macro.
+lh_new() returns B<NULL> on error, otherwise a pointer to the new
+B<LHASH> structure.
+When a hash table entry is replaced, lh_insert() returns the value
+being replaced. B<NULL> is returned on normal operation and on error.
+lh_delete() returns the entry being deleted. B<NULL> is returned if
+there is no such value in the hash table.
+lh_retrieve() returns the hash table entry if it has been found,
+B<NULL> otherwise.
+lh_error() returns 1 if an error occurred in the last operation, 0
+lh_free(), lh_doall() and lh_doall_arg() return no values.
+=head1 BUGS
+lh_insert() returns B<NULL> both for success and error.
+The following description is based on the SSLeay documentation:
+The B<lhash> library implements a hash table described in the
+I<Communications of the ACM> in 1991. What makes this hash table
+different is that as the table fills, the hash table is increased (or
+decreased) in size via Realloc(). When a 'resize' is done, instead of
+all hashes being redistributed over twice as many 'buckets', one
+bucket is split. So when an 'expand' is done, there is only a minimal
+cost to redistribute some values. Subsequent inserts will cause more
+single 'bucket' redistributions but there will never be a sudden large
+cost due to redistributing all the 'buckets'.
+The state for a particular hash table is kept in the B<LHASH> structure.
+The decision to increase or decrease the hash table size is made
+depending on the 'load' of the hash table. The load is the number of
+items in the hash table divided by the size of the hash table. The
+default values are as follows. If (hash->up_load E<lt> load) =E<gt>
+expand. if (hash-E<gt>down_load E<gt> load) =E<gt> contract. The
+B<up_load> has a default value of 1 and B<down_load> has a default value
+of 2. These numbers can be modified by the application by just
+playing with the B<up_load> and B<down_load> variables. The 'load' is
+kept in a form which is multiplied by 256. So
+hash-E<gt>up_load=8*256; will cause a load of 8 to be set.
+If you are interested in performance the field to watch is
+num_comp_calls. The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash-E<gt>num_comp_calls is incremented. If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values. It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucket', it can be searched
+with 10 B<unsigned long> compares and 10 linked list traverses. This
+will be much less expensive that 10 calls to you compare function.
+lh_strhash() is a demo string hashing function:
+ unsigned long lh_strhash(const char *c);
+Since the B<LHASH> routines would normally be passed structures, this
+routine would not normally be passed to lh_new(), rather it would be
+used in the function passed to lh_new().
+=head1 SEE ALSO
+=head1 HISTORY
+The B<lhash> library is available in all versions of SSLeay and OpenSSL.
+lh_error() was added in SSLeay 0.9.1b.
+This manpage is derived from the SSLeay documentation.
diff --git a/crypto/openssl/doc/crypto/md5.pod b/crypto/openssl/doc/crypto/md5.pod
new file mode 100644
index 0000000..d7c1200
--- /dev/null
+++ b/crypto/openssl/doc/crypto/md5.pod
@@ -0,0 +1,85 @@
+=head1 NAME
+MD2, MD5, MD2_Init, MD2_Update, MD2_Final, MD5_Init, MD5_Update,
+MD5_Final - MD2 and MD5 hash functions
+=head1 SYNOPSIS
+ #include <openssl/md2.h>
+ unsigned char *MD2(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+ void MD2_Init(MD2_CTX *c);
+ void MD2_Update(MD2_CTX *c, const unsigned char *data,
+ unsigned long len);
+ void MD2_Final(unsigned char *md, MD2_CTX *c);
+ #include <openssl/md5.h>
+ unsigned char *MD5(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+ void MD5_Init(MD5_CTX *c);
+ void MD5_Update(MD5_CTX *c, const void *data,
+ unsigned long len);
+ void MD5_Final(unsigned char *md, MD5_CTX *c);
+MD2 and MD5 are cryptographic hash functions with a 128 bit output.
+MD2() and MD5() compute the MD2 and MD5 message digest of the B<n>
+bytes at B<d> and place it in B<md> (which must have space for
+MD2_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If
+B<md> is NULL, the digest is placed in a static array.
+The following functions may be used if the message is not completely
+stored in memory:
+MD2_Init() initializes a B<MD2_CTX> structure.
+MD2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+MD2_Final() places the message digest in B<md>, which must have space
+for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
+MD5_Init(), MD5_Update() and MD5_Final() are analogous using an
+B<MD5_CTX> structure.
+Applications should use the higher level functions
+etc. instead of calling the hash functions directly.
+=head1 NOTE
+MD2 and MD5 are recommended only for compatibility with existing
+applications. In new applications, SHA-1 or RIPEMD-160 should be
+MD2() and MD5() return pointers to the hash value.
+MD2_Init(), MD2_Update() MD2_Final(), MD5_Init(), MD5_Update() and
+MD5_Final() do not return values.
+RFC 1319, RFC 1321
+=head1 SEE ALSO
+L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+=head1 HISTORY
+MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(),
+MD5_Update() and MD5_Final() are available in all versions of SSLeay
+and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/mdc2.pod b/crypto/openssl/doc/crypto/mdc2.pod
new file mode 100644
index 0000000..11dc303
--- /dev/null
+++ b/crypto/openssl/doc/crypto/mdc2.pod
@@ -0,0 +1,64 @@
+=head1 NAME
+MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
+=head1 SYNOPSIS
+ #include <openssl/mdc2.h>
+ unsigned char *MDC2(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+ void MDC2_Init(MDC2_CTX *c);
+ void MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+ unsigned long len);
+ void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+MDC2 is a method to construct hash functions with 128 bit output from
+block ciphers. These functions are an implementation of MDC2 with
+MDC2() computes the MDC2 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+The following functions may be used if the message is not completely
+stored in memory:
+MDC2_Init() initializes a B<MDC2_CTX> structure.
+MDC2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+MDC2_Final() places the message digest in B<md>, which must have space
+for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+MDC2() returns a pointer to the hash value.
+MDC2_Init(), MDC2_Update() and MDC2_Final() do not return values.
+ISO/IEC 10118-2, with DES
+=head1 SEE ALSO
+L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+=head1 HISTORY
+MDC2(), MDC2_Init(), MDC2_Update() and MDC2_Final() are available since
+SSLeay 0.8.
diff --git a/crypto/openssl/doc/crypto/rand.pod b/crypto/openssl/doc/crypto/rand.pod
new file mode 100644
index 0000000..295b681
--- /dev/null
+++ b/crypto/openssl/doc/crypto/rand.pod
@@ -0,0 +1,158 @@
+=head1 NAME
+rand - pseudo-random number generator
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ int RAND_bytes(unsigned char *buf,int num);
+ int RAND_pseudo_bytes(unsigned char *buf,int num);
+ void RAND_seed(const void *buf,int num);
+ void RAND_add(const void *buf,int num,int entropy);
+ int RAND_status(void);
+ void RAND_screen(void);
+ int RAND_load_file(const char *file,long max_bytes);
+ int RAND_write_file(const char *file);
+ const char *RAND_file_name(char *file,int num);
+ int RAND_egd(const char *path);
+ void RAND_set_rand_method(RAND_METHOD *meth);
+ RAND_METHOD *RAND_get_rand_method(void);
+ void RAND_cleanup(void);
+These functions implement a cryptographically secure pseudo-random
+number generator (PRNG). It is used by other library functions for
+example to generate random keys, and applications can use it when they
+need randomness.
+A cryptographic PRNG must be seeded with unpredictable data such as
+mouse movements or keys pressed at random by the user. This is
+described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
+(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
+seeding process whenever the application is started.
+L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
+The RAND_SSLeay() method implements a PRNG based on a cryptographic
+hash function.
+The following description of its design is based on the SSLeay
+First up I will state the things I believe I need for a good RNG.
+=over 4
+=item 1
+A good hashing algorithm to mix things up and to convert the RNG 'state'
+to random numbers.
+=item 2
+An initial source of random 'state'.
+=item 3
+The state should be very large. If the RNG is being used to generate
+4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+If your RNG state only has 128 bits, you are obviously limiting the
+search space to 128 bits, not 2048. I'm probably getting a little
+carried away on this last point but it does indicate that it may not be
+a bad idea to keep quite a lot of RNG state. It should be easier to
+break a cipher than guess the RNG seed data.
+=item 4
+Any RNG seed data should influence all subsequent random numbers
+generated. This implies that any random seed data entered will have
+an influence on all subsequent random numbers generated.
+=item 5
+When using data to seed the RNG state, the data used should not be
+extractable from the RNG state. I believe this should be a
+requirement because one possible source of 'secret' semi random
+data would be a private key or a password. This data must
+not be disclosed by either subsequent random numbers or a
+'core' dump left by a program crash.
+=item 6
+Given the same initial 'state', 2 systems should deviate in their RNG state
+(and hence the random numbers generated) over time if at all possible.
+=item 7
+Given the random number output stream, it should not be possible to determine
+the RNG state or the next random number.
+The algorithm is as follows.
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working hash value ('md'), and a counter ('count').
+Whenever seed data is added, it is inserted into the 'state' as
+The input is chopped up into units of 20 bytes (or less for
+the last block). Each of these blocks is run through the hash
+function as follows: The data passed to the hash function
+is the current 'md', the same number of bytes from the 'state'
+(the location determined by in incremented looping index) as
+the current 'block', the new key data 'block', and 'count'
+(which is incremented after each use).
+The result of this is kept in 'md' and also xored into the
+'state' at the same locations that were used as input into the
+hash function. I
+believe this system addresses points 1 (hash function; currently
+SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
+function and xor).
+When bytes are extracted from the RNG, the following process is used.
+For each group of 10 bytes (or less), we do the following:
+Input into the hash function the top 10 bytes from the local 'md'
+(which is initialized from the global 'md' before any bytes are
+generated), the bytes that are to be overwritten by the random bytes,
+and bytes from the 'state' (incrementing looping index). From this
+digest output (which is kept in 'md'), the top (up to) 10 bytes are
+returned to the caller and the bottom (up to) 10 bytes are xored into
+the 'state'.
+Finally, after we have finished 'num' random bytes for the caller,
+'count' (which is incremented) and the local and global 'md' are fed
+into the hash function and the results are kept in the global 'md'.
+I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
+into the 'state' the 'old' data from the caller that is about to be
+overwritten) and 7 (by not using the 10 bytes given to the caller to
+update the 'state', but they are used to update 'md').
+So of the points raised, only 2 is not addressed (but see
+=head1 SEE ALSO
+L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
diff --git a/crypto/openssl/doc/crypto/rc4.pod b/crypto/openssl/doc/crypto/rc4.pod
new file mode 100644
index 0000000..b6d3a43
--- /dev/null
+++ b/crypto/openssl/doc/crypto/rc4.pod
@@ -0,0 +1,62 @@
+=head1 NAME
+RC4_set_key, RC4 - RC4 encryption
+=head1 SYNOPSIS
+ #include <openssl/rc4.h>
+ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+ unsigned char *outdata);
+This library implements the Alleged RC4 cipher, which is described for
+example in I<Applied Cryptography>. It is believed to be compatible
+with RC4[TM], a proprietary cipher of RSA Security Inc.
+RC4 is a stream cipher with variable key length. Typically, 128 bit
+(16 byte) keys are used for strong encryption, but shorter insecure
+key sizes have been widely used due to export restrictions.
+RC4 consists of a key setup phase and the actual encryption or
+decryption phase.
+RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
+key at B<data>.
+RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
+B<key> and places the result at B<outdata>. Repeated RC4() calls with
+the same B<key> yield a continuous key stream.
+Since RC4 is a stream cipher (the input is XORed with a pseudo-random
+key stream to produce the output), decryption uses the same function
+calls as encryption.
+Applications should use the higher level functions
+etc. instead of calling the RC4 functions directly.
+RC4_set_key() and RC4() do not return values.
+=head1 NOTE
+Certain conditions have to be observed to securely use stream ciphers.
+It is not permissible to perform multiple encryptions using the same
+key stream.
+=head1 SEE ALSO
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<rc2(3)|rc2(3)>
+=head1 HISTORY
+RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/ripemd.pod b/crypto/openssl/doc/crypto/ripemd.pod
new file mode 100644
index 0000000..31054b6
--- /dev/null
+++ b/crypto/openssl/doc/crypto/ripemd.pod
@@ -0,0 +1,66 @@
+=head1 NAME
+RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
+RIPEMD-160 hash function
+=head1 SYNOPSIS
+ #include <openssl/ripemd.h>
+ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+ void RIPEMD160_Init(RIPEMD160_CTX *c);
+ void RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+ unsigned long len);
+ void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+RIPEMD-160 is a cryptographic hash function with a
+160 bit output.
+RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+The following functions may be used if the message is not completely
+stored in memory:
+RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
+RIPEMD160_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+RIPEMD160_Final() places the message digest in B<md>, which must have
+space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
+the B<RIPEMD160_CTX>.
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+RIPEMD160() returns a pointer to the hash value.
+RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() do not
+return values.
+ISO/IEC 10118-3 (draft) (??)
+=head1 SEE ALSO
+L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+=head1 HISTORY
+RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update() and
+RIPEMD160_Final() are available since SSLeay 0.9.0.
diff --git a/crypto/openssl/doc/crypto/rsa.pod b/crypto/openssl/doc/crypto/rsa.pod
new file mode 100644
index 0000000..eb8ba61
--- /dev/null
+++ b/crypto/openssl/doc/crypto/rsa.pod
@@ -0,0 +1,116 @@
+=head1 NAME
+rsa - RSA public key cryptosystem
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+ int RSA_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ int RSA_size(RSA *rsa);
+ RSA *RSA_generate_key(int num, unsigned long e,
+ void (*callback)(int,int,void *), void *cb_arg);
+ int RSA_check_key(RSA *rsa);
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+ void RSA_set_default_method(RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(RSA *rsa);
+ RSA *RSA_new_method(RSA_METHOD *method);
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+ int (*dup_func)(), void (*free_func)());
+ int RSA_set_ex_data(RSA *r,int idx,char *arg);
+ char *RSA_get_ex_data(RSA *r, int idx);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+ RSA *rsa);
+These functions implement RSA public key encryption and signatures
+as defined in PKCS #1 v2.0 [RFC 2437].
+The B<RSA> structure consists of several BIGNUM components. It can
+contain public as well as private RSA keys:
+ struct
+ {
+ BIGNUM *n; // public modulus
+ BIGNUM *e; // public exponent
+ BIGNUM *d; // private exponent
+ BIGNUM *p; // secret prime factor
+ BIGNUM *q; // secret prime factor
+ BIGNUM *dmp1; // d mod (p-1)
+ BIGNUM *dmq1; // d mod (q-1)
+ BIGNUM *iqmp; // q^-1 mod p
+ // ...
+ };
+In public keys, the private exponent and the related secret values are
+B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
+keys, but the RSA operations are much faster when these values are
+SSL, PKCS #1 v2.0
+=head1 PATENTS
+RSA is covered by a US patent which expires in September 2000.
+=head1 SEE ALSO
+L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
+L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
+L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
diff --git a/crypto/openssl/doc/crypto/sha.pod b/crypto/openssl/doc/crypto/sha.pod
new file mode 100644
index 0000000..0ba315d
--- /dev/null
+++ b/crypto/openssl/doc/crypto/sha.pod
@@ -0,0 +1,70 @@
+=head1 NAME
+SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
+=head1 SYNOPSIS
+ #include <openssl/sha.h>
+ unsigned char *SHA1(const unsigned char *d, unsigned long n,
+ unsigned char *md);
+ void SHA1_Init(SHA_CTX *c);
+ void SHA1_Update(SHA_CTX *c, const void *data,
+ unsigned long len);
+ void SHA1_Final(unsigned char *md, SHA_CTX *c);
+SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
+160 bit output.
+SHA1() computes the SHA-1 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+The following functions may be used if the message is not completely
+stored in memory:
+SHA1_Init() initializes a B<SHA_CTX> structure.
+SHA1_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+SHA1_Final() places the message digest in B<md>, which must have space
+for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
+Applications should use the higher level functions
+etc. instead of calling the hash functions directly.
+The predecessor of SHA-1, SHA, is also implemented, but it should be
+used only when backward compatibility is required.
+SHA1() returns a pointer to the hash value.
+SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
+SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash
+SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash
+ANSI X9.30
+=head1 SEE ALSO
+L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+=head1 HISTORY
+SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all
+versions of SSLeay and OpenSSL.
diff --git a/crypto/openssl/doc/crypto/threads.pod b/crypto/openssl/doc/crypto/threads.pod
new file mode 100644
index 0000000..5da056f
--- /dev/null
+++ b/crypto/openssl/doc/crypto/threads.pod
@@ -0,0 +1,70 @@
+=head1 NAME
+CRYPTO_set_locking_callback, CRYPTO_set_id_callback - OpenSSL thread support
+=head1 SYNOPSIS
+ #include <openssl/crypto.h>
+ void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
+ int n, const char *file, int line));
+ void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+ int CRYPTO_num_locks(void);
+OpenSSL can safely be used in multi-threaded applications provided
+that two callback functions are set.
+locking_function(int mode, int n, const char *file, int line) is
+needed to perform locking on shared data stuctures. Multi-threaded
+applications will crash at random if it is not set.
+locking_function() must be able to handle up to CRYPTO_num_locks()
+different mutex locks. It sets the B<n>-th lock if B<mode> &
+B<CRYPTO_LOCK>, and releases it otherwise.
+B<file> and B<line> are the file number of the function setting the
+lock. They can be useful for debugging.
+id_function(void) is a function that returns a thread ID. It is not
+needed on Windows nor on platforms where getpid() returns a different
+ID for each thread (most notably Linux).
+CRYPTO_num_locks() returns the required number of locks.
+The other functions return no values.
+=head1 NOTE
+You can find out if OpenSSL was configured with thread support:
+ #include <openssl/opensslconf.h>
+ #if defined(THREADS)
+ // thread support enabled
+ #else
+ // no thread support
+ #endif
+=head1 EXAMPLES
+B<crypto/threads/mttest.c> shows examples of the callback functions on
+Solaris, Irix and Win32.
+=head1 HISTORY
+CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
+available in all versions of SSLeay and OpenSSL.
+CRYPTO_num_locks() was added in OpenSSL 0.9.4.
+=head1 SEE ALSO
diff --git a/crypto/openssl/doc/openssl.txt b/crypto/openssl/doc/openssl.txt
index 91b85e5..880eace 100644
--- a/crypto/openssl/doc/openssl.txt
+++ b/crypto/openssl/doc/openssl.txt
@@ -1,53 +1,12 @@
This is some preliminary documentation for OpenSSL.
- BUFFER Library
-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
-The library uses the BUF_MEM structure defined in buffer.h:
-typedef struct buf_mem_st
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
-'length' is the current size of the buffer in bytes, 'max' is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
-This allocates a new buffer of zero size. Returns the buffer or NULL on error.
-void BUF_MEM_free(BUF_MEM *a)
-This frees up an already existing buffer. The data is zeroed before freeing
-up in case the buffer contains sensitive data.
-int BUF_MEM_grow(BUF_MEM *str, int len)
-This changes the size of an already existing buffer. It returns zero on error
-or the new size (i.e. 'len'). Any data already in the buffer is preserved if
-it increases in size.
-char * BUF_strdup(char *str)
-This is the previously mentioned strdup function: like the standard library
-strdup() it copies a null terminated string into a block of allocated memory
-and returns a pointer to the allocated block.
+ OpenSSL X509V3 extension configuration
+ X509V3 Extension code: programmers guide
+ PKCS#12 Library
-Unlike the standard C library strdup() this function uses Malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
-The memory allocated from BUF_strdup() should be freed up using the Free()
OpenSSL X509V3 extension configuration
@@ -188,7 +147,7 @@ email.1=steve@here
This is because the configuration file code cannot handle the same name
-occurring twice in the same extension.
+occurring twice in the same section.
The syntax of raw extensions is governed by the extension code: it can
for example contain data in multiple sections. The correct syntax to
@@ -315,6 +274,41 @@ TRUE. An end user certificate MUST NOT have the CA value set to true.
According to PKIX recommendations it should exclude the extension entirely,
however some software may require CA set to FALSE for end entity certificates.
+Extended Key Usage.
+This extensions consists of a list of usages.
+These can either be object short names of the dotted numerical form of OIDs.
+While any OID can be used only certain values make sense. In particular the
+following PKIX, NS and MS values are meaningful:
+Value Meaning
+----- -------
+serverAuth SSL/TLS Web Server Authentication.
+clientAuth SSL/TLS Web Client Authentication.
+codeSigning Code signing.
+emailProtection E-mail Protection (S/MIME).
+timeStamping Trusted Timestamping
+msCodeInd Microsoft Individual Code Signing (authenticode)
+msCodeCom Microsoft Commercial Code Signing (authenticode)
+msCTLSign Microsoft Trust List Signing
+msSGC Microsoft Server Gated Crypto
+msEFS Microsoft Encrypted File System
+nsSGC Netscape Server Gated Crypto
+For example, under IE5 a CA can be used for any purpose: by including a list
+of the above usages the CA can be restricted to only authorised uses.
+Note: software packages may place additional interpretations on certificate
+use, in particular some usages may only work for selected CAs. Don't for example
+expect just including msSGC or nsSGC will automatically mean that a certificate
+can be used for SGC ("step up" encryption) otherwise anyone could use it.
Subject Key Identifier.
This is really a string extension and can take two possible values. Either
@@ -459,16 +453,16 @@ extension in a human or machine readable form.
1. Initialisation and cleanup.
-This function should be called before any other extension code. It adds support
-for some common PKIX and Netscape extensions. Additional custom extensions can
-be added as well (see later).
+No special initialisation is needed before calling the extension functions.
+You used to have to call X509V3_add_standard_extensions(); but this is no longer
+required and this function no longer does anything.
void X509V3_EXT_cleanup(void);
-This function should be called last to cleanup the extension code. After this
-call no other extension calls should be made.
+This function should be called to cleanup the extension code if any custom
+extensions have been added. If no custom extensions have been added then this
+call does nothing. After this call all custom extension code is freed up but
+you can still use the standard extensions.
2. Printing and parsing extensions.
@@ -512,7 +506,7 @@ or CRL is due to be signed. Both return 0 on error on non zero for success.
In each case 'conf' is the LHASH pointer of the configuration file to use
and 'section' is the section containing the extension details.
-See the 'context functions' section for a description of the ctx paramater.
+See the 'context functions' section for a description of the ctx parameter.
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
@@ -531,7 +525,7 @@ takes the NID of the extension rather than its name.
For example to produce basicConstraints with the CA flag and a path length of
-x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
@@ -659,7 +653,7 @@ The same as above but for an unsigned character value.
int X509V3_add_value_bool(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
-This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'
+This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
@@ -686,7 +680,7 @@ Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
or return a STACK_OF(CONF_VALUE).
Raw extensions are just passed a BIO or a value and it is the extensions
-responsiblity to handle all the necessary printing.
+responsibility to handle all the necessary printing.
There are two ways to add an extension. One is simply as an alias to an already
existing extension. An alias is an extension that is identical in ASN1 structure
@@ -811,7 +805,7 @@ int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
This function is passed the internal extension structure in the ext parameter
and sends out a human readable version of the extension to out. The 'indent'
-paremeter should be noted to determine the necessary amount of indentation
+parameter should be noted to determine the necessary amount of indentation
needed on the output.
void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
@@ -882,7 +876,7 @@ d2i_PKCS12_fp(fp, p12)
This is the same but for a FILE pointer.
-3. Parsing and creation functions.
+3. High level functions.
3.1 Parsing with PKCS12_parse().
@@ -920,6 +914,14 @@ p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
i2d_PKCS12_fp(fp, p12);
+3.3 Changing a PKCS#12 structure password.
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+This changes the password of an already existing PKCS#12 structure. oldpass
+is the old password and newpass is the new one. An error occurs if the old
+password is incorrect.
In some cases the high level functions do not provide the necessary
diff --git a/crypto/openssl/doc/ssl/SSL_get_error.pod b/crypto/openssl/doc/ssl/SSL_get_error.pod
new file mode 100644
index 0000000..9cacded
--- /dev/null
+++ b/crypto/openssl/doc/ssl/SSL_get_error.pod
@@ -0,0 +1,91 @@
+=head1 NAME
+SSL_get_error - obtain result code for SSL I/O operation
+=head1 SYNOPSIS
+ #include <openssl/ssl.h>
+ int SSL_get_error(SSL *ssl, int ret);
+SSL_get_error() returns a result code (suitable for the C "switch"
+statement) for a preceding call to SSL_connect(), SSL_accept(),
+SSL_read(), or SSL_write() on B<ssl>. The value returned by that
+SSL I/O function must be passed to SSL_get_error() in parameter
+In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
+current thread's OpenSSL error queue. Thus, SSL_get_error() must be
+used in the same thread that performed the SSL I/O operation, and no
+other OpenSSL function calls should appear in between. The current
+thread's error queue must be empty before the SSL I/O operation is
+attempted, or SSL_get_error() will not work reliably.
+The following return values can currently occur:
+=over 4
+The SSL I/O operation completed. This result code is returned
+if and only if B<ret E<gt> 0>.
+The SSL connection has been closed. If the protocol version is SSL 3.0
+or TLS 1.0, this result code is returned only if a closure
+alerts has occurred in the protocol, i.e. if the connection has been
+closed cleanly.
+The operation did not complete; the same SSL I/O function should be
+called again later. There will be protocol progress if, by then, the
+underlying B<BIO> has data available for reading (if the result code is
+B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>).
+For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that
+select() or poll() on the underlying socket can be used to find out
+when the SSL I/O function should be retried.
+Caveat: Any SSL I/O function can lead to either of
+may want to write data and SSL_write() may want to read data.
+The operation did not complete because an application callback set by
+SSL_CTX_set_client_cert_cb() has asked to be called again.
+The SSL I/O function should be called again later.
+Details depend on the application.
+Some I/O error occurred. The OpenSSL error queue may contain more
+information on the error. If the error queue is empty
+(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
+about the error: If B<ret == 0>, an EOF was observed that violates
+the protocol. If B<ret == -1>, the underlying B<BIO> reported an
+I/O error (for socket I/O on Unix systems, consult B<errno> for details).
+A failure in the SSL library occurred, usually a protocol error. The
+OpenSSL error queue contains more information on the error.
+=head1 SEE ALSO
+L<ssl(3)|ssl(3)>, L<err(3)|err(3)>
+=head1 HISTORY
+SSL_get_error() was added in SSLeay 0.8.
diff --git a/crypto/openssl/doc/ssl/ssl.pod b/crypto/openssl/doc/ssl/ssl.pod
new file mode 100644
index 0000000..e538766
--- /dev/null
+++ b/crypto/openssl/doc/ssl/ssl.pod
@@ -0,0 +1,634 @@
+=head1 NAME
+SSL - OpenSSL SSL/TLS library
+=head1 SYNOPSIS
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+Currently the OpenSSL B<ssl> library provides the following C header files
+containing the prototypes for the data structures and and functions:
+=over 4
+=item B<ssl.h>
+That's the common header file for the SSL/TLS API. Include it into your
+program to make the API of the B<ssl> library available. It internally
+includes both more private SSL headers and headers from the B<crypto> library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+=item B<ssl2.h>
+That's the sub header file dealing with the SSLv2 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+=item B<ssl3.h>
+That's the sub header file dealing with the SSLv3 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+=item B<ssl23.h>
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+=item B<tls1.h>
+That's the sub header file dealing with the TLSv1 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+Currently the OpenSSL B<ssl> library functions deals with the following data
+=over 4
+=item B<SSL_METHOD> (SSL Method)
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B<SSL_CTX>.
+=item B<SSL_CIPHER> (SSL Cipher)
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+=item B<SSL_CTX> (SSL Context)
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+=item B<SSL_SESSION> (SSL Session)
+This is a structure containing the current SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+=item B<SSL> (SSL Connection)
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+Currently the OpenSSL B<ssl> library exports 214 API functions.
+They are documented in the following:
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B<SSL_METHOD> structures.
+=over 4
+=item SSL_METHOD *B<SSLv2_client_method>(void);
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+=item SSL_METHOD *B<SSLv2_server_method>(void);
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+=item SSL_METHOD *B<SSLv2_method>(void);
+Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+=item SSL_METHOD *B<SSLv3_client_method>(void);
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+=item SSL_METHOD *B<SSLv3_server_method>(void);
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+=item SSL_METHOD *B<SSLv3_method>(void);
+Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+=item SSL_METHOD *B<TLSv1_client_method>(void);
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+=item SSL_METHOD *B<TLSv1_server_method>(void);
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+=item SSL_METHOD *B<TLSv1_method>(void);
+Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B<SSL_CIPHER> structures.
+=over 4
+=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+Write a string to I<buf> (with a maximum size of I<len>) containing a human
+readable description of I<cipher>. Returns I<buf>.
+=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+Determine the number of bits in I<cipher>. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I<alg_bits>) and the bits which are actually used (the return value).
+=item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+Return the internal name of I<cipher> as a string. These are the various
+strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+definitions in the header files.
+=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+in the specification the first time).
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B<SSL_CTX> structure.
+=over 4
+=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+=item void B<SSL_CTX_free>(SSL_CTX *a);
+=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+=item SSL_CTX_set_tmp_rsa_callback
+C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+Sets the callback which will be called when a temporary private key is
+required. The B<C<export>> flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+B<C<keylength>> will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+=item SSL_set_tmp_rsa_callback
+long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+session instead of a context.
+=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B<SSL_SESSION> structures.
+=over 4
+=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+=item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+=item SSL_SESSION *B<SSL_SESSION_new>(void);
+=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B<SSL> structure.
+=over 4
+=item int B<SSL_accept>(SSL *ssl);
+=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+=item char *B<SSL_alert_desc_string>(int value);
+=item char *B<SSL_alert_desc_string_long>(int value);
+=item char *B<SSL_alert_type_string>(int value);
+=item char *B<SSL_alert_type_string_long>(int value);
+=item int B<SSL_check_private_key>(SSL *ssl);
+=item void B<SSL_clear>(SSL *ssl);
+=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+=item int B<SSL_connect>(SSL *ssl);
+=item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+=item int B<SSL_do_handshake>(SSL *ssl);
+=item SSL *B<SSL_dup>(SSL *ssl);
+=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+=item void B<SSL_free>(SSL *ssl);
+=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+=item char *B<SSL_get_app_data>(SSL *ssl);
+=item X509 *B<SSL_get_certificate>(SSL *ssl);
+=item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl);
+=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+=item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+=item char *B<SSL_get_cipher_name>(SSL *ssl);
+=item char *B<SSL_get_cipher_version>(SSL *ssl);
+=item STACK *B<SSL_get_ciphers>(SSL *ssl);
+=item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+=item long B<SSL_get_default_timeout>(SSL *ssl);
+=item int B<SSL_get_error>(SSL *ssl, int i);
+=item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+=item int B<SSL_get_fd>(SSL *ssl);
+=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+=item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+=item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+=item BIO *B<SSL_get_rbio>(SSL *ssl);
+=item int B<SSL_get_read_ahead>(SSL *ssl);
+=item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+=item int B<SSL_get_shutdown>(SSL *ssl);
+=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+=item int B<SSL_get_state>(SSL *ssl);
+=item long B<SSL_get_time>(SSL *ssl);
+=item long B<SSL_get_timeout>(SSL *ssl);
+=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+=item int B<SSL_get_verify_mode>(SSL *ssl);
+=item long B<SSL_get_verify_result>(SSL *ssl);
+=item char *B<SSL_get_version>(SSL *ssl);
+=item BIO *B<SSL_get_wbio>(SSL *ssl);
+=item int B<SSL_in_accept_init>(SSL *ssl);
+=item int B<SSL_in_before>(SSL *ssl);
+=item int B<SSL_in_connect_init>(SSL *ssl);
+=item int B<SSL_in_init>(SSL *ssl);
+=item int B<SSL_is_init_finished>(SSL *ssl);
+=item STACK *B<SSL_load_client_CA_file>(char *file);
+=item void B<SSL_load_error_strings>(void);
+=item SSL *B<SSL_new>(SSL_CTX *ctx);
+=item long B<SSL_num_renegotiations>(SSL *ssl);
+=item int B<SSL_peek>(SSL *ssl, char *buf, int num);
+=item int B<SSL_pending>(SSL *ssl);
+=item int B<SSL_read>(SSL *ssl, char *buf, int num);
+=item int B<SSL_renegotiate>(SSL *ssl);
+=item char *B<SSL_rstate_string>(SSL *ssl);
+=item char *B<SSL_rstate_string_long>(SSL *ssl);
+=item long B<SSL_session_reused>(SSL *ssl);
+=item void B<SSL_set_accept_state>(SSL *ssl);
+=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+=item void B<SSL_set_connect_state>(SSL *ssl);
+=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+=item int B<SSL_set_fd>(SSL *ssl, int fd);
+=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+=item void B<SSL_set_time>(SSL *ssl, long t);
+=item void B<SSL_set_timeout>(SSL *ssl, long t);
+=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+=item int B<SSL_shutdown>(SSL *ssl);
+=item int B<SSL_state>(SSL *ssl);
+=item char *B<SSL_state_string>(SSL *ssl);
+=item char *B<SSL_state_string_long>(SSL *ssl);
+=item long B<SSL_total_renegotiations>(SSL *ssl);
+=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+=item int B<SSL_version>(SSL *ssl);
+=item int B<SSL_want>(SSL *ssl);
+=item int B<SSL_want_nothing>(SSL *ssl);
+=item int B<SSL_want_read>(SSL *ssl);
+=item int B<SSL_want_write>(SSL *ssl);
+=item int B<SSL_want_x509_lookup>(s);
+=item int B<SSL_write>(SSL *ssl, char *buf, int num);
+=head1 SEE ALSO
+L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
+=head1 HISTORY
+The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
diff --git a/crypto/openssl/doc/ssleay.txt b/crypto/openssl/doc/ssleay.txt
index 094e28c..3e964c2 100644
--- a/crypto/openssl/doc/ssleay.txt
+++ b/crypto/openssl/doc/ssleay.txt
@@ -6710,8 +6710,8 @@ CRYPTO_set_locking_callback(locking_function);
before any multithreading is started.
id_function does not need to be defined under Windows NT or 95, the
correct function will be called if it is not. Under unix, getpid()
-is call if the id_callback is not defined, for solaris this is wrong
-(since threads id's are not pid's) but under IRIX it is correct
+is call if the id_callback is not defined, for Solaris this is wrong
+(since threads id's are not pid's) but under Linux it is correct
(threads are just processes sharing the data segement).
The locking_callback is used to perform locking by the SSLeay library.
OpenPOWER on IntegriCloud